urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add missing page name sanity check

master
Joey Hess 2008-09-20 22:48:22 -04:00
parent c0d7c60b9f
commit 12eb585353
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
IkiWiki/Plugin/editpage.pm
View File

@ -85,8 +85,9 @@ sub cgi_editpage ($$) { #{{{
}); });
decode_form_utf8($form); decode_form_utf8($form);
# This untaint is safe because we check file_pruned. # This untaint is safe because we check file_pruned and
my $page=$form->field('page'); # wiki_file_regexp.
my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
$page=possibly_foolish_untaint($page); $page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##); my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page || if (! defined $page || ! length $page ||

2
debian/changelog vendored
View File

@ -14,6 +14,8 @@ ikiwiki (2.65) UNRELEASED; urgency=low
(willu) (willu)
* edittemplate: Add "silent" parameter. (Willu) * edittemplate: Add "silent" parameter. (Willu)
* edittemplate: Link to template, to allow creating it. (Willu) * edittemplate: Link to template, to allow creating it. (Willu)
* editpage: Add a missing check that the page name contains only legal
characters, in addition to the existing check for pruned filenames.
-- Joey Hess <joeyh@debian.org> Wed, 17 Sep 2008 14:26:56 -0400 -- Joey Hess <joeyh@debian.org> Wed, 17 Sep 2008 14:26:56 -0400