]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
comments: Fix XSS security hole due to missing validation of page name. CVE-2011...
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index a39dab36cdb81e6c06049d9c0bc312a6e58b1dd2..6bacd26c7832ae75ecd5b6d4dea97b4a6c244453 100644 (file)
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -364,8 +364,8 @@ sub editcomment ($$) {
        }
 
        # The untaint is OK (as in editpage) because we're about to pass
-       # it to file_pruned anyway
-       my $page = $form->field('page');
+       # it to file_pruned and wiki_file_regexp anyway.
+       my $page = $form->field('page')=~/$config{wiki_file_regexp}/;
        $page = IkiWiki::possibly_foolish_untaint($page);
        if (! defined $page || ! length $page ||
                IkiWiki::file_pruned($page)) {
Unnamed repository; edit this file 'description' to name the repository.