From ea244ab7b53afbd710dab267ca9a8fb9f17cfb00 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Date: Sun, 26 Jul 2009 16:48:25 +0100
Subject: [PATCH] getsource: don't allow getting the source of an attachment

Serving up images etc. as text/plain; charset=utf-8 is unlikely to work
very well, and there's no point in having this CGI action for attachments
(since they're copied into the output as-is anyway).
---
 IkiWiki/Plugin/getsource.pm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm
index 6a208f1e7..1b7eb56c6 100644
--- a/IkiWiki/Plugin/getsource.pm
+++ b/IkiWiki/Plugin/getsource.pm
@@ -66,6 +66,17 @@ sub cgi_getsource ($) {
 		exit;
 	}
 
+	if (! defined pagetype($IkiWiki::pagesources{$page})) {
+		IkiWiki::cgi_custom_failure(
+			$cgi->header(-status => "403 Forbidden"),
+			IkiWiki::misctemplate(gettext("not a page"),
+				"<p>".
+				sprintf(gettext("%s is an attachment, not a page."),
+					htmllink("", "", $page)).
+				"</p>"));
+		exit;
+	}
+
 	my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page}));
 
 	if (! $config{getsource_mimetype}) {