canedit should fail first as it's a less expensive and harder to pass test
master
Joey Hess 2008-07-01 13:22:11 -04:00
parent dbf23748dd
commit de6ed410bc
1 changed files with 4 additions and 4 deletions

View File

@ -54,6 +54,10 @@ sub formbuilder (@) { #{{{
# The editpage code has already checked that # The editpage code has already checked that
# $form->field('page') is valid. # $form->field('page') is valid.
$filename="XXX/$filename"; $filename="XXX/$filename";
# Also check that the user is allowed to edit it by other
# policies.
IkiWiki::check_canedit($filename, $q, $params{session}, 1);
# Use a pagespec to test that the attachment is valid. # Use a pagespec to test that the attachment is valid.
if (exists $config{valid_attachments} && if (exists $config{valid_attachments} &&
@ -65,10 +69,6 @@ sub formbuilder (@) { #{{{
} }
} }
# Also check that the user is allowed to edit it by other
# policies.
IkiWiki::check_canedit($filename, $q, $params{session}, 1);
# Move the attachment into place. # Move the attachment into place.
# Try to use a fast rename; fall back to copying. # Try to use a fast rename; fall back to copying.
prep_writefile($filename, $config{srcdir}); prep_writefile($filename, $config{srcdir});