verify page name is sane
paranoia; I was thinking about XSS attacks specificalymaster
parent
22edaf77c2
commit
8f6e0212fd
|
@ -42,13 +42,17 @@ sub pagetemplate (@) {
|
||||||
sub cgi_getsource ($) {
|
sub cgi_getsource ($) {
|
||||||
my $cgi=shift;
|
my $cgi=shift;
|
||||||
|
|
||||||
return unless (defined $cgi->param('do') &&
|
return unless defined $cgi->param('do') &&
|
||||||
$cgi->param("do") eq "getsource");
|
$cgi->param("do") eq "getsource";
|
||||||
|
|
||||||
IkiWiki::decode_cgi_utf8($cgi);
|
IkiWiki::decode_cgi_utf8($cgi);
|
||||||
|
|
||||||
my $page=$cgi->param('page');
|
my $page=$cgi->param('page');
|
||||||
|
|
||||||
|
if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
|
||||||
|
error("invalid page parameter");
|
||||||
|
}
|
||||||
|
|
||||||
# For %pagesources.
|
# For %pagesources.
|
||||||
IkiWiki::loadindex();
|
IkiWiki::loadindex();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue