X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/22edaf77c2a4318ebd8ed0881dd6a62cfc2ca2b2..370261e715ab53e9630e2c209e478c4b87bf14c6:/IkiWiki/Plugin/getsource.pm?ds=inline diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm index 91c4cc1c9..0a21413bd 100644 --- a/IkiWiki/Plugin/getsource.pm +++ b/IkiWiki/Plugin/getsource.pm @@ -17,6 +17,7 @@ sub getsetup () { plugin => { safe => 1, rebuild => 1, + section => "web", }, getsource_mimetype => { type => "string", @@ -42,20 +43,25 @@ sub pagetemplate (@) { sub cgi_getsource ($) { my $cgi=shift; - return unless (defined $cgi->param('do') && - $cgi->param("do") eq "getsource"); + return unless defined $cgi->param('do') && + $cgi->param("do") eq "getsource"; IkiWiki::decode_cgi_utf8($cgi); my $page=$cgi->param('page'); + if (! defined $page || $page !~ /$config{wiki_file_regexp}/) { + error("invalid page parameter"); + } + # For %pagesources. IkiWiki::loadindex(); if (! exists $pagesources{$page}) { IkiWiki::cgi_custom_failure( - $cgi->header(-status => "404 Not Found"), - IkiWiki::misctemplate(gettext("missing page"), + $cgi, + "404 Not Found", + IkiWiki::cgitemplate($cgi, gettext("missing page"), "
". sprintf(gettext("The page %s does not exist."), htmllink("", "", $page)). @@ -66,7 +72,7 @@ sub cgi_getsource ($) { if (! defined pagetype($pagesources{$page})) { IkiWiki::cgi_custom_failure( $cgi->header(-status => "403 Forbidden"), - IkiWiki::misctemplate(gettext("not a page"), + IkiWiki::cgitemplate($cgi, gettext("not a page"), "
". sprintf(gettext("%s is an attachment, not a page."), htmllink("", "", $page)).