diff options
-rw-r--r-- | IkiWiki/CGI.pm | 10 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | doc/bugs/404_when_cancel_create_page.mdwn | 11 |
3 files changed, 22 insertions, 5 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index f07a4e5a2..f550b673a 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -439,7 +439,15 @@ sub cgi_editpage ($$) { #{{{ } if ($form->submitted eq "Cancel") { - redirect($q, "$config{url}/".htmlpage($page)); + if ($newfile && defined $from) { + redirect($q, "$config{url}/".htmlpage($from)); + } + elsif ($newfile) { + redirect($q, $config{url}); + } + else { + redirect($q, "$config{url}/".htmlpage($page)); + } return; } elsif ($form->submitted eq "Preview") { diff --git a/debian/changelog b/debian/changelog index ee6fb6a85..72c33e903 100644 --- a/debian/changelog +++ b/debian/changelog @@ -36,10 +36,12 @@ ikiwiki (1.27) UNRELEASED; urgency=low * pagetemplate hooks are now also called when generating cgi pages. * Add a favicon plugin, which simply adds a link tag for an icon to each page (and cgis). - * Deal with CPAN installing Markdown as Text::Markdown, while it's + * Deal with CPAN installing Markdown as Text::Markdown, while it's installed as just Markdown by apt. + * Patch from James Westby to deal with the case where you're editing a + new page, hit cancel, and need to be redirected to somewhere sane. - -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:13:35 -0400 + -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:20:31 -0400 ikiwiki (1.26) unstable; urgency=low diff --git a/doc/bugs/404_when_cancel_create_page.mdwn b/doc/bugs/404_when_cancel_create_page.mdwn index b802de787..091254cb5 100644 --- a/doc/bugs/404_when_cancel_create_page.mdwn +++ b/doc/bugs/404_when_cancel_create_page.mdwn @@ -25,7 +25,9 @@ if it is known. } elsif ($form->submitted eq "Preview") { - +> I think you mean to use `$newfile`? I've applied a modieid version +> that also deal with creating a new page with no defined $from location. +> [[bugs/done]] --[[Joey]] [P.S. just above that is @@ -43,4 +45,9 @@ is there aren't going to be many possible extensions. Something like `/(.\w+)+/` (groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.] - +> The reason it's safe to use possibly_foolish_untaint here is because +> of the check for $hooks{htmlize}{$type}. This limits it to types +> that have a registered htmlize hook (mdwn, etc), and not whatever random +> garbage an attacker might try to put in. If it wasn't for that check, +> using possibly_foolish_untaint there would be _very_ foolish indeed.. +> --[[Joey]] |