- my @ret;
- foreach my $f (values %pagesources) {
- if (! defined IkiWiki::pagetype($f) &&
- $f=~m/^\Q$loc\E[^\/]+$/ &&
- -e "$config{srcdir}/$f") {
- push @ret, {
- "field-select" => '<input type="checkbox" name="attachment_select" value="'.$f.'">',
- link => htmllink($page, $page, $f, noimageinline => 1),
- size => humansize((stat(_))[7]),
- mtime => displaytime($IkiWiki::pagemtime{$f}),
- };
+ # Don't allow an attachment to be uploaded with the same name as an
+ # existing page.
+ if (exists $IkiWiki::pagesources{$dest} &&
+ $IkiWiki::pagesources{$dest} ne $dest) {
+ error(sprintf(gettext("there is already a page named %s"), $dest));
+ }
+
+ # Use a special pagespec to test that the attachment is valid.
+ my $allowed=1;
+ if (defined $config{allowed_attachments} &&
+ length $config{allowed_attachments}) {
+ $allowed=pagespec_match($dest,
+ $config{allowed_attachments},
+ file => $file,
+ user => $session->param("name"),
+ ip => $ENV{REMOTE_ADDR},
+ );
+ }
+
+ # XXX deprecated, should be removed eventually
+ if ($allowed) {
+ foreach my $admin (@{$config{adminuser}}) {
+ my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments");
+ if (defined $allowed_attachments &&
+ length $allowed_attachments) {
+ $allowed=pagespec_match($dest,
+ $allowed_attachments,
+ file => $file,
+ user => $session->param("name"),
+ ip => $ENV{REMOTE_ADDR},
+ );
+ last if $allowed;
+ }