aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/CGI.pm10
-rw-r--r--debian/changelog6
-rw-r--r--doc/bugs/404_when_cancel_create_page.mdwn11
3 files changed, 22 insertions, 5 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index f07a4e5a2..f550b673a 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -439,7 +439,15 @@ sub cgi_editpage ($$) { #{{{
}
if ($form->submitted eq "Cancel") {
- redirect($q, "$config{url}/".htmlpage($page));
+ if ($newfile && defined $from) {
+ redirect($q, "$config{url}/".htmlpage($from));
+ }
+ elsif ($newfile) {
+ redirect($q, $config{url});
+ }
+ else {
+ redirect($q, "$config{url}/".htmlpage($page));
+ }
return;
}
elsif ($form->submitted eq "Preview") {
diff --git a/debian/changelog b/debian/changelog
index ee6fb6a85..72c33e903 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -36,10 +36,12 @@ ikiwiki (1.27) UNRELEASED; urgency=low
* pagetemplate hooks are now also called when generating cgi pages.
* Add a favicon plugin, which simply adds a link tag for an icon to each
page (and cgis).
- * Deal with CPAN installing Markdown as Text::Markdown, while it's
+ * Deal with CPAN installing Markdown as Text::Markdown, while it's
installed as just Markdown by apt.
+ * Patch from James Westby to deal with the case where you're editing a
+ new page, hit cancel, and need to be redirected to somewhere sane.
- -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:13:35 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:20:31 -0400
ikiwiki (1.26) unstable; urgency=low
diff --git a/doc/bugs/404_when_cancel_create_page.mdwn b/doc/bugs/404_when_cancel_create_page.mdwn
index b802de787..091254cb5 100644
--- a/doc/bugs/404_when_cancel_create_page.mdwn
+++ b/doc/bugs/404_when_cancel_create_page.mdwn
@@ -25,7 +25,9 @@ if it is known.
}
elsif ($form->submitted eq "Preview") {
-
+> I think you mean to use `$newfile`? I've applied a modieid version
+> that also deal with creating a new page with no defined $from location.
+> [[bugs/done]] --[[Joey]]
[P.S. just above that is
@@ -43,4 +45,9 @@ is there aren't going to be many possible extensions. Something like `/(.\w+)+/`
(groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could
at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.]
-
+> The reason it's safe to use possibly_foolish_untaint here is because
+> of the check for $hooks{htmlize}{$type}. This limits it to types
+> that have a registered htmlize hook (mdwn, etc), and not whatever random
+> garbage an attacker might try to put in. If it wasn't for that check,
+> using possibly_foolish_untaint there would be _very_ foolish indeed..
+> --[[Joey]]