urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

attachment location 

Put the attachment in a subdir of the page it's attached to,
unless that page is an "index" page.
master
Joey Hess 2008-07-01 13:31:09 -04:00
parent b4296a4943
commit a78a981792
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
IkiWiki/Plugin/attachment.pm
View File

@ -42,21 +42,21 @@ sub formbuilder (@) { #{{{
# of the temp file that CGI writes the upload to. # of the temp file that CGI writes the upload to.
my $tempfile=$q->tmpFileName($filename); my $tempfile=$q->tmpFileName($filename);
# Put the attachment in a subdir of the page it's attached
# to, unless that page is an "index" page.
my $page=$form->field('page');
$page=~s/(^|\/)index//;
$filename="$page/$filename";
# To untaint the filename, escape any hazardous characters, # To untaint the filename, escape any hazardous characters,
# and make sure it isn't pruned. # and make sure it isn't pruned.
$filename=IkiWiki::possibly_foolish_untaint(IkiWiki::titlepage($filename)); $filename=IkiWiki::titlepage(IkiWiki::possibly_foolish_untaint($filename);
if (IkiWiki::file_pruned($filename, $config{srcdir})) { if (IkiWiki::file_pruned($filename, $config{srcdir})) {
error(gettext("bad attachment filename")); error(gettext("bad attachment filename"));
} }
# XXX Put the attachment in a subdir corresponding to the # Check that the user is allowed to edit a page with the
# page being edited. # name of the attachment.
# The editpage code has already checked that
# $form->field('page') is valid.
$filename="XXX/$filename";
# Also check that the user is allowed to edit it by other
# policies.
IkiWiki::check_canedit($filename, $q, $params{session}, 1); IkiWiki::check_canedit($filename, $q, $params{session}, 1);
# Use a pagespec to test that the attachment is valid. # Use a pagespec to test that the attachment is valid.