aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2010-01-28 21:07:23 -0500
committerJoey Hess <joey@gnu.kitenet.net>2010-01-28 21:07:23 -0500
commitf91d79f469956c423373c8747c92218c668f0ba8 (patch)
tree3445ac62807c37a5a000f297473385c16b46d37b
parent7f462b658953c7907d942e71a17b53a678b2ccc6 (diff)
downloadikiwiki-f91d79f469956c423373c8747c92218c668f0ba8.tar
ikiwiki-f91d79f469956c423373c8747c92218c668f0ba8.tar.gz
img: Fix a bug that could taint @links with undef values.
-rw-r--r--IkiWiki/Plugin/img.pm4
-rw-r--r--debian/changelog1
2 files changed, 5 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/img.pm b/IkiWiki/Plugin/img.pm
index c1048d3c9..82db15a7e 100644
--- a/IkiWiki/Plugin/img.pm
+++ b/IkiWiki/Plugin/img.pm
@@ -26,6 +26,10 @@ sub preprocess (@) {
my ($image) = $_[0] =~ /$config{wiki_file_regexp}/; # untaint
my %params=@_;
+ if (! defined $image) {
+ error("bad image filename");
+ }
+
if (exists $imgdefaults{$params{page}}) {
foreach my $key (keys %{$imgdefaults{$params{page}}}) {
if (! exists $params{$key}) {
diff --git a/debian/changelog b/debian/changelog
index 0ec696d3c..5d27b7af0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
ikiwiki (3.20100123) UNRELEASED; urgency=low
* template: Preprocess parameters before htmlizing.
+ * img: Fix a bug that could taint @links with undef values.
-- Joey Hess <joeyh@debian.org> Tue, 26 Jan 2010 22:25:33 -0500