From 3e992b758b0d7e96f369372340b95d8ef4302aae Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 19 Oct 2008 21:07:12 -0400 Subject: [PATCH] Fix issue with utf-8 in wikiname breaking session cookies, by entity-encoding the wikiname in the session cookie. --- IkiWiki/CGI.pm | 4 ++-- debian/changelog | 2 ++ doc/bugs/unicode_chars_in_wikiname_break_auth.mdwn | 6 ++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index dac522eea..4399d0dcb 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -278,9 +278,9 @@ sub check_banned ($$) { #{{{ sub cgi_getsession ($) { #{{{ my $q=shift; - eval q{use CGI::Session}; + eval q{use CGI::Session; use HTML::Entities}; error($@) if $@; - CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname})); + CGI::Session->name("ikiwiki_session_".encode_entities($config{wikiname})); my $oldmask=umask(077); my $session = eval { diff --git a/debian/changelog b/debian/changelog index 1f47f614e..352329f94 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,8 @@ ikiwiki (2.68) UNRELEASED; urgency=low * Plugins that used to override displaytime should instead override formattime. displaytime will call that, and may wrap markup around the formatted time. + * Fix issue with utf-8 in wikiname breaking session cookies, by + entity-encoding the wikiname in the session cookie. -- Joey Hess Fri, 17 Oct 2008 20:11:02 -0400 diff --git a/doc/bugs/unicode_chars_in_wikiname_break_auth.mdwn b/doc/bugs/unicode_chars_in_wikiname_break_auth.mdwn index c272d4b4f..7c71ff0ff 100644 --- a/doc/bugs/unicode_chars_in_wikiname_break_auth.mdwn +++ b/doc/bugs/unicode_chars_in_wikiname_break_auth.mdwn @@ -5,4 +5,10 @@ Inspecting the cookie information (thanks to Iceweasel's webdeveloper add-on), I Replacing "·" with "-" in `wikiname` fixed this login issue. +> Hmm, Recai sent me a patch a long time ago to handle utf-8 here by encoding +> the wikiname. But it doesn't seem to work, somehow the encoded utf-8 +> value still doesn't make it through. (CGI::Session seems to have underermined utf-8 +> issues too.) Seems like I will have to possibly break some sessions and +> entity-encode the wikiname in the cookie.. done. --[[Joey]] + (BTW, such a char was replaced by -I don't remember what encoding thingie- in my setup file, when running `ikiwiki-transition setupformat`.) -- 2.26.2