sub cgi_getsource ($) {
my $cgi=shift;
- # Note: we use sessioncgi rather than just cgi
- # because we need %pagesources to be
- # populated.
-
- return unless (defined $cgi->param('do') &&
- $cgi->param("do") eq "getsource");
+ return unless defined $cgi->param('do') &&
+ $cgi->param("do") eq "getsource";
IkiWiki::decode_cgi_utf8($cgi);
my $page=$cgi->param('page');
+ if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+ error("invalid page parameter");
+ }
+
+ # For %pagesources.
IkiWiki::loadindex();
if (! exists $pagesources{$page}) {