diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index a8e610e2d..6c489df8d 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -323,6 +323,9 @@ sub cgi_editpage ($$) { #{{{ if (exists $pagesources{$page}) { $file=$pagesources{$page}; $type=pagetype($file); + if (! defined $type) { + error(sprintf(gettext("%s is not an editable page"), $page)); + } } else { $type=$form->param('type'); diff --git a/debian/changelog b/debian/changelog index d3ec481f8..13293d863 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low to be used as close to public domain as possible. * viewcvs is now viewvc (in Debian unstable), update everything to use the new name. + * Fix a security hole that allowed a web user to edit images and other + non-page format files in the wiki. To exploit this, the file already had + to exist in the wiki, and the web user would need to somehow use the web + based editor to replace it with malicious content. + (Sorry Josh, this means you can't edit style.css directly anymore, + although I do appreciate your fixes, actually..) - -- Joey Hess Fri, 9 Feb 2007 00:27:59 -0500 + -- Joey Hess Sat, 10 Feb 2007 15:09:51 -0500 ikiwiki (1.41) unstable; urgency=low diff --git a/po/bg.po b/po/bg.po index b61ec6ca4..b457f0f82 100644 --- a/po/bg.po +++ b/po/bg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki-bg\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-12 01:19+0200\n" "Last-Translator: Damyan Ivanov \n" "Language-Team: Bulgarian \n" @@ -24,28 +24,33 @@ msgstr "Първо трябва да влезете." msgid "Preferences saved." msgstr "Предпочитанията са запазени." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "дискусия" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "създаване на %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "промяна на %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Достъпът ви е забранен." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/cs.po b/po/cs.po index e19209872..98b912e62 100644 --- a/po/cs.po +++ b/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-07 11:59+0100\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" @@ -23,28 +23,33 @@ msgstr "Nejprve se musíte přihlásit." msgid "Preferences saved." msgstr "Nastavení uloženo." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "diskuse" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "vytvářím %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "upravuji %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Jste vyhoštěni." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/es.po b/po/es.po index 54681f741..cd28bd094 100644 --- a/po/es.po +++ b/po/es.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-03 09:37+0100\n" "Last-Translator: Víctor Moral \n" "Language-Team: spanish \n" @@ -24,28 +24,33 @@ msgstr "Antes es necesario identificarse" msgid "Preferences saved." msgstr "Las preferencias se han guardado." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "comentarios" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "creando página %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "modificando página %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Ha sido expulsado." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/fr.po b/po/fr.po index 7651ed9f7..bcf864f9c 100644 --- a/po/fr.po +++ b/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-22 22:12+0100\n" "Last-Translator: Jean-Luc Coulon (f5ibh) \n" "Language-Team: French \n" @@ -25,28 +25,33 @@ msgstr "Vous devez d'abord vous identifier." msgid "Preferences saved." msgstr "Les préférences ont été enregistrées." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "Discussion" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "Création de %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "Édition de %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Vous avez été banni." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" "Échec de l'identification, vous devriez peut-être autoriser les cookies." diff --git a/po/gu.po b/po/gu.po index 7c80d1da5..8739a7804 100644 --- a/po/gu.po +++ b/po/gu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki-gu\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-11 16:05+0530\n" "Last-Translator: Kartik Mistry \n" "Language-Team: Gujarati \n" @@ -23,28 +23,33 @@ msgstr "તમારે પ્રથમ લોગ ઇન થવું પડશ msgid "Preferences saved." msgstr "પ્રાથમિકતાઓ સંગ્રહાઇ." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "ચર્ચા" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "%s બનાવે છે" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "%s સુધારે છે" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "તમારા પર પ્રતિબંધ છે." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot index 296aab6db..9dfa1dc0c 100644 --- a/po/ikiwiki.pot +++ b/po/ikiwiki.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,28 +24,33 @@ msgstr "" msgid "Preferences saved." msgstr "" -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "" -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/pl.po b/po/pl.po index 4e23cf434..496a4117e 100644 --- a/po/pl.po +++ b/po/pl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki 1.37\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-05 16:33+100\n" "Last-Translator: Paweł Tęcza \n" "Language-Team: Debian L10n Polish \n" @@ -24,28 +24,33 @@ msgstr "Konieczne jest zalogowanie się." msgid "Preferences saved." msgstr "Ustawienia zostały zapisane." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "dyskusja" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "tworzenie strony %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "edycja strony %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Dostęp został zabroniony przez administratora." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/sv.po b/po/sv.po index 2263152c0..786cbad5e 100644 --- a/po/sv.po +++ b/po/sv.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-10 23:47+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -23,28 +23,33 @@ msgstr "Du måste logga in först." msgid "Preferences saved." msgstr "Inställningar sparades." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "diskussion" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "skapar %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "redigerar %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Du är bannlyst." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" diff --git a/po/vi.po b/po/vi.po index 3f8741522..e69a161ef 100644 --- a/po/vi.po +++ b/po/vi.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: ikiwiki\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-02-08 14:47-0500\n" +"POT-Creation-Date: 2007-02-10 15:26-0500\n" "PO-Revision-Date: 2007-01-13 15:31+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" @@ -24,28 +24,33 @@ msgstr "Trước tiên bạn cần phải đăng nhập." msgid "Preferences saved." msgstr "Tùy thích đã được lưu." -#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:327 +#, perl-format +msgid "%s is not an editable page" +msgstr "" + +#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "thảo luận" -#: ../IkiWiki/CGI.pm:457 +#: ../IkiWiki/CGI.pm:460 #, perl-format msgid "creating %s" msgstr "đang tạo %s" -#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517 +#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520 #, perl-format msgid "editing %s" msgstr "đang sửa %s" -#: ../IkiWiki/CGI.pm:625 +#: ../IkiWiki/CGI.pm:628 msgid "You are banned." msgstr "Bạn bị cấm ra." -#: ../IkiWiki/CGI.pm:657 +#: ../IkiWiki/CGI.pm:660 msgid "login failed, perhaps you need to turn on cookies?" msgstr ""