Fix issue with utf-8 in wikiname breaking session cookies, by entity-encoding the wikiname in the session cookie.

master
Joey Hess 2008-10-19 21:07:12 -04:00
parent fd9393ef85
commit 3e992b758b
3 changed files with 10 additions and 2 deletions

View File

@ -278,9 +278,9 @@ sub check_banned ($$) { #{{{
sub cgi_getsession ($) { #{{{ sub cgi_getsession ($) { #{{{
my $q=shift; my $q=shift;
eval q{use CGI::Session}; eval q{use CGI::Session; use HTML::Entities};
error($@) if $@; error($@) if $@;
CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname})); CGI::Session->name("ikiwiki_session_".encode_entities($config{wikiname}));
my $oldmask=umask(077); my $oldmask=umask(077);
my $session = eval { my $session = eval {

2
debian/changelog vendored
View File

@ -12,6 +12,8 @@ ikiwiki (2.68) UNRELEASED; urgency=low
* Plugins that used to override displaytime should instead override * Plugins that used to override displaytime should instead override
formattime. displaytime will call that, and may wrap markup around the formattime. displaytime will call that, and may wrap markup around the
formatted time. formatted time.
* Fix issue with utf-8 in wikiname breaking session cookies, by
entity-encoding the wikiname in the session cookie.
-- Joey Hess <joeyh@debian.org> Fri, 17 Oct 2008 20:11:02 -0400 -- Joey Hess <joeyh@debian.org> Fri, 17 Oct 2008 20:11:02 -0400

View File

@ -5,4 +5,10 @@ Inspecting the cookie information (thanks to Iceweasel's webdeveloper add-on), I
Replacing "·" with "-" in `wikiname` fixed this login issue. Replacing "·" with "-" in `wikiname` fixed this login issue.
> Hmm, Recai sent me a patch a long time ago to handle utf-8 here by encoding
> the wikiname. But it doesn't seem to work, somehow the encoded utf-8
> value still doesn't make it through. (CGI::Session seems to have underermined utf-8
> issues too.) Seems like I will have to possibly break some sessions and
> entity-encode the wikiname in the cookie.. done. --[[Joey]]
(BTW, such a char was replaced by -I don't remember what encoding thingie- in my setup file, when running `ikiwiki-transition setupformat`.) (BTW, such a char was replaced by -I don't remember what encoding thingie- in my setup file, when running `ikiwiki-transition setupformat`.)