sub cgi_getsource ($) {
my $cgi=shift;
- # Note: we use sessioncgi rather than just cgi
- # because we need $IkiWiki::pagesources{} to be
- # populated.
-
- return unless (defined $cgi->param('do') &&
- $cgi->param("do") eq "getsource");
+ return unless defined $cgi->param('do') &&
+ $cgi->param("do") eq "getsource";
IkiWiki::decode_cgi_utf8($cgi);
my $page=$cgi->param('page');
+ if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+ error("invalid page parameter");
+ }
+
+ # For %pagesources.
IkiWiki::loadindex();
- if (! exists $IkiWiki::pagesources{$page}) {
+ if (! exists $pagesources{$page}) {
IkiWiki::cgi_custom_failure(
$cgi->header(-status => "404 Not Found"),
IkiWiki::misctemplate(gettext("missing page"),
exit;
}
- my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page}));
+ if (! defined pagetype($pagesources{$page})) {
+ IkiWiki::cgi_custom_failure(
+ $cgi->header(-status => "403 Forbidden"),
+ IkiWiki::misctemplate(gettext("not a page"),
+ "<p>".
+ sprintf(gettext("%s is an attachment, not a page."),
+ htmllink("", "", $page)).
+ "</p>"));
+ exit;
+ }
if (! $config{getsource_mimetype}) {
$config{getsource_mimetype} = "text/plain; charset=utf-8";
}
print "Content-Type: $config{getsource_mimetype}\r\n";
-
print ("\r\n");
+ print readfile(srcfile($pagesources{$page}));
- print $data;
-
exit 0;
}