diff options
author | Joey Hess <joey@kitenet.net> | 2011-06-14 13:38:37 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2011-06-14 13:38:37 -0400 |
commit | 1d951583a6d3718ea5e44b8c52fb2acbe5a989e8 (patch) | |
tree | febdc3a2520a0a3cd90a53e7187dbb77d96d4aa3 | |
parent | e08daac239a0a29b5b9d936d6ec4f9ae1c67bf49 (diff) | |
download | ikiwiki-1d951583a6d3718ea5e44b8c52fb2acbe5a989e8.tar ikiwiki-1d951583a6d3718ea5e44b8c52fb2acbe5a989e8.tar.gz |
store filename in holding dir in linkpage form
Avoids any unpleasantness with .. or other special chars in the attachment
filename.
-rw-r--r-- | IkiWiki/Plugin/attachment.pm | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index b7ea1f312..f46388948 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -178,11 +178,13 @@ sub attachment_store { $filename=IkiWiki::basename($filename); $filename=~s/.*\\+(.+)/$1/; # hello, windows + $filename=IkiWiki::possibly_foolish_untaint(linkpage($filename)); # Check that the user is allowed to edit the attachment. - my $final_filename=linkpage(IkiWiki::possibly_foolish_untaint( - attachment_location($form->field('page')). - $filename)); + my $final_filename= + linkpage(IkiWiki::possibly_foolish_untaint( + attachment_location($form->field('page')))). + $filename; if (IkiWiki::file_pruned($final_filename)) { error(gettext("bad attachment filename")); } @@ -232,8 +234,8 @@ sub attachments_save { next unless -f $filename; my $dest=$config{srcdir}."/". linkpage(IkiWiki::possibly_foolish_untaint( - attachment_location($form->field('page')). - $filename)); + attachment_location($form->field('page')))). + $filename; unlink($dest); rename($filename, $dest); push @attachments, $dest; |