- if ($form->submitted eq "Upload" || $form->submitted eq "Save Page") {
- my $q=$params{cgi};
- my $session=$params{session};
-
- my $filename=$q->param('attachment');
- if (! defined $filename || ! length $filename) {
- # no file, so do nothing
- return;
- }
-
- # This is an (apparently undocumented) way to get the name
- # of the temp file that CGI writes the upload to.
- my $tempfile=$q->tmpFileName($filename);
-
- $filename=IkiWiki::titlepage(
- IkiWiki::possibly_foolish_untaint(
- attachment_location($form->field('page')).
- IkiWiki::basename($filename)));
- if (IkiWiki::file_pruned($filename, $config{srcdir})) {
- error(gettext("bad attachment filename"));
- }
-
- # Check that the user is allowed to edit a page with the
- # name of the attachment.
- IkiWiki::check_canedit($filename, $q, $session, 1);
-
- # Use a special pagespec to test that the attachment is valid.
- my $allowed=1;
- foreach my $admin (@{$config{adminuser}}) {
- my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments");
- if (defined $allowed_attachments &&
- length $allowed_attachments) {
- $allowed=pagespec_match($filename,
- $allowed_attachments,
- file => $tempfile);
- last if $allowed;
- }
- }
- if (! $allowed) {
- error(gettext("attachment rejected")." ($allowed)");
- }
+ my $filename=Encode::decode_utf8($q->param('attachment'));
+ if (defined $filename && length $filename) {
+ attachment_store($filename, $form, $q, $params{session});
+ }