From dcfeaaad5b6ac478251e37be777de40da4d0909c Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Sat, 22 Jan 2011 10:15:33 -0400
Subject: comments: Fix XSS security hole due to missing validation of page
 name.

Values have to be checked against wiki_file_regexp, not just file_pruned.
Audited the rest of the code base for similar problems, found none.
---
 debian/changelog | 1 +
 1 file changed, 1 insertion(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 36e4a9576..0165a240b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ ikiwiki (3.20110106) UNRELEASED; urgency=low
     to feed links. (Giuseppe Bilotta)
   * inline: Use class rather than id for feedlinks and blogform.
     (Giuseppe Bilotta)
+  * comments: Fix XSS security hole due to missing validation of page name.
 
  -- Joey Hess <joeyh@debian.org>  Thu, 06 Jan 2011 14:41:34 -0400
 
-- 
cgit v1.2.3