untaint and linkpage the page name used in attachment holding directory

[git.ikiwiki.info.git] / IkiWiki / Plugin / attachment.pm

diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index b7ea1f312793b1ea61e44c890c720b537f6d0a6b..f4bfbe98f4cc3eb63f313c7bf5d39c39eb4b2b26 100644 (file)
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -150,7 +150,8 @@ sub formbuilder (@) {
 sub attachment_holding_dir {
        my $page=shift;
 
-       return $config{wikistatedir}."/attachments/$page";
+       return $config{wikistatedir}."/attachments/".
+               IkiWiki::possibly_foolish_untaint(linkpage($page));
 }
 
 # Stores the attachment in a holding area, not yet in the wiki proper.
@@ -178,11 +179,13 @@ sub attachment_store {
 
        $filename=IkiWiki::basename($filename);
        $filename=~s/.*\\+(.+)/$1/; # hello, windows
+       $filename=IkiWiki::possibly_foolish_untaint(linkpage($filename));
        
        # Check that the user is allowed to edit the attachment.
-       my $final_filename=linkpage(IkiWiki::possibly_foolish_untaint(
-               attachment_location($form->field('page')).
-               $filename));
+       my $final_filename=
+               linkpage(IkiWiki::possibly_foolish_untaint(
+                       attachment_location($form->field('page')))).
+               $filename;
        if (IkiWiki::file_pruned($final_filename)) {
                error(gettext("bad attachment filename"));
        }
@@ -232,8 +235,8 @@ sub attachments_save {
                next unless -f $filename;
                my $dest=$config{srcdir}."/".
                        linkpage(IkiWiki::possibly_foolish_untaint(
-                               attachment_location($form->field('page')).
-                               $filename));
+                               attachment_location($form->field('page')))).
+                       $filename;
                unlink($dest);
                rename($filename, $dest);
                push @attachments, $dest;