diff options
author | Joey Hess <joey@gnu.kitenet.net> | 2010-01-28 21:07:23 -0500 |
---|---|---|
committer | Joey Hess <joey@gnu.kitenet.net> | 2010-01-28 21:07:23 -0500 |
commit | f91d79f469956c423373c8747c92218c668f0ba8 (patch) | |
tree | 3445ac62807c37a5a000f297473385c16b46d37b | |
parent | 7f462b658953c7907d942e71a17b53a678b2ccc6 (diff) | |
download | ikiwiki-f91d79f469956c423373c8747c92218c668f0ba8.tar ikiwiki-f91d79f469956c423373c8747c92218c668f0ba8.tar.gz |
img: Fix a bug that could taint @links with undef values.
-rw-r--r-- | IkiWiki/Plugin/img.pm | 4 | ||||
-rw-r--r-- | debian/changelog | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/img.pm b/IkiWiki/Plugin/img.pm index c1048d3c9..82db15a7e 100644 --- a/IkiWiki/Plugin/img.pm +++ b/IkiWiki/Plugin/img.pm @@ -26,6 +26,10 @@ sub preprocess (@) { my ($image) = $_[0] =~ /$config{wiki_file_regexp}/; # untaint my %params=@_; + if (! defined $image) { + error("bad image filename"); + } + if (exists $imgdefaults{$params{page}}) { foreach my $key (keys %{$imgdefaults{$params{page}}}) { if (! exists $params{$key}) { diff --git a/debian/changelog b/debian/changelog index 0ec696d3c..5d27b7af0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ ikiwiki (3.20100123) UNRELEASED; urgency=low * template: Preprocess parameters before htmlizing. + * img: Fix a bug that could taint @links with undef values. -- Joey Hess <joeyh@debian.org> Tue, 26 Jan 2010 22:25:33 -0500 |