add missing page name sanity check

IkiWiki/Plugin/editpage.pm

@@ -85,8 +85,9 @@ sub cgi_editpage ($$) { #{{{
 	});
 	decode_form_utf8($form);
 	
-	# This untaint is safe because we check file_pruned.
-	my $page=$form->field('page');
+	# This untaint is safe because we check file_pruned and
+	# wiki_file_regexp.
+	my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
 	$page=possibly_foolish_untaint($page);
 	my $absolute=($page =~ s#^/+##);
 	if (! defined $page || ! length $page ||

debian/changelog

@@ -14,6 +14,8 @@ ikiwiki (2.65) UNRELEASED; urgency=low
     (willu)
   * edittemplate: Add "silent" parameter. (Willu)
   * edittemplate: Link to template, to allow creating it. (Willu)
+  * editpage: Add a missing check that the page name contains only legal
+    characters, in addition to the existing check for pruned filenames.
 
  -- Joey Hess <joeyh@debian.org>  Wed, 17 Sep 2008 14:26:56 -0400