diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-16 01:23:14 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-16 01:23:14 +0000 |
commit | 26774c931ce1aa4b91e7129ad602a23b244008b2 (patch) | |
tree | a25c3c9e2d954ccad1588ac459143b645fabe0b1 /doc | |
parent | 39fd60f1abcba33f3d793185cc0e31fb56441215 (diff) |
* Patch from James Westby to deal with the case where you're editing a
new page, hit cancel, and need to be redirected to somewhere sane.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bugs/404_when_cancel_create_page.mdwn | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/bugs/404_when_cancel_create_page.mdwn b/doc/bugs/404_when_cancel_create_page.mdwn index b802de787..091254cb5 100644 --- a/doc/bugs/404_when_cancel_create_page.mdwn +++ b/doc/bugs/404_when_cancel_create_page.mdwn @@ -25,7 +25,9 @@ if it is known. } elsif ($form->submitted eq "Preview") { - +> I think you mean to use `$newfile`? I've applied a modieid version +> that also deal with creating a new page with no defined $from location. +> [[bugs/done]] --[[Joey]] [P.S. just above that is @@ -43,4 +45,9 @@ is there aren't going to be many possible extensions. Something like `/(.\w+)+/` (groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.] - +> The reason it's safe to use possibly_foolish_untaint here is because +> of the check for $hooks{htmlize}{$type}. This limits it to types +> that have a registered htmlize hook (mdwn, etc), and not whatever random +> garbage an attacker might try to put in. If it wasn't for that check, +> using possibly_foolish_untaint there would be _very_ foolish indeed.. +> --[[Joey]] |