Configure CGI.pm to disable file uploads by default.
authorJoey Hess <joey@kodama.kitenet.net>
Tue, 1 Jul 2008 00:01:10 +0000 (20:01 -0400)
committerJoey Hess <joey@kodama.kitenet.net>
Tue, 1 Jul 2008 00:01:10 +0000 (20:01 -0400)
IkiWiki/CGI.pm
debian/changelog

index 015c9ae01fbde4f3be3a85bf28f4a429fba54881..43986789a45614417f3837cf297c2840acb37455 100644 (file)
@@ -667,10 +667,11 @@ sub cgi (;$$) { #{{{
        my $q=shift;
        my $session=shift;
 
+       eval q{use CGI};
+       error($@) if $@;
+       $CGI::DISABLE_UPLOADS=1;
+
        if (! $q) {
-               eval q{use CGI};
-               error($@) if $@;
-       
                binmode(STDIN);
                $q=CGI->new;
                binmode(STDIN, ":utf8");
index 9153254b4765eaf2aa04aa518c9867cad2122365..8e1ad074ccad8b3aa3300299bb3e2f9768bfcf53 100644 (file)
@@ -1,3 +1,9 @@
+ikiwiki (2.52) UNRELEASED; urgency=low
+
+  * Configure CGI.pm to disable file uploads by default.
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 30 Jun 2008 19:56:28 -0400
+
 ikiwiki (2.51) unstable; urgency=low
 
   * Improve toplevel parentlink to link directly to index.html when usedirs is