X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/5d26ded3811cd050a1c70ccf76f3022a787a9588..df42a5ef21fd3e97ab287fa48ccd3aafd34e0375:/IkiWiki/CGI.pm diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index 52d3474f5..d805506aa 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -1,5 +1,7 @@ #!/usr/bin/perl +package IkiWiki; + use warnings; use strict; use IkiWiki; @@ -7,8 +9,6 @@ use IkiWiki::UserInfo; use open qw{:utf8 :std}; use Encode; -package IkiWiki; - sub printheader ($) { #{{{ my $session=shift; @@ -304,8 +304,9 @@ sub cgi_editpage ($$) { #{{{ # This untaint is safe because we check file_pruned. my $page=$form->field('page'); $page=possibly_foolish_untaint($page); + my $absolute=($page =~ s#^/+##); if (! defined $page || ! length $page || - file_pruned($page, $config{srcdir}) || $page=~/^\//) { + file_pruned($page, $config{srcdir})) { error("bad page name"); } @@ -424,7 +425,8 @@ sub cgi_editpage ($$) { #{{{ if (! defined $from || ! length $from || $from ne $form->field('from') || file_pruned($from, $config{srcdir}) || - $from=~/^\// || + $from=~/^\// || + $absolute || $form->submitted eq "Preview") { @page_locs=$best_loc=$page; } @@ -748,4 +750,14 @@ sub cgi (;$$) { #{{{ } } #}}} +# Does not need tobe called directly; all errors will go through here. +sub cgierror ($) { #{{{ + my $message=shift; + + print "Content-type: text/html\n\n"; + print misctemplate(gettext("Error"), + "

".gettext("Error").": $message

"); + die $@; +} #}}} + 1