sub attachment_holding_dir {
my $page=shift;
- return $config{wikistatedir}."/attachments/$page";
+ return $config{wikistatedir}."/attachments/".
+ IkiWiki::possibly_foolish_untaint(linkpage($page));
}
# Stores the attachment in a holding area, not yet in the wiki proper.
$filename=IkiWiki::basename($filename);
$filename=~s/.*\\+(.+)/$1/; # hello, windows
+ $filename=IkiWiki::possibly_foolish_untaint(linkpage($filename));
# Check that the user is allowed to edit the attachment.
- my $final_filename=linkpage(IkiWiki::possibly_foolish_untaint(
- attachment_location($form->field('page')).
- $filename));
+ my $final_filename=
+ linkpage(IkiWiki::possibly_foolish_untaint(
+ attachment_location($form->field('page')))).
+ $filename;
if (IkiWiki::file_pruned($final_filename)) {
error(gettext("bad attachment filename"));
}
next unless -f $filename;
my $dest=$config{srcdir}."/".
linkpage(IkiWiki::possibly_foolish_untaint(
- attachment_location($form->field('page')).
- $filename));
+ attachment_location($form->field('page')))).
+ $filename;
unlink($dest);
rename($filename, $dest);
push @attachments, $dest;
my $page=shift;
my $loc=attachment_location($page);
- my @ret;
+ # attachments already in the wiki
+ my %attachments;
foreach my $f (values %pagesources) {
if (! defined pagetype($f) &&
$f=~m/^\Q$loc\E[^\/]+$/) {
- push @ret, {
+ $attachments{$f}={
"field-select" => '<input type="checkbox" name="attachment_select" value="'.$f.'" />',
link => htmllink($page, $page, $f, noimageinline => 1),
size => IkiWiki::Plugin::filecheck::humansize((stat($f))[7]),
};
}
}
+
+ # attachments in holding directory
+ my $dir=attachment_holding_dir($page);
+ foreach my $file (glob("$dir/*")) {
+ my $mtime=(stat($file))[9];
+ my $f=IkiWiki::basename($file);
+ $attachments{$f}={
+ "field-select" => '<input type="checkbox" name="attachment_select" value="'.$f.'" />',
+ link => $f, # no link possible
+ size => IkiWiki::Plugin::filecheck::humansize((stat($file))[7]),
+ mtime => displaytime($mtime),
+ mtime_raw => $mtime,
+ }
+ }
# Sort newer attachments to the top of the list, so a newly-added
# attachment appears just before the form used to add it.
- return sort { $b->{mtime_raw} <=> $a->{mtime_raw} || $a->{link} cmp $b->{link} } @ret;
+ return sort { $b->{mtime_raw} <=> $a->{mtime_raw} || $a->{link} cmp $b->{link} }
+ values %attachments;
}
1