]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/getsource.pm
update
[git.ikiwiki.info.git] / IkiWiki / Plugin / getsource.pm
index 6a208f1e735d19791da4c5a0821fc124e9bee3a7..ae9ea3cc7af4ffe27b46d65528d380420ac5b368 100644 (file)
@@ -42,20 +42,21 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
        my $cgi=shift;
 
-       # Note: we use sessioncgi rather than just cgi
-       # because we need $IkiWiki::pagesources{} to be
-       # populated.
-
-       return unless (defined $cgi->param('do') &&
-                                       $cgi->param("do") eq "getsource");
+       return unless defined $cgi->param('do') &&
+                     $cgi->param("do") eq "getsource";
 
        IkiWiki::decode_cgi_utf8($cgi);
 
        my $page=$cgi->param('page');
 
+       if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+               error("invalid page parameter");
+       }
+
+       # For %pagesources.
        IkiWiki::loadindex();
 
-       if (! exists $IkiWiki::pagesources{$page}) {
+       if (! exists $pagesources{$page}) {
                IkiWiki::cgi_custom_failure(
                        $cgi->header(-status => "404 Not Found"),
                        IkiWiki::misctemplate(gettext("missing page"),
@@ -66,18 +67,25 @@ sub cgi_getsource ($) {
                exit;
        }
 
-       my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page}));
+       if (! defined pagetype($pagesources{$page})) {
+               IkiWiki::cgi_custom_failure(
+                       $cgi->header(-status => "403 Forbidden"),
+                       IkiWiki::misctemplate(gettext("not a page"),
+                               "<p>".
+                               sprintf(gettext("%s is an attachment, not a page."),
+                                       htmllink("", "", $page)).
+                               "</p>"));
+               exit;
+       }
 
        if (! $config{getsource_mimetype}) {
                $config{getsource_mimetype} = "text/plain; charset=utf-8";
        }
 
        print "Content-Type: $config{getsource_mimetype}\r\n";
-
        print ("\r\n");
+       print readfile(srcfile($pagesources{$page}));
 
-       print $data;
-       
        exit 0;
 }