hook(type => "formbuilder", id => "attachment", call => \&formbuilder);
} # }}}
+sub check_canattach ($$;$) {
+ my $session=shift;
+ my $dest=shift; # where it's going to be put, under the srcdir
+ my $file=shift; # the path to the attachment currently
+
+ # Don't allow an attachment to be uploaded with the same name as an
+ # existing page.
+ if (exists $pagesources{$dest} && $pagesources{$dest} ne $dest) {
+ error(sprintf(gettext("there is already a page named %s"), $dest));
+ }
+
+ # Use a special pagespec to test that the attachment is valid.
+ my $allowed=1;
+ foreach my $admin (@{$config{adminuser}}) {
+ my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments");
+ if (defined $allowed_attachments &&
+ length $allowed_attachments) {
+ $allowed=pagespec_match($dest,
+ $allowed_attachments,
+ file => $file,
+ user => $session->param("name"),
+ ip => $ENV{REMOTE_ADDR},
+ );
+ last if $allowed;
+ }
+ }
+ if (! $allowed) {
+ error(gettext("prohibited by allowed_attachments")." ($allowed)");
+ }
+ else {
+ return 1;
+ }
+}
+
sub checkconfig () { #{{{
$config{cgi_disable_uploads}=0;
} #}}}
}
}
- $filename=IkiWiki::titlepage(
+ $filename=IkiWiki::linkpage(
IkiWiki::possibly_foolish_untaint(
attachment_location($form->field('page')).
IkiWiki::basename($filename)));
# Check that the user is allowed to edit a page with the
# name of the attachment.
IkiWiki::check_canedit($filename, $q, $session, 1);
-
- # Use a special pagespec to test that the attachment is valid.
- my $allowed=1;
- foreach my $admin (@{$config{adminuser}}) {
- my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments");
- if (defined $allowed_attachments &&
- length $allowed_attachments) {
- $allowed=pagespec_match($filename,
- $allowed_attachments,
- file => $tempfile,
- user => $session->param("name"),
- ip => $ENV{REMOTE_ADDR},
- );
- last if $allowed;
- }
- }
- if (! $allowed) {
- error(gettext("attachment rejected")." ($allowed)");
- }
+ # And that the attachment itself is acceptable.
+ check_canattach($session, $filename, $tempfile);
# Needed for fast_file_copy and for rendering below.
require IkiWiki::Render;
waitpid $pid, 0;
$SIG{PIPE}="DEFAULT";
if ($sigpipe || $?) {
+ if (! length $reason) {
+ $reason="virus checker $IkiWiki::config{virus_checker}; failed with no output";
+ }
return IkiWiki::FailReason->new("file seems to contain a virus ($reason)");
}
else {
if (defined $params{user} && lc $params{user} eq lc $user) {
return IkiWiki::SuccessReason->new("user is $user");
}
+ elsif (! defined $params{user}) {
+ return IkiWiki::FailReason->new("not logged in");
+ }
else {
return IkiWiki::FailReason->new("user is $params{user}, not $user");
}