cloak user PII when making commits etc, and let cloaked PII be used in banned_users

This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.

(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)

Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum

1 files changed, 6 insertions, 3 deletions

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index d801c72a0..1763828a4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -336,16 +336,19 @@ sub check_banned ($$) {
 
 	my $banned=0;
 	my $name=$session->param("name");
+	my $cloak=cloak($name) if defined $name;
 	if (defined $name && 
-	    grep { $name eq $_ } @{$config{banned_users}}) {
+	    grep { $name eq $_ || $cloak eq $_ } @{$config{banned_users}}) {
 		$banned=1;
 	}
 
 	foreach my $b (@{$config{banned_users}}) {
 		if (pagespec_match("", $b,
 			ip => $session->remote_addr(),
-			name => defined $name ? $name : "",
-		)) {
+			name => defined $name ? $name : "")
+		   || pagespec_match("", $b,
+		   	ip => cloak($session->remote_addr()),
+			name => defined $cloak ? $cloak : "")) {
 			$banned=1;
 			last;
 		}