]> sipb.mit.edu Git - ikiwiki.git/blobdiff - IkiWiki/Plugin/attachment.pm
untaint and linkpage the page name used in attachment holding directory
[ikiwiki.git] / IkiWiki / Plugin / attachment.pm
index f4638894880b2ecaf837d60fe45488b8370b715e..f4bfbe98f4cc3eb63f313c7bf5d39c39eb4b2b26 100644 (file)
@@ -150,7 +150,8 @@ sub formbuilder (@) {
 sub attachment_holding_dir {
        my $page=shift;
 
-       return $config{wikistatedir}."/attachments/$page";
+       return $config{wikistatedir}."/attachments/".
+               IkiWiki::possibly_foolish_untaint(linkpage($page));
 }
 
 # Stores the attachment in a holding area, not yet in the wiki proper.