X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/384327bfd0b3b0362a61f30f81b06895238ee360..e41dd1e24e345c974fe4a070088f0d09d1b6ddac:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 4a16856ec..52da67b9a 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -28,6 +28,8 @@ sub page_locked ($$;$) { #{{{
 sub cgi_recentchanges ($) { #{{{
 	my $q=shift;
 	
+	unlockwiki();
+
 	my $template=HTML::Template->new(
 		filename => "$config{templatedir}/recentchanges.tmpl"
 	);
@@ -47,7 +49,7 @@ sub cgi_signin ($$) { #{{{
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do page from name password confirm_password email)],
+		fields => [qw(do title page subpage from name password confirm_password email)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -68,7 +70,9 @@ sub cgi_signin ($$) { #{{{
 	$form->field(name => "name", required => 0);
 	$form->field(name => "do", type => "hidden");
 	$form->field(name => "page", type => "hidden");
+	$form->field(name => "title", type => "hidden");
 	$form->field(name => "from", type => "hidden");
+	$form->field(name => "subpage", type => "hidden");
 	$form->field(name => "password", type => "password", required => 0);
 	$form->field(name => "confirm_password", type => "password", required => 0);
 	$form->field(name => "email", required => 0);
@@ -140,10 +144,13 @@ sub cgi_signin ($$) { #{{{
 			$session->param("name", $form->field("name"));
 			if (defined $form->field("do") && 
 			    $form->field("do") ne 'signin') {
-				print $q->redirect(
-					"$config{cgiurl}?do=".$form->field("do").
-					"&page=".$form->field("page").
-					"&from=".$form->field("from"));;
+				print $q->redirect(cgiurl(
+					do => $form->field("do"),
+					page => $form->field("page"),
+					title => $form->field("title"),
+					subpage => $form->field("subpage"),
+					from => $form->field("from"),
+				));
 			}
 			else {
 				print $q->redirect($config{url});
@@ -271,11 +278,9 @@ sub cgi_editpage ($$) { #{{{
 	my $q=shift;
 	my $session=shift;
 
-	loadindex();
-	
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
-		fields => [qw(do rcsinfo from page content comments)],
+		fields => [qw(do rcsinfo subpage from page content comments)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -290,8 +295,10 @@ sub cgi_editpage ($$) { #{{{
 	);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-	if (! defined $page || ! length $page || $page ne $q->param('page') ||
+	# This untaint is safe because titlepage removes any problimatic
+	# characters.
+	my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+	if (! defined $page || ! length $page ||
 	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
 		error("bad page name");
 	}
@@ -307,6 +314,7 @@ sub cgi_editpage ($$) { #{{{
 	$form->field(name => "do", type => 'hidden');
 	$form->field(name => "from", type => 'hidden');
 	$form->field(name => "rcsinfo", type => 'hidden');
+	$form->field(name => "subpage", type => 'hidden');
 	$form->field(name => "page", value => "$page", force => 1);
 	$form->field(name => "comments", type => "text", size => 80);
 	$form->field(name => "content", type => "textarea", rows => 20,
@@ -350,14 +358,17 @@ sub cgi_editpage ($$) { #{{{
 			my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
 			if (! defined $from || ! length $from ||
 			    $from ne $form->param('from') ||
-			    $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) {
+			    $from=~/$config{wiki_file_prune_regexp}/ ||
+			    $from=~/^\// ||
+			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
 			}
 			else {
 				my $dir=$from."/";
 				$dir=~s![^/]+/$!!;
 				
-				if ($page eq 'discussion') {
+				if ((defined $form->param('subpage') && length $form->param('subpage')) ||
+				    $page eq 'discussion') {
 					$best_loc="$from/$page";
 				}
 				else {
@@ -380,7 +391,7 @@ sub cgi_editpage ($$) { #{{{
 			$form->tmpl_param("page_select", 1);
 			$form->field(name => "page", type => 'select',
 				options => \@page_locs, value => $best_loc);
-			$form->title("creating $page");
+			$form->title("creating ".pagetitle($page));
 		}
 		elsif ($form->field("do") eq "edit") {
 			page_locked($page, $session);
@@ -396,7 +407,7 @@ sub cgi_editpage ($$) { #{{{
 			}
 			$form->tmpl_param("page_select", 0);
 			$form->field(name => "page", type => 'hidden');
-			$form->title("editing $page");
+			$form->title("editing ".pagetitle($page));
 		}
 		
 		print $form->render(submit => \@buttons);
@@ -469,14 +480,14 @@ sub cgi () { #{{{
 		error("\"do\" parameter missing");
 	}
 	
-	# This does not need a session.
+	# Things that do not need a session.
 	if ($do eq 'recentchanges') {
 		cgi_recentchanges($q);
 		return;
 	}
 	
-	CGI::Session->name("ikiwiki_session");
-
+	CGI::Session->name("ikiwiki_session_$config{wikiname}");
+	
 	my $oldmask=umask(077);
 	my $session = CGI::Session->new("driver:db_file", $q,
 		{ FileName => "$config{wikistatedir}/sessions.db" });
@@ -502,6 +513,20 @@ sub cgi () { #{{{
 	elsif ($do eq 'prefs') {
 		cgi_prefs($q, $session);
 	}
+	elsif ($do eq 'blog') {
+		my $page=titlepage(lc($q->param('title')));
+		# if the page already exists, munge it to be unique
+		my $from=$q->param('from');
+		my $add="";
+		while (exists $oldpagemtime{"$from/$page$add"}) {
+			$add=1 unless length $add;
+			$add++;
+		}
+		$q->param('page', $page.$add);
+		# now run same as create
+		$q->param('do', 'create');
+		cgi_editpage($q, $session);
+	}
 	else {
 		error("unknown do parameter");
 	}