diff options
-rw-r--r-- | IkiWiki/Plugin/aggregate.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/aggregate.pm b/IkiWiki/Plugin/aggregate.pm index 98e534366..14461059d 100644 --- a/IkiWiki/Plugin/aggregate.pm +++ b/IkiWiki/Plugin/aggregate.pm @@ -254,14 +254,15 @@ sub add_page (@) { #{{{ # assign it an unused page my $page=IkiWiki::titlepage($params{title}); - $page=~s!([/])!"__".ord($1)."__"!eg; # escape slashes in title + # escape slashes and periods in title so it doesn't specify + # directory name or trigger ".." disallowing code. + $page=~s!([/.])!"__".ord($1)."__"!eg; $page=$feed->{dir}."/".$page; $page=lc($page); ($page)=$page=~/$IkiWiki::config{wiki_file_regexp}/; if (! defined $page || ! length $page) { $page=$feed->{dir}."/item"; } - $page=~s/\.\.//g; # avoid ".." directory tricks my $c=""; while (exists $IkiWiki::pagesources{$page.$c} || -e pagefile($page.$c)) { |