aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki/CGI.pm
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-08-27 20:25:05 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-08-27 20:25:05 +0000
commit4ad7c9d6257ca106b2949d22f6300823190991a0 (patch)
tree9752444cfa70b40ab32627e3feb44781e56f2771 /IkiWiki/CGI.pm
parent3ad4d93e33284ad6d51d2fa5f9abf1943b894d48 (diff)
downloadikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar
ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar.gz
* Patch from James Westby to add a --sslcookie switch, which forces
cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page.
Diffstat (limited to 'IkiWiki/CGI.pm')
-rw-r--r--IkiWiki/CGI.pm24
1 files changed, 18 insertions, 6 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 120e2fdee..8e0339dc5 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -9,6 +9,18 @@ use Encode;
package IkiWiki;
+sub printheader ($) { #{{{
+ my $session=shift;
+
+ if ($config{sslcookie}) {
+ print $session->header(-charset => 'utf-8',
+ -cookie => $session->cookie(-secure => 1));
+ } else {
+ print $session->header(-charset => 'utf-8');
+ }
+
+} #}}}
+
sub redirect ($$) { #{{{
my $q=shift;
my $url=shift;
@@ -72,7 +84,7 @@ sub cgi_recentchanges ($) { #{{{
changelog => [rcs_recentchanges(100)],
baseurl => baseurl(),
);
- print $q->header(-charset=>'utf-8'), $template->output;
+ print $q->header(-charset => 'utf-8'), $template->output;
} #}}}
sub cgi_signin ($$) { #{{{
@@ -204,7 +216,7 @@ sub cgi_signin ($$) { #{{{
$form->field(name => "confirm_password", type => "hidden");
$form->field(name => "email", type => "hidden");
$form->text("Registration successful. Now you can Login.");
- print $session->header(-charset=>'utf-8');
+ printheader($session);
print misctemplate($form->title, $form->render(submit => ["Login"]));
}
else {
@@ -232,12 +244,12 @@ sub cgi_signin ($$) { #{{{
$form->text("Your password has been emailed to you.");
$form->field(name => "name", required => 0);
- print $session->header(-charset=>'utf-8');
+ printheader($session);
print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
}
}
else {
- print $session->header(-charset=>'utf-8');
+ printheader($session);
print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
}
} #}}}
@@ -314,7 +326,7 @@ sub cgi_prefs ($$) { #{{{
$form->text("Preferences saved.");
}
- print $session->header(-charset=>'utf-8');
+ printheader($session);
print misctemplate($form->title, $form->render(submit => \@buttons));
} #}}}
@@ -596,7 +608,7 @@ sub cgi () { #{{{
umask($oldmask);
# Everything below this point needs the user to be signed in.
- if ((! $config{anonok} &&
+ if (((! $config{anonok} || $do eq 'prefs') &&
(! defined $session->param("name") ||
! userinfo_get($session->param("name"), "regdate"))) || $do eq 'signin') {
cgi_signin($q, $session);