diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-16 00:26:16 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-16 00:26:16 +0000 |
| commit | 432577e23feee85c0a7f33ae356989dcd0939957 (patch) | |
| tree | 4240a36a695871251c58983d5eed84310af57562 /doc/bugs/404_when_cancel_create_page.mdwn | |
| parent | c2e2155576867942bd0f8e7d941ae28bf875886b (diff) | |
| download | ikiwiki-432577e23feee85c0a7f33ae356989dcd0939957.tar ikiwiki-432577e23feee85c0a7f33ae356989dcd0939957.tar.gz | |
web commit by JamesWestby: Add a bug and patch for 404 when cancelling the creation of a page.
Diffstat (limited to 'doc/bugs/404_when_cancel_create_page.mdwn')
| -rw-r--r-- | doc/bugs/404_when_cancel_create_page.mdwn | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/bugs/404_when_cancel_create_page.mdwn b/doc/bugs/404_when_cancel_create_page.mdwn new file mode 100644 index 000000000..b802de787 --- /dev/null +++ b/doc/bugs/404_when_cancel_create_page.mdwn @@ -0,0 +1,46 @@ +If you + + * Add a link to a non-existant page and save. (e.g. [[somewhere-over-the-rainbow]]) + * Click the question mark to create the page. + * Click the cancel button. + +You get a 404 as the page doesn't exist. This patch redirects to the from location +if it is known. + + + === modified file 'IkiWiki/CGI.pm' + --- IkiWiki/CGI.pm + +++ IkiWiki/CGI.pm + @@ -427,7 +427,11 @@ + } + + if ($form->submitted eq "Cancel") { + - redirect($q, "$config{url}/".htmlpage($page)); + + if ( $newpage && defined $from ) { + + redirect($q, "$config{url}/".htmlpage($from)); + + } else { + + redirect($q, "$config{url}/".htmlpage($page)); + + } + return; + } + elsif ($form->submitted eq "Preview") { + + + +[P.S. just above that is + + $type=$form->param('type'); + if (defined $type && length $type && $hooks{htmlize}{$type}) { + $type=possibly_foolish_untaint($type); + } + .... + $file=$page.".".$type; + +I'm a little worried by the `possibly_foolish_untaint` (good name for it by the way, +makes it stick out). I don't think much can be done to exploit this (if anything), +but it seems like you could have a very strict regex there rather than the untaint, +is there aren't going to be many possible extensions. Something like `/(.\w+)+/` +(groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could +at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.] + + |