* Patch from James Westby to deal with the case where you're editing a

new page, hit cancel, and need to be redirected to somewhere sane.
2006-09-16 01:23:14 +00:00 · 2006-09-16 01:23:14 +00:00 · 26774c931c
parent 39fd60f1ab
commit 26774c931c
3 changed files with 22 additions and 5 deletions
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@ -439,7 +439,15 @@ sub cgi_editpage ($$) { #{{{
 	}
 	
 	if ($form->submitted eq "Cancel") {
+		if ($newfile && defined $from) {
+			redirect($q, "$config{url}/".htmlpage($from));
+		}
+		elsif ($newfile) {
+			redirect($q, $config{url});
+		}
+		else {
 			redirect($q, "$config{url}/".htmlpage($page));
+		}
 		return;
 	}
 	elsif ($form->submitted eq "Preview") {
--- a/debian/changelog
+++ b/debian/changelog
@ -38,8 +38,10 @@ ikiwiki (1.27) UNRELEASED; urgency=low
    page (and cgis).
  * Deal with CPAN installing Markdown as Text::Markdown, while it's
    installed as just Markdown by apt.
+  * Patch from James Westby to deal with the case where you're editing a
+    new page, hit cancel, and need to be redirected to somewhere sane.

- -- Joey Hess <joeyh@debian.org>  Fri, 15 Sep 2006 21:13:35 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 15 Sep 2006 21:20:31 -0400

 ikiwiki (1.26) unstable; urgency=low

--- a/doc/bugs/404_when_cancel_create_page.mdwn
+++ b/doc/bugs/404_when_cancel_create_page.mdwn
@ -25,7 +25,9 @@ if it is known.
                }
                elsif ($form->submitted eq "Preview") {

-
+> I think you mean to use `$newfile`? I've applied a modieid version
+> that also deal with creating a new page with no defined $from location.
+> [[bugs/done]] --[[Joey]] 

 [P.S. just above that is 

@ -43,4 +45,9 @@ is there aren't going to be many possible extensions. Something like `/(.\w+)+/`
 (groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could
 at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.]

-
+> The reason it's safe to use possibly_foolish_untaint here is because
+> of the check for $hooks{htmlize}{$type}. This limits it to types
+> that have a registered htmlize hook (mdwn, etc), and not whatever random
+> garbage an attacker might try to put in. If it wasn't for that check,
+> using possibly_foolish_untaint there would be _very_ foolish indeed.. 
+> --[[Joey]]