aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-09-20 22:48:22 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-09-20 22:48:22 -0400
commit12eb585353660d121e48d5796d35354b66c7e522 (patch)
treea5a8d791193d16c0c27f78dc249915c84914ae15 /IkiWiki
parentc0d7c60b9f94b3f2927cd8484991e33190cd84cd (diff)
downloadikiwiki-12eb585353660d121e48d5796d35354b66c7e522.tar
ikiwiki-12eb585353660d121e48d5796d35354b66c7e522.tar.gz
add missing page name sanity check
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/Plugin/editpage.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index bb21ed2be..68f43bf16 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -85,8 +85,9 @@ sub cgi_editpage ($$) { #{{{
});
decode_form_utf8($form);
- # This untaint is safe because we check file_pruned.
- my $page=$form->field('page');
+ # This untaint is safe because we check file_pruned and
+ # wiki_file_regexp.
+ my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
$page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||