]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/getsource.pm
add ikiwiki-comment program
[git.ikiwiki.info.git] / IkiWiki / Plugin / getsource.pm
index 91c4cc1c95b9448db01820b88d044e74c7203f45..0a21413bdb9f9cdd591c93cf1785a3e4993d556e 100644 (file)
@@ -17,6 +17,7 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => 1,
+                       section => "web",
                },
                getsource_mimetype => {
                        type => "string",
@@ -42,20 +43,25 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
        my $cgi=shift;
 
-       return unless (defined $cgi->param('do') &&
-                                       $cgi->param("do") eq "getsource");
+       return unless defined $cgi->param('do') &&
+                     $cgi->param("do") eq "getsource";
 
        IkiWiki::decode_cgi_utf8($cgi);
 
        my $page=$cgi->param('page');
 
+       if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+               error("invalid page parameter");
+       }
+
        # For %pagesources.
        IkiWiki::loadindex();
 
        if (! exists $pagesources{$page}) {
                IkiWiki::cgi_custom_failure(
-                       $cgi->header(-status => "404 Not Found"),
-                       IkiWiki::misctemplate(gettext("missing page"),
+                       $cgi,
+                       "404 Not Found",
+                       IkiWiki::cgitemplate($cgi, gettext("missing page"),
                                "<p>".
                                sprintf(gettext("The page %s does not exist."),
                                        htmllink("", "", $page)).
@@ -66,7 +72,7 @@ sub cgi_getsource ($) {
        if (! defined pagetype($pagesources{$page})) {
                IkiWiki::cgi_custom_failure(
                        $cgi->header(-status => "403 Forbidden"),
-                       IkiWiki::misctemplate(gettext("not a page"),
+                       IkiWiki::cgitemplate($cgi, gettext("not a page"),
                                "<p>".
                                sprintf(gettext("%s is an attachment, not a page."),
                                        htmllink("", "", $page)).