Don't allow uploading an attachment with the same name as an existing page, to avoid...

diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index acc52f0e902fdcdf55febc93213247f87a0631ac..c6711aa05ac80e2957a982305b3ee187cfd13cce 100644 (file)
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -16,6 +16,12 @@ sub check_canattach ($$;$) {
        my $dest=shift; # where it's going to be put, under the srcdir
        my $file=shift; # the path to the attachment currently
 
+       # Don't allow an attachment to be uploaded with the same name as an
+       # existing page.
+       if (exists $pagesources{$dest} && $pagesources{$dest} ne $dest) {
+               error(sprintf(gettext("there is already a page named %s"), $dest));
+       }
+
        # Use a special pagespec to test that the attachment is valid.
        my $allowed=1;
        foreach my $admin (@{$config{adminuser}}) {

diff --git a/debian/changelog b/debian/changelog
index 8238ad625580c45c6fa8148caf5150a74c45ee42..57bf4a3566ef7394bd4ece4bb0d8c804cbb3e293 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,8 @@ ikiwiki (2.55) UNRELEASED; urgency=low
   * Add allow_symlinks_before_srcdir config setting that can be used to avoid
     a security check that is a good safe default, but problimatic overkill in
     some situations.
+  * Don't allow uploading an attachment with the same name as an existing
+    page, to avoid confusion.
 
  -- Joey Hess <joeyh@debian.org>  Mon, 21 Jul 2008 11:35:46 -0400