rename, remove: Don't rely on a form parameter to tell whether the page should be treated as an attachment.

IkiWiki/Plugin/remove.pm

@@ -21,11 +21,10 @@ sub getsetup () { #{{{
 		},
 } #}}}
 
-sub check_canremove ($$$$) { #{{{
+sub check_canremove ($$$) { #{{{
 	my $page=shift;
 	my $q=shift;
 	my $session=shift;
-	my $attachment=shift;
 
 	# Must be a known source file.
 	if (! exists $pagesources{$page}) {
@@ -45,12 +44,16 @@ sub check_canremove ($$$$) { #{{{
 	# Must be editiable.
 	IkiWiki::check_canedit($page, $q, $session);
 
-	# This is sorta overkill, but better safe
-	# than sorry. If a user can't upload an
-	# attachment, don't let them delete it.
-	if ($attachment) {
+	# If a user can't upload an attachment, don't let them delete it.
+	# This is sorta overkill, but better safe than sorry.
+	if (! defined IkiWiki::pagetype($pagesources{$page})) {
+		if (IkiWiki::Plugin::attachment->can("check_canattach")) {
 			IkiWiki::Plugin::attachment::check_canattach($session, $page, $file);
 		}
+		else {
+			error("renaming of attachments is not allowed");
+		}
+	}
 } #}}}
 
 sub formbuilder_setup (@) { #{{{
@@ -94,7 +97,7 @@ sub removal_confirm ($$@) { #{{{
 	my $attachment=shift;
 	my @pages=@_;
 
-	check_canremove($_, $q, $session, $attachment) foreach @pages;
+	check_canremove($_, $q, $session) foreach @pages;
 
    	# Save current form state to allow returning to it later
 	# without losing any edits.
@@ -167,7 +170,7 @@ sub sessioncgi ($$) { #{{{
 			# and that the user is allowed to edit(/remove) it.
 			my @files;
 			foreach my $page (@pages) {
-				check_canremove($page, $q, $session, $q->param("attachment"));
+				check_canremove($page, $q, $session);
 				
 				# This untaint is safe because of the
 				# checks performed above, which verify the

IkiWiki/Plugin/rename.pm

@@ -21,14 +21,15 @@ sub getsetup () { #{{{
 		},
 } #}}}
 
-sub check_canrename ($$$$$$$) { #{{{
+sub check_canrename ($$$$$$) { #{{{
 	my $src=shift;
 	my $srcfile=shift;
 	my $dest=shift;
 	my $destfile=shift;
 	my $q=shift;
 	my $session=shift;
-	my $attachment=shift;
+
+	my $attachment=! defined IkiWiki::pagetype($pagesources{$src});
 
 	# Must be a known source file.
 	if (! exists $pagesources{$src}) {
@@ -47,8 +48,13 @@ sub check_canrename ($$$$$$$) { #{{{
 	# Must be editable.
 	IkiWiki::check_canedit($src, $q, $session);
 	if ($attachment) {
+		if (IkiWiki::Plugin::attachment->can("check_canattach")) {
 			IkiWiki::Plugin::attachment::check_canattach($session, $src, $srcfile);
 		}
+		else {
+			error("renaming of attachments is not allowed");
+		}
+	}
 	
 	# Dest checks can be omitted by passing undef.
 	if (defined $dest) {
@@ -136,7 +142,7 @@ sub rename_start ($$$$) { #{{{
 	my $page=shift;
 
 	check_canrename($page, $pagesources{$page}, undef, undef,
-		$q, $session, $attachment);
+		$q, $session);
 
    	# Save current form state to allow returning to it later
 	# without losing any edits.
@@ -264,7 +270,7 @@ sub sessioncgi ($$) { #{{{
 			}
 
 			check_canrename($src, $srcfile, $dest, $destfile,
-				$q, $session, $q->param("attachment"));
+				$q, $session);
 
 			# Ensures that the dest directory exists and is ok.
 			IkiWiki::prep_writefile($destfile, $config{srcdir});

debian/changelog

@@ -18,6 +18,8 @@ ikiwiki (2.65) UNRELEASED; urgency=low
     characters, in addition to the existing check for pruned filenames.
   * Print a debug message if a page has multiple source files.
   * Add keepextension parameter to htmlize hook. (Willu)
+  * rename, remove: Don't rely on a form parameter to tell whether the page
+    should be treated as an attachment.
 
  -- Joey Hess <joeyh@debian.org>  Wed, 17 Sep 2008 14:26:56 -0400