X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/c65658eeb5cd83417f3ec1c69eff2ebcd6a481db..2745dfee60fa890ed0ecb8f53528e8a8a0803066:/IkiWiki/Plugin/attachment.pm diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index 9c774557f..f73e355ee 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -58,7 +58,7 @@ sub check_canattach ($$;$) { $config{allowed_attachments}, file => $file, user => $session->param("name"), - ip => $ENV{REMOTE_ADDR}, + ip => $session->remote_addr(), ); } @@ -134,16 +134,19 @@ sub formbuilder (@) { } } + $filename=IkiWiki::basename($filename); + $filename=~s/.*\\+(.+)/$1/; # hello, windows + $filename=linkpage(IkiWiki::possibly_foolish_untaint( attachment_location($form->field('page')). - IkiWiki::basename($filename))); + $filename)); if (IkiWiki::file_pruned($filename)) { error(gettext("bad attachment filename")); } # Check that the user is allowed to edit a page with the # name of the attachment. - IkiWiki::check_canedit($filename, $q, $session, 1); + IkiWiki::check_canedit($filename, $q, $session); # And that the attachment itself is acceptable. check_canattach($session, $filename, $tempfile); @@ -180,9 +183,12 @@ sub formbuilder (@) { if ($config{rcs}) { IkiWiki::rcs_add($filename); IkiWiki::disable_commit_hook(); - IkiWiki::rcs_commit($filename, gettext("attachment upload"), - IkiWiki::rcs_prepedit($filename), - $session->param("name"), $ENV{REMOTE_ADDR}); + IkiWiki::rcs_commit( + file => $filename, + message => gettext("attachment upload"), + token => IkiWiki::rcs_prepedit($filename), + session => $session, + ); IkiWiki::enable_commit_hook(); IkiWiki::rcs_update(); }