diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm index 7511f09cb..331b48fda 100644 --- a/IkiWiki/Plugin/git.pm +++ b/IkiWiki/Plugin/git.pm @@ -567,7 +567,10 @@ sub rcs_commit (@) { # Check to see if the page has been changed by someone else since # rcs_prepedit was called. my $cur = git_sha1_file($params{file}); - my ($prev) = $params{token} =~ /^($sha1_pattern)$/; # untaint + my $prev; + if (defined $params{token}) { + ($prev) = $params{token} =~ /^($sha1_pattern)$/; # untaint + } if (defined $cur && defined $prev && $cur ne $prev) { my $conflict = merge_past($prev, $params{file}, $dummy_commit_msg); diff --git a/debian/changelog b/debian/changelog index 4a84b28a6..422876e3c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium * Add CVE references for CVE-2016-10026 * Add missing ikiwiki.setup for the manual test for CVE-2016-10026 + * git: don't issue a warning if the rcsinfo CGI parameter is undefined -- Simon McVittie Wed, 21 Dec 2016 13:03:07 +0000