X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/70b1c2aabd0d591cbdb30765c5a7e000e993f343..b852ca8133cc175230799e9844633f46cd439dec:/IkiWiki/Plugin/getsource.pm?ds=sidebyside

diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm
index e8aea2c39..b362de726 100644
--- a/IkiWiki/Plugin/getsource.pm
+++ b/IkiWiki/Plugin/getsource.pm
@@ -17,6 +17,7 @@ sub getsetup () {
 		plugin => {
 			safe => 1,
 			rebuild => 1,
+			section => "web",
 		},
 		getsource_mimetype => {
 			type => "string",
@@ -42,22 +43,24 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
 	my $cgi=shift;
 
-	# Note: we use sessioncgi rather than just cgi
-	# because we need %pagesources to be
-	# populated.
-
-	return unless (defined $cgi->param('do') &&
-					$cgi->param("do") eq "getsource");
+	return unless defined $cgi->param('do') &&
+	              $cgi->param("do") eq "getsource";
 
 	IkiWiki::decode_cgi_utf8($cgi);
 
 	my $page=$cgi->param('page');
 
+	if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+		error("invalid page parameter");
+	}
+
+	# For %pagesources.
 	IkiWiki::loadindex();
 
 	if (! exists $pagesources{$page}) {
 		IkiWiki::cgi_custom_failure(
-			$cgi->header(-status => "404 Not Found"),
+			$cgi,
+			"404 Not Found",
 			IkiWiki::misctemplate(gettext("missing page"),
 				"<p>".
 				sprintf(gettext("The page %s does not exist."),