X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/49524c429e8dec4e18a81dfcfbbc93cbd1da32c3..2a16e15122574cca9c5b52ccfc46a022a71e25dc:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index b540a7b37..b47c8e803 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -28,6 +28,8 @@ sub page_locked ($$;$) { #{{{
 sub cgi_recentchanges ($) { #{{{
 	my $q=shift;
 	
+	unlockwiki();
+
 	my $template=HTML::Template->new(
 		filename => "$config{templatedir}/recentchanges.tmpl"
 	);
@@ -36,6 +38,7 @@ sub cgi_recentchanges ($) { #{{{
 		indexlink => indexlink(),
 		wikiname => $config{wikiname},
 		changelog => [rcs_recentchanges(100)],
+		styleurl => styleurl(),
 	);
 	print $q->header, $template->output;
 } #}}}
@@ -47,7 +50,7 @@ sub cgi_signin ($$) { #{{{
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do page from name password confirm_password email)],
+		fields => [qw(do title page subpage from name password confirm_password email)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -62,13 +65,16 @@ sub cgi_signin ($$) { #{{{
 		action => $q->request_uri,
 		header => 0,
 		template => (-e "$config{templatedir}/signin.tmpl" ?
-		              "$config{templatedir}/signin.tmpl" : "")
+		              "$config{templatedir}/signin.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	
 	$form->field(name => "name", required => 0);
 	$form->field(name => "do", type => "hidden");
 	$form->field(name => "page", type => "hidden");
+	$form->field(name => "title", type => "hidden");
 	$form->field(name => "from", type => "hidden");
+	$form->field(name => "subpage", type => "hidden");
 	$form->field(name => "password", type => "password", required => 0);
 	$form->field(name => "confirm_password", type => "password", required => 0);
 	$form->field(name => "email", required => 0);
@@ -140,10 +146,13 @@ sub cgi_signin ($$) { #{{{
 			$session->param("name", $form->field("name"));
 			if (defined $form->field("do") && 
 			    $form->field("do") ne 'signin') {
-				print $q->redirect(
-					"$config{cgiurl}?do=".$form->field("do").
-					"&page=".$form->field("page").
-					"&from=".$form->field("from"));;
+				print $q->redirect(cgiurl(
+					do => $form->field("do"),
+					page => $form->field("page"),
+					title => $form->field("title"),
+					subpage => $form->field("subpage"),
+					from => $form->field("from"),
+				));
 			}
 			else {
 				print $q->redirect($config{url});
@@ -221,7 +230,8 @@ sub cgi_prefs ($$) { #{{{
 		params => $q,
 		action => $q->request_uri,
 		template => (-e "$config{templatedir}/prefs.tmpl" ?
-		              "$config{templatedir}/prefs.tmpl" : "")
+		              "$config{templatedir}/prefs.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	my @buttons=("Save Preferences", "Logout", "Cancel");
 	
@@ -273,7 +283,7 @@ sub cgi_editpage ($$) { #{{{
 
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
-		fields => [qw(do rcsinfo from page content comments)],
+		fields => [qw(do rcsinfo subpage from page content comments)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -288,23 +298,28 @@ sub cgi_editpage ($$) { #{{{
 	);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-	if (! defined $page || ! length $page || $page ne $q->param('page') ||
+	# This untaint is safe because titlepage removes any problimatic
+	# characters.
+	my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+	if (! defined $page || ! length $page ||
 	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
 		error("bad page name");
 	}
 	$page=lc($page);
 	
 	my $file=$page.$config{default_pageext};
-	my $newfile=1;
 	if (exists $pagesources{lc($page)}) {
 		$file=$pagesources{lc($page)};
-		$newfile=0;
+	}
+	my $newfile=0;
+	if (! -e "$config{srcdir}/$file") {
+		$newfile=1;
 	}
 
 	$form->field(name => "do", type => 'hidden');
 	$form->field(name => "from", type => 'hidden');
 	$form->field(name => "rcsinfo", type => 'hidden');
+	$form->field(name => "subpage", type => 'hidden');
 	$form->field(name => "page", value => "$page", force => 1);
 	$form->field(name => "comments", type => "text", size => 80);
 	$form->field(name => "content", type => "textarea", rows => 20,
@@ -313,6 +328,7 @@ sub cgi_editpage ($$) { #{{{
 	$form->tmpl_param("indexlink", indexlink());
 	$form->tmpl_param("helponformattinglink",
 		htmllink("", "HelpOnFormatting", 1));
+	$form->tmpl_param("styleurl", styleurl());
 	if (! $form->submitted) {
 		$form->field(name => "rcsinfo", value => rcs_prepedit($file),
 			force => 1);
@@ -348,14 +364,17 @@ sub cgi_editpage ($$) { #{{{
 			my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
 			if (! defined $from || ! length $from ||
 			    $from ne $form->param('from') ||
-			    $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) {
+			    $from=~/$config{wiki_file_prune_regexp}/ ||
+			    $from=~/^\// ||
+			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
 			}
 			else {
 				my $dir=$from."/";
 				$dir=~s![^/]+/$!!;
 				
-				if ($page eq 'discussion') {
+				if ((defined $form->param('subpage') && length $form->param('subpage')) ||
+				    $page eq 'discussion') {
 					$best_loc="$from/$page";
 				}
 				else {
@@ -378,7 +397,7 @@ sub cgi_editpage ($$) { #{{{
 			$form->tmpl_param("page_select", 1);
 			$form->field(name => "page", type => 'select',
 				options => \@page_locs, value => $best_loc);
-			$form->title("creating $page");
+			$form->title("creating ".pagetitle($page));
 		}
 		elsif ($form->field("do") eq "edit") {
 			page_locked($page, $session);
@@ -386,7 +405,7 @@ sub cgi_editpage ($$) { #{{{
 			    ! length $form->field('content')) {
 				my $content="";
 				if (exists $pagesources{lc($page)}) {
-					$content=readfile("$config{srcdir}/$pagesources{lc($page)}");
+					$content=readfile(srcfile($pagesources{lc($page)}));
 					$content=~s/\n/\r\n/g;
 				}
 				$form->field(name => "content", value => $content,
@@ -394,7 +413,7 @@ sub cgi_editpage ($$) { #{{{
 			}
 			$form->tmpl_param("page_select", 0);
 			$form->field(name => "page", type => 'hidden');
-			$form->title("editing $page");
+			$form->title("editing ".pagetitle($page));
 		}
 		
 		print $form->render(submit => \@buttons);
@@ -472,26 +491,9 @@ sub cgi () { #{{{
 		cgi_recentchanges($q);
 		return;
 	}
-	elsif ($do eq 'blog') {
-		# munge page name to be valid, no matter what freeform text
-		# is entered
-		my $page=$q->param('title');
-		$page=~y/ /_/;
-		$page=~s/([^-A-Za-z0-9_.:+])/"__".ord($1)."__"/eg;
-		# if the page already exist, munge it to be unique
-		my $from=$q->param('from');
-		my $add="";
-		while (exists $pagectime{"$from/$page$add"}) {
-			$add=1 unless length $add;
-			$add++;
-		}
-		$q->param('page', $page.$add);
-		$q->param('do', 'create');
-		# now it behaves same as create does
-	}
 	
-	CGI::Session->name("ikiwiki_session");
-
+	CGI::Session->name("ikiwiki_session_$config{wikiname}");
+	
 	my $oldmask=umask(077);
 	my $session = CGI::Session->new("driver:db_file", $q,
 		{ FileName => "$config{wikistatedir}/sessions.db" });
@@ -517,6 +519,20 @@ sub cgi () { #{{{
 	elsif ($do eq 'prefs') {
 		cgi_prefs($q, $session);
 	}
+	elsif ($do eq 'blog') {
+		my $page=titlepage(lc($q->param('title')));
+		# if the page already exists, munge it to be unique
+		my $from=$q->param('from');
+		my $add="";
+		while (exists $oldpagemtime{"$from/$page$add"}) {
+			$add=1 unless length $add;
+			$add++;
+		}
+		$q->param('page', $page.$add);
+		# now run same as create
+		$q->param('do', 'create');
+		cgi_editpage($q, $session);
+	}
 	else {
 		error("unknown do parameter");
 	}