]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/attachment.pm
Tell `git revert` not to follow renames (CVE-2016-10026)
[git.ikiwiki.info.git] / IkiWiki / Plugin / attachment.pm
index aea70429d0bcc3bc86a776ba8b2dde8352483a37..ab1929e3618e39ead815bfe71639272e2a71d55b 100644 (file)
@@ -156,14 +156,15 @@ sub formbuilder (@) {
                        }
                        $add.="\n";
                }
+               my $content = $form->field('editcontent');
                $form->field(name => 'editcontent',
-                       value => $form->field('editcontent')."\n\n".$add,
+                       value => $content."\n\n".$add,
                        force => 1) if length $add;
        }
        
        # Generate the attachment list only after having added any new
        # attachments.
-       $form->tmpl_param("attachment_list" => [attachment_list($form->field('page'))]);
+       $form->tmpl_param("attachment_list" => [attachment_list(scalar $form->field('page'))]);
 }
 
 sub attachment_holding_location {
@@ -213,12 +214,12 @@ sub attachment_store {
        $filename=IkiWiki::basename($filename);
        $filename=~s/.*\\+(.+)/$1/; # hello, windows
        $filename=IkiWiki::possibly_foolish_untaint(linkpage($filename));
-       my $dest=attachment_holding_location($form->field('page'));
+       my $dest=attachment_holding_location(scalar $form->field('page'));
        
        # Check that the user is allowed to edit the attachment.
        my $final_filename=
                linkpage(IkiWiki::possibly_foolish_untaint(
-                       attachment_location($form->field('page')))).
+                       attachment_location(scalar $form->field('page')))).
                $filename;
        eval {
                if (IkiWiki::file_pruned($final_filename)) {
@@ -270,13 +271,13 @@ sub attachments_save {
 
        # Move attachments out of holding directory.
        my @attachments;
-       my $dir=attachment_holding_location($form->field('page'));
+       my $dir=attachment_holding_location(scalar $form->field('page'));
        foreach my $filename (glob("$dir/*")) {
                $filename=Encode::decode_utf8($filename);
                next unless -f $filename;
                my $destdir=$config{srcdir}."/".
                        linkpage(IkiWiki::possibly_foolish_untaint(
-                               attachment_location($form->field('page'))));
+                               attachment_location(scalar $form->field('page'))));
                my $destfile=IkiWiki::basename($filename);
                my $dest=$destdir.$destfile;
                unlink($dest);