diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-09-20 22:48:22 -0400 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-09-20 22:48:22 -0400 |
commit | 12eb585353660d121e48d5796d35354b66c7e522 (patch) | |
tree | a5a8d791193d16c0c27f78dc249915c84914ae15 /IkiWiki | |
parent | c0d7c60b9f94b3f2927cd8484991e33190cd84cd (diff) | |
download | ikiwiki-12eb585353660d121e48d5796d35354b66c7e522.tar ikiwiki-12eb585353660d121e48d5796d35354b66c7e522.tar.gz |
add missing page name sanity check
Diffstat (limited to 'IkiWiki')
-rw-r--r-- | IkiWiki/Plugin/editpage.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index bb21ed2be..68f43bf16 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -85,8 +85,9 @@ sub cgi_editpage ($$) { #{{{ }); decode_form_utf8($form); - # This untaint is safe because we check file_pruned. - my $page=$form->field('page'); + # This untaint is safe because we check file_pruned and + # wiki_file_regexp. + my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/; $page=possibly_foolish_untaint($page); my $absolute=($page =~ s#^/+##); if (! defined $page || ! length $page || |