diff options
author | Simon McVittie <smcv@debian.org> | 2014-03-01 17:25:39 +0000 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2014-07-04 23:27:43 +0100 |
commit | ef7c80258daa2f3cf87fa4adea58f804a646fd77 (patch) | |
tree | 6223fb6600a5de6c7e514083132a3ef7fc36978f | |
parent | 6d90e56c8dbb1e380f0e621305fd014767e9364b (diff) | |
download | ikiwiki-ef7c80258daa2f3cf87fa4adea58f804a646fd77.tar ikiwiki-ef7c80258daa2f3cf87fa4adea58f804a646fd77.tar.gz |
comments: use comments_pagespec for authorization, not just UI
-rw-r--r-- | IkiWiki/Plugin/comments.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index a0ca9f32e..98ae13810 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -438,6 +438,16 @@ sub editcomment ($$) { $page)); } + # There's no UI to get here, but someone might construct the URL, + # leading to a comment that exists in the repository but isn't + # shown + if (!pagespec_match($page, $config{comments_pagespec}, + location => $page)) { + error(sprintf(gettext( + "comments on page '%s' are not allowed"), + $page)); + } + if (pagespec_match($page, $config{comments_closed_pagespec}, location => $page)) { error(sprintf(gettext( |