aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2014-03-01 17:25:39 +0000
committerSimon McVittie <smcv@debian.org>2014-07-04 23:27:43 +0100
commitef7c80258daa2f3cf87fa4adea58f804a646fd77 (patch)
tree6223fb6600a5de6c7e514083132a3ef7fc36978f
parent6d90e56c8dbb1e380f0e621305fd014767e9364b (diff)
downloadikiwiki-ef7c80258daa2f3cf87fa4adea58f804a646fd77.tar
ikiwiki-ef7c80258daa2f3cf87fa4adea58f804a646fd77.tar.gz
comments: use comments_pagespec for authorization, not just UI
-rw-r--r--IkiWiki/Plugin/comments.pm10
1 files changed, 10 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index a0ca9f32e..98ae13810 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -438,6 +438,16 @@ sub editcomment ($$) {
$page));
}
+ # There's no UI to get here, but someone might construct the URL,
+ # leading to a comment that exists in the repository but isn't
+ # shown
+ if (!pagespec_match($page, $config{comments_pagespec},
+ location => $page)) {
+ error(sprintf(gettext(
+ "comments on page '%s' are not allowed"),
+ $page));
+ }
+
if (pagespec_match($page, $config{comments_closed_pagespec},
location => $page)) {
error(sprintf(gettext(