urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

verify page name is sane 

paranoia; I was thinking about XSS attacks specificaly
master
Joey Hess 2009-08-08 12:27:48 -04:00
parent 22edaf77c2
commit 8f6e0212fd
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
IkiWiki/Plugin/getsource.pm
View File

@ -42,13 +42,17 @@ sub pagetemplate (@) {
sub cgi_getsource ($) {
my $cgi=shift;
return unless (defined $cgi->param('do') &&
$cgi->param("do") eq "getsource");
return unless defined $cgi->param('do') &&
$cgi->param("do") eq "getsource";
IkiWiki::decode_cgi_utf8($cgi);
my $page=$cgi->param('page');
if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
error("invalid page parameter");
}
# For %pagesources.
IkiWiki::loadindex();