From dbf23748dd3bda9f0c520e302876ef280d71f199 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 1 Jul 2008 13:20:42 -0400 Subject: call check_canedit Needed to prevent uploads of locked pages as attachments. --- IkiWiki/Plugin/attachment.pm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'IkiWiki') diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index 82fcdbb74..8babe2be2 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -65,6 +65,10 @@ sub formbuilder (@) { #{{{ } } + # Also check that the user is allowed to edit it by other + # policies. + IkiWiki::check_canedit($filename, $q, $params{session}, 1); + # Move the attachment into place. # Try to use a fast rename; fall back to copying. prep_writefile($filename, $config{srcdir}); -- cgit v1.2.3