Don't allow uploading an attachment with the same name as an existing page, to avoid confusion.

master
Joey Hess 2008-07-22 17:12:20 -04:00
parent 114e20e948
commit 9776bbf853
2 changed files with 8 additions and 0 deletions

View File

@ -16,6 +16,12 @@ sub check_canattach ($$;$) {
my $dest=shift; # where it's going to be put, under the srcdir
my $file=shift; # the path to the attachment currently
# Don't allow an attachment to be uploaded with the same name as an
# existing page.
if (exists $pagesources{$dest} && $pagesources{$dest} ne $dest) {
error(sprintf(gettext("there is already a page named %s"), $dest));
}
# Use a special pagespec to test that the attachment is valid.
my $allowed=1;
foreach my $admin (@{$config{adminuser}}) {

2
debian/changelog vendored
View File

@ -17,6 +17,8 @@ ikiwiki (2.55) UNRELEASED; urgency=low
* Add allow_symlinks_before_srcdir config setting that can be used to avoid
a security check that is a good safe default, but problimatic overkill in
some situations.
* Don't allow uploading an attachment with the same name as an existing
page, to avoid confusion.
-- Joey Hess <joeyh@debian.org> Mon, 21 Jul 2008 11:35:46 -0400