# This untaint is safe because we check file_pruned.
my $page=$form->field('page');
$page=possibly_foolish_untaint($page);
+ my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||
- file_pruned($page, $config{srcdir}) || $page=~/^\//) {
+ file_pruned($page, $config{srcdir})) {
error("bad page name");
}
if (! defined $from || ! length $from ||
$from ne $form->field('from') ||
file_pruned($from, $config{srcdir}) ||
- $from=~/^\// ||
+ $from=~/^\// ||
+ $absolute ||
$form->submitted eq "Preview") {
@page_locs=$best_loc=$page;
}
[ Joey Hess ]
* template: Add support for a BASENAME variable.
+ * Fixes creation of pages when clicking on WikiLinks starting with "/".
-- Josh Triplett <josh@freedesktop.org> Wed, 09 Jul 2008 21:30:33 -0700
> <current>/subdir/subpage, when a user clicks the "?" link to create
> the missing page ; that's why I'm using absolute paths.
>
+>> Totally agree, this had only not been addressed due to lack of time on
+>> my part. (I have about 50 ikiwiki things on my todo list.) --[[Joey]]
+>
> Anyway, having the CGI consider invalid an otherwise valid wikilink
> seems a bit weird to me, so I had a look to the code, and here is a
> patch that should fix this issue ; I proceeded the only way I could
@page_locs=$best_loc=$page;
}
+
+> [[Applied|done]]. BTW, I also accept full git changesets, if you like
+> having your name in commit logs. :-)
+
[[tag patch]]