plugin => {
safe => 1,
rebuild => 1,
+ section => "web",
},
getsource_mimetype => {
type => "string",
sub cgi_getsource ($) {
my $cgi=shift;
- return unless (defined $cgi->param('do') &&
- $cgi->param("do") eq "getsource");
+ return unless defined $cgi->param('do') &&
+ $cgi->param("do") eq "getsource";
IkiWiki::decode_cgi_utf8($cgi);
my $page=$cgi->param('page');
+ if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+ error("invalid page parameter");
+ }
+
# For %pagesources.
IkiWiki::loadindex();
if (! exists $pagesources{$page}) {
IkiWiki::cgi_custom_failure(
- $cgi->header(-status => "404 Not Found"),
- IkiWiki::misctemplate(gettext("missing page"),
+ $cgi,
+ "404 Not Found",
+ IkiWiki::cgitemplate($cgi, gettext("missing page"),
"<p>".
sprintf(gettext("The page %s does not exist."),
htmllink("", "", $page)).
if (! defined pagetype($pagesources{$page})) {
IkiWiki::cgi_custom_failure(
$cgi->header(-status => "403 Forbidden"),
- IkiWiki::misctemplate(gettext("not a page"),
+ IkiWiki::cgitemplate($cgi, gettext("not a page"),
"<p>".
sprintf(gettext("%s is an attachment, not a page."),
htmllink("", "", $page)).