diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-29 02:14:55 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-29 02:14:55 +0000 |
| commit | 0a95ac2144de8552eeebabd6467bf25969352240 (patch) | |
| tree | ec0649770fcab8c13d33d534af91db29840f4de0 /IkiWiki/CGI.pm | |
| parent | f6b33b87721b54f7947be87296fc583564331f9e (diff) | |
| download | ikiwiki-0a95ac2144de8552eeebabd6467bf25969352240.tar ikiwiki-0a95ac2144de8552eeebabd6467bf25969352240.tar.gz | |
Improved handling of wikilinks containing characters that are not allowed
in filenames. Now converts to valid filenames automatically.
Note, need to --refresh your wiki after updating to this version, if you
use any pages with __nn__ in their names.
Diffstat (limited to 'IkiWiki/CGI.pm')
| -rw-r--r-- | IkiWiki/CGI.pm | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index fb4fd4475..7c12bee5b 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -294,8 +294,10 @@ sub cgi_editpage ($$) { #{{{ ); my @buttons=("Save Page", "Preview", "Cancel"); - my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/; - if (! defined $page || ! length $page || $page ne $q->param('page') || + # This untaint is safe because titlepage removes any problimatic + # characters. + my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page')))); + if (! defined $page || ! length $page || $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) { error("bad page name"); } @@ -364,7 +366,7 @@ sub cgi_editpage ($$) { #{{{ my $dir=$from."/"; $dir=~s![^/]+/$!!; - if (length $form->param('subpage') || + if ((defined $form->param('subpage') && length $form->param('subpage')) || $page eq 'discussion') { $best_loc="$from/$page"; } @@ -511,12 +513,8 @@ sub cgi () { #{{{ cgi_prefs($q, $session); } elsif ($do eq 'blog') { - # munge page name to be valid, no matter what freeform text - # is entered - my $page=lc($q->param('title')); - $page=~y/ /_/; - $page=~s/([^-A-Za-z0-9_:+\/])/"__".ord($1)."__"/eg; - # if the page already exist, munge it to be unique + my $page=titlepage(lc($q->param('title'))); + # if the page already exists, munge it to be unique my $from=$q->param('from'); my $add=""; while (exists $oldpagemtime{"$from/$page$add"}) { |