From a78a981792e7420783f5064f52100635429922f1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 1 Jul 2008 13:31:09 -0400 Subject: attachment location Put the attachment in a subdir of the page it's attached to, unless that page is an "index" page. --- IkiWiki/Plugin/attachment.pm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index 23862bc05..f9d7f14f6 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -42,21 +42,21 @@ sub formbuilder (@) { #{{{ # of the temp file that CGI writes the upload to. my $tempfile=$q->tmpFileName($filename); + # Put the attachment in a subdir of the page it's attached + # to, unless that page is an "index" page. + my $page=$form->field('page'); + $page=~s/(^|\/)index//; + $filename="$page/$filename"; + # To untaint the filename, escape any hazardous characters, # and make sure it isn't pruned. - $filename=IkiWiki::possibly_foolish_untaint(IkiWiki::titlepage($filename)); + $filename=IkiWiki::titlepage(IkiWiki::possibly_foolish_untaint($filename); if (IkiWiki::file_pruned($filename, $config{srcdir})) { error(gettext("bad attachment filename")); } - # XXX Put the attachment in a subdir corresponding to the - # page being edited. - # The editpage code has already checked that - # $form->field('page') is valid. - $filename="XXX/$filename"; - - # Also check that the user is allowed to edit it by other - # policies. + # Check that the user is allowed to edit a page with the + # name of the attachment. IkiWiki::check_canedit($filename, $q, $params{session}, 1); # Use a pagespec to test that the attachment is valid. -- cgit v1.2.3