diff options
| author | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2009-07-26 16:48:25 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2009-07-26 17:04:34 +0100 |
| commit | ea244ab7b53afbd710dab267ca9a8fb9f17cfb00 (patch) | |
| tree | f576fbf1ee782d22b2b399767358d1b3558d76d1 | |
| parent | 0afcec734622811b8910d3df5d102df58d429a51 (diff) | |
getsource: don't allow getting the source of an attachment
Serving up images etc. as text/plain; charset=utf-8 is unlikely to work
very well, and there's no point in having this CGI action for attachments
(since they're copied into the output as-is anyway).
| -rw-r--r-- | IkiWiki/Plugin/getsource.pm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm index 6a208f1e7..1b7eb56c6 100644 --- a/IkiWiki/Plugin/getsource.pm +++ b/IkiWiki/Plugin/getsource.pm @@ -66,6 +66,17 @@ sub cgi_getsource ($) { exit; } + if (! defined pagetype($IkiWiki::pagesources{$page})) { + IkiWiki::cgi_custom_failure( + $cgi->header(-status => "403 Forbidden"), + IkiWiki::misctemplate(gettext("not a page"), + "<p>". + sprintf(gettext("%s is an attachment, not a page."), + htmllink("", "", $page)). + "</p>")); + exit; + } + my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page})); if (! $config{getsource_mimetype}) { |