From ea244ab7b53afbd710dab267ca9a8fb9f17cfb00 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 26 Jul 2009 16:48:25 +0100 Subject: [PATCH] getsource: don't allow getting the source of an attachment Serving up images etc. as text/plain; charset=utf-8 is unlikely to work very well, and there's no point in having this CGI action for attachments (since they're copied into the output as-is anyway). --- IkiWiki/Plugin/getsource.pm | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm index 6a208f1e7..1b7eb56c6 100644 --- a/IkiWiki/Plugin/getsource.pm +++ b/IkiWiki/Plugin/getsource.pm @@ -66,6 +66,17 @@ sub cgi_getsource ($) { exit; } + if (! defined pagetype($IkiWiki::pagesources{$page})) { + IkiWiki::cgi_custom_failure( + $cgi->header(-status => "403 Forbidden"), + IkiWiki::misctemplate(gettext("not a page"), + "

". + sprintf(gettext("%s is an attachment, not a page."), + htmllink("", "", $page)). + "

")); + exit; + } + my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page})); if (! $config{getsource_mimetype}) {