]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/getsource.pm
Avoid mixed content when cgiurl is https but url is not
[git.ikiwiki.info.git] / IkiWiki / Plugin / getsource.pm
index 2e65df9500230a309e50c41b19ce359e86074536..0a21413bdb9f9cdd591c93cf1785a3e4993d556e 100644 (file)
@@ -17,10 +17,11 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => 1,
+                       section => "web",
                },
                getsource_mimetype => {
                        type => "string",
-                       example => "application/octet-stream",
+                       example => "text/plain; charset=utf-8",
                        description => "Mime type for returned source.",
                        safe => 1,
                        rebuild => 0,
@@ -42,37 +43,50 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
        my $cgi=shift;
 
-       # Note: we use sessioncgi rather than just cgi
-       # because we need $IkiWiki::pagesources{} to be
-       # populated.
-
-       return unless (defined $cgi->param('do') &&
-                                       $cgi->param("do") eq "getsource");
+       return unless defined $cgi->param('do') &&
+                     $cgi->param("do") eq "getsource";
 
        IkiWiki::decode_cgi_utf8($cgi);
 
        my $page=$cgi->param('page');
 
+       if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+               error("invalid page parameter");
+       }
+
+       # For %pagesources.
        IkiWiki::loadindex();
 
-       if ($IkiWiki::pagesources{$page}) {
-               
-               my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page}));
-               
-               if (! $config{getsource_mimetype}) {
-                       $config{getsource_mimetype} = "text/plain";
-               }
-               
-               print "Content-Type: $config{getsource_mimetype}\r\n";
-               
-               print ("\r\n");
-               
-               print $data;
-               
-               exit 0;
+       if (! exists $pagesources{$page}) {
+               IkiWiki::cgi_custom_failure(
+                       $cgi,
+                       "404 Not Found",
+                       IkiWiki::cgitemplate($cgi, gettext("missing page"),
+                               "<p>".
+                               sprintf(gettext("The page %s does not exist."),
+                                       htmllink("", "", $page)).
+                               "</p>"));
+               exit;
+       }
+
+       if (! defined pagetype($pagesources{$page})) {
+               IkiWiki::cgi_custom_failure(
+                       $cgi->header(-status => "403 Forbidden"),
+                       IkiWiki::cgitemplate($cgi, gettext("not a page"),
+                               "<p>".
+                               sprintf(gettext("%s is an attachment, not a page."),
+                                       htmllink("", "", $page)).
+                               "</p>"));
+               exit;
+       }
+
+       if (! $config{getsource_mimetype}) {
+               $config{getsource_mimetype} = "text/plain; charset=utf-8";
        }
-       
-       error("Unable to find page source for page: $page");
+
+       print "Content-Type: $config{getsource_mimetype}\r\n";
+       print ("\r\n");
+       print readfile(srcfile($pagesources{$page}));
 
        exit 0;
 }