bleagh

author Joey Hess <joey@kitenet.net>

Mon, 24 Jan 2011 20:56:28 +0000 (16:56 -0400)

committer Joey Hess <joey@kitenet.net>

Mon, 24 Jan 2011 21:22:15 +0000 (17:22 -0400)
author Joey Hess <joey@kitenet.net>
Mon, 24 Jan 2011 20:56:28 +0000 (16:56 -0400)
committer Joey Hess <joey@kitenet.net>
Mon, 24 Jan 2011 21:22:15 +0000 (17:22 -0400)
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm

index 6bacd26c7832ae75ecd5b6d4dea97b4a6c244453..29c9d4f40012b096dba442298f5addd2206d2252 100644 (file)
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -365,7 +365,7 @@ sub editcomment ($$) {
  
         # The untaint is OK (as in editpage) because we're about to pass
         # it to file_pruned and wiki_file_regexp anyway.
-       my $page = $form->field('page')=~/$config{wiki_file_regexp}/;
+       my ($page) = $form->field('page')=~/$config{wiki_file_regexp}/;
         $page = IkiWiki::possibly_foolish_untaint($page);
         if (! defined $page || ! length $page ||
                 IkiWiki::file_pruned($page)) {
diff --git a/debian/changelog b/debian/changelog

index 4f9b06d2995f96afc379f491301eb86df755c0da..604f1b1da3539b59d6c52dbd2f44c63790b16a1a 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ikiwiki (3.20110124) UNRELEASED; urgency=low
+
+  * comments: Fix commenting, broken by security fix.
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 24 Jan 2011 16:56:05 -0400
+
  ikiwiki (3.20100815.5) testing; urgency=low
  
    * comments: Fix XSS security hole due to missing validation of page name.
author	Joey Hess <joey@kitenet.net>
	Mon, 24 Jan 2011 20:56:28 +0000 (16:56 -0400)
committer	Joey Hess <joey@kitenet.net>
	Mon, 24 Jan 2011 21:22:15 +0000 (17:22 -0400)
IkiWiki/Plugin/comments.pm		patch \| blob \| history
debian/changelog		patch \| blob \| history