git: don't issue a warning if rcsinfo is undefined

The intention here seems to be that $prev may be undefined, and the
only way that can legitimately happen is for $params{token} to be
undefined too.

diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm
index 7511f09cb3e94241f3f1fe6b0f2de0d2935de073..331b48fda4e5b9f61b44452eabb91818aed9817e 100644 (file)
--- a/IkiWiki/Plugin/git.pm
+++ b/IkiWiki/Plugin/git.pm
@@ -567,7 +567,10 @@ sub rcs_commit (@) {
        # Check to see if the page has been changed by someone else since
        # rcs_prepedit was called.
        my $cur    = git_sha1_file($params{file});
-       my ($prev) = $params{token} =~ /^($sha1_pattern)$/; # untaint
+       my $prev;
+       if (defined $params{token}) {
+               ($prev) = $params{token} =~ /^($sha1_pattern)$/; # untaint
+       }
 
        if (defined $cur && defined $prev && $cur ne $prev) {
                my $conflict = merge_past($prev, $params{file}, $dummy_commit_msg);

diff --git a/debian/changelog b/debian/changelog
index 4a84b28a6b2acb6b7a033e58617b092b5343c56c..422876e3c71160847e5354f4f309ed7345d899a0 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium
 
   * Add CVE references for CVE-2016-10026
   * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
+  * git: don't issue a warning if the rcsinfo CGI parameter is undefined
 
  -- Simon McVittie <smcv@debian.org>  Wed, 21 Dec 2016 13:03:07 +0000