One other issue.
If you do not use subst_blank_in_name and allow spaces in names and URLs there is a bug
around line 548 in xowiki-procs.tcl
if {$granted} {
if {[$object istype ::xowiki::Package]} {
set base [$package_id package_url]
if {[info exists url]} {
return [uplevel export_vars -base $base$url [list $args]]
} else {
lappend args [list $method 1]
return [uplevel export_vars -base $base [list $args]]
}
} elseif {[$object istype ::xowiki::Page]} {
set base [$package_id url]
lappend args [list m $method]
return [uplevel export_vars -base $base [list $args]]
}
I cahnges the $base variable referece to \"$base\" to quote the value of $base (also did $base$url)
There is still an issue when creating the edit form if you use the [ or ] characters in the name, it is trying to execute it as a tcl proc. I could not figure out where to apply the proper escaping in that.
We probably should disallow [ and ] in names/urls anyway, but someone might also use it in a title, and the same issue occurs.