X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/70b1c2aabd0d591cbdb30765c5a7e000e993f343..94a51309635b799fd25aeaf60d90fab25939343e:/IkiWiki/Plugin/getsource.pm?ds=sidebyside

diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm
index e8aea2c39..0a21413bd 100644
--- a/IkiWiki/Plugin/getsource.pm
+++ b/IkiWiki/Plugin/getsource.pm
@@ -17,6 +17,7 @@ sub getsetup () {
 		plugin => {
 			safe => 1,
 			rebuild => 1,
+			section => "web",
 		},
 		getsource_mimetype => {
 			type => "string",
@@ -42,23 +43,25 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
 	my $cgi=shift;
 
-	# Note: we use sessioncgi rather than just cgi
-	# because we need %pagesources to be
-	# populated.
-
-	return unless (defined $cgi->param('do') &&
-					$cgi->param("do") eq "getsource");
+	return unless defined $cgi->param('do') &&
+	              $cgi->param("do") eq "getsource";
 
 	IkiWiki::decode_cgi_utf8($cgi);
 
 	my $page=$cgi->param('page');
 
+	if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+		error("invalid page parameter");
+	}
+
+	# For %pagesources.
 	IkiWiki::loadindex();
 
 	if (! exists $pagesources{$page}) {
 		IkiWiki::cgi_custom_failure(
-			$cgi->header(-status => "404 Not Found"),
-			IkiWiki::misctemplate(gettext("missing page"),
+			$cgi,
+			"404 Not Found",
+			IkiWiki::cgitemplate($cgi, gettext("missing page"),
 				"<p>".
 				sprintf(gettext("The page %s does not exist."),
 					htmllink("", "", $page)).
@@ -69,7 +72,7 @@ sub cgi_getsource ($) {
 	if (! defined pagetype($pagesources{$page})) {
 		IkiWiki::cgi_custom_failure(
 			$cgi->header(-status => "403 Forbidden"),
-			IkiWiki::misctemplate(gettext("not a page"),
+			IkiWiki::cgitemplate($cgi, gettext("not a page"),
 				"<p>".
 				sprintf(gettext("%s is an attachment, not a page."),
 					htmllink("", "", $page)).