* The underscore escaping support exposed a bug in edit links: Such links

were titlepage escaped in the urls, and then doubly escaped by the CGI when editing. To fix this, I removed the titlepage escaping in the edit urls. * That means that *every edit link* on the wiki is potentially changed. Rebuilding wikis on upgrade to this version therefore necessary; enabled that in postinst.
2007-03-08 06:03:59 +00:00 · 2007-03-08 06:03:59 +00:00 · c1b698e418
parent 8430ee09e5
commit c1b698e418
8 changed files with 53 additions and 35 deletions
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@ -5,6 +5,7 @@ use warnings;
 use strict;
 use Encode;
 use HTML::Entities;
 use URI::Escape;
 use open qw{:utf8 :std};
 use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase
@ -385,7 +386,8 @@ sub linkpage ($) { #{{{
 sub cgiurl (@) { #{{{
 	my %params=@_;
-	return $config{cgiurl}."?".join("&amp;", map "$_=$params{$_}", keys %params);
+	return $config{cgiurl}."?".
 		join("&amp;", map $_."=".uri_escape($params{$_}), keys %params);
 } #}}}
 sub baseurl (;$) { #{{{
@ -453,7 +455,11 @@ sub htmllink ($$$;@) { #{{{
 	if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) {
 		return $linktext unless length $config{cgiurl};
 		return "<span><a href=\"".
-			cgiurl(do => "create", page => lc($link), from => $page).
+			cgiurl(
 				do => "create",
 				page => pagetitle(lc($link), 1),
 				from => $page
 			).
 			"\">?</a>$linktext</span>"
 	}
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@ -286,10 +286,9 @@ sub cgi_prefs ($$) { #{{{
 	}
 } #}}}
-sub cgi_editpage ($$;$) { #{{{
+sub cgi_editpage ($$) { #{{{
 	my $q=shift;
 	my $session=shift;
 	my $blogpost=shift;
 	my @fields=qw(do rcsinfo subpage from page type editcontent comments
 	              newfile);
@ -323,9 +322,6 @@ sub cgi_editpage ($$;$) { #{{{
 	# characters.
 	my ($page)=$form->field('page');
 	$page=titlepage(possibly_foolish_untaint($page));
 	if ($blogpost) {
 		$page=~s/(\/)/"__".ord($1)."__"/eg;
 	}
 	if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
 		error("bad page name");
 	}
@ -362,7 +358,7 @@ sub cgi_editpage ($$;$) { #{{{
 	$form->field(name => "from", type => 'hidden');
 	$form->field(name => "rcsinfo", type => 'hidden');
 	$form->field(name => "subpage", type => 'hidden');
-	$form->field(name => "page", value => $page, force => 1);
+	$form->field(name => "page", value => pagetitle($page, 1), force => 1);
 	$form->field(name => "type", value => $type, force => 1);
 	$form->field(name => "comments", type => "text", size => 80);
 	$form->field(name => "editcontent", type => "textarea", rows => 20,
@ -686,6 +682,7 @@ sub cgi (;$$) { #{{{
 	}
 	elsif ($do eq 'blog') {
 		my $page=decode_utf8($q->param('title'));
 		$page=~s/\///g; # no slashes in blog posts
 		# if the page already exists, munge it to be unique
 		my $from=$q->param('from');
 		my $add="";
@ -694,9 +691,9 @@ sub cgi (;$$) { #{{{
 			$add++;
 		}
 		$q->param('page', $page.$add);
-		# now run same as create, except escape slashes too
+		# now run same as create
 		$q->param('do', 'create');
-		cgi_editpage($q, $session, 1);
+		cgi_editpage($q, $session);
 	}
 	elsif ($do eq 'postsignin') {
 		error(gettext("login failed, perhaps you need to turn on cookies?"));
--- a/IkiWiki/Plugin/inline.pm
+++ b/IkiWiki/Plugin/inline.pm
@ -184,7 +184,7 @@ sub preprocess_inline (@) { #{{{
 				}
 				if (length $config{cgiurl} && defined $type) {
 					$template->param(have_actions => 1);
-					$template->param(editurl => cgiurl(do => "edit", page => $page));
+					$template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
 				}
 			}
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@ -79,7 +79,7 @@ sub genpage ($$$) { #{{{
 	my $actions=0;
 	if (length $config{cgiurl}) {
-		$template->param(editurl => cgiurl(do => "edit", page => $page));
+		$template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
 		$template->param(prefsurl => cgiurl(do => "prefs"));
 		if ($config{rcs}) {
 			$template->param(recentchangesurl => cgiurl(do => "recentchanges"));
--- a/debian/NEWS
+++ b/debian/NEWS
@ -1,3 +1,11 @@
 ikiwiki (1.45) unstable; urgency=low
  Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
  in /etc/ikiwiki/wikilist this will be done automatically when the Debian
  package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
 -- Joey Hess <joeyh@debian.org>  Wed,  7 Mar 2007 23:02:52 -0500
 ikiwiki (1.44) unstable; urgency=low
  The htmllink() function has changed slightly and plugins that use it may
--- a/debian/changelog
+++ b/debian/changelog
@ -18,8 +18,15 @@ ikiwiki (1.45) UNRELEASED; urgency=low
  * Fix some nasty issues with page name escaping during previewing
    (introduced in 1.44).
  * Add a table plugin, derived from the one written by Victor Moral.
  * The underscore escaping support exposed a bug in edit links: Such links
    were titlepage escaped in the urls, and then doubly escaped by the CGI
    when editing. To fix this, I removed the titlepage escaping in the edit
    urls.
  * That means that *every edit link* on the wiki is potentially changed.
    Rebuilding wikis on upgrade to this version therefore necessary; enabled
    that in postinst.
- -- Joey Hess <joeyh@debian.org>  Wed,  7 Mar 2007 06:26:51 -0500
+ -- Joey Hess <joeyh@debian.org>  Wed,  7 Mar 2007 22:58:52 -0500
 ikiwiki (1.44) unstable; urgency=low
--- a/debian/postinst
+++ b/debian/postinst
@ -4,7 +4,7 @@ set -e
 # Change this when some incompatible change is made that requires
 # rebuilding all wikis.
-firstcompat=1.29
+firstcompat=1.45
 if [ "$1" = configure ] && \
   dpkg --compare-versions "$2" lt "$firstcompat"; then
--- a/po/ikiwiki.pot
+++ b/po/ikiwiki.pot
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-03-07 07:04-0500\n"
+"POT-Creation-Date: 2007-03-08 00:56-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -24,33 +24,33 @@ msgstr ""
 msgid "Preferences saved."
 msgstr ""
-#: ../IkiWiki/CGI.pm:344
+#: ../IkiWiki/CGI.pm:340
 #, perl-format
 msgid "%s is not an editable page"
 msgstr ""
-#: ../IkiWiki/CGI.pm:431 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:427 ../IkiWiki/Plugin/brokenlinks.pm:24
 #: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17
 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
 #: ../IkiWiki/Render.pm:165
 msgid "discussion"
 msgstr ""
-#: ../IkiWiki/CGI.pm:477
+#: ../IkiWiki/CGI.pm:473
 #, perl-format
 msgid "creating %s"
 msgstr ""
-#: ../IkiWiki/CGI.pm:494 ../IkiWiki/CGI.pm:530 ../IkiWiki/CGI.pm:574
+#: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:526 ../IkiWiki/CGI.pm:570
 #, perl-format
 msgid "editing %s"
 msgstr ""
-#: ../IkiWiki/CGI.pm:671
+#: ../IkiWiki/CGI.pm:667
 msgid "You are banned."
 msgstr ""
-#: ../IkiWiki/CGI.pm:702
+#: ../IkiWiki/CGI.pm:699
 msgid "login failed, perhaps you need to turn on cookies?"
 msgstr ""
@ -363,23 +363,23 @@ msgstr ""
 msgid "failed to run php"
 msgstr ""
-#: ../IkiWiki/Plugin/table.pm:34
+#: ../IkiWiki/Plugin/table.pm:22
 msgid "cannot find file"
 msgstr ""
-#: ../IkiWiki/Plugin/table.pm:59
+#: ../IkiWiki/Plugin/table.pm:45
 msgid "unknown data format"
 msgstr ""
-#: ../IkiWiki/Plugin/table.pm:67
+#: ../IkiWiki/Plugin/table.pm:53
 msgid "empty data"
 msgstr ""
-#: ../IkiWiki/Plugin/table.pm:77
+#: ../IkiWiki/Plugin/table.pm:73
 msgid "Direct data download"
 msgstr ""
-#: ../IkiWiki/Plugin/table.pm:124
+#: ../IkiWiki/Plugin/table.pm:106
 #, perl-format
 msgid "parse fail at line %d: %s"
 msgstr ""
@ -520,11 +520,11 @@ msgstr ""
 msgid "usage: ikiwiki [options] source dest"
 msgstr ""
-#: ../IkiWiki.pm:102
+#: ../IkiWiki.pm:103
 msgid "Must specify url to wiki with --url when using --cgi"
 msgstr ""
-#: ../IkiWiki.pm:149 ../IkiWiki.pm:150
+#: ../IkiWiki.pm:150 ../IkiWiki.pm:151
 msgid "Error"
 msgstr ""
@ -532,7 +532,7 @@ msgstr ""
 #. translators: preprocessor directive name,
 #. translators: the second a page name, the
 #. translators: third a number.
-#: ../IkiWiki.pm:567
+#: ../IkiWiki.pm:573
 #, perl-format
 msgid "%s preprocessing loop detected on %s at depth %i"
 msgstr ""