X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/05124f9a86dadca50c693d57f8fc8398fb5d8be9..8ba2497a23f71f3678caa9d3d6fbb31910e0508e:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 99cead64f..2a847eb17 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -304,8 +304,9 @@ sub cgi_editpage ($$) { #{{{
 	# This untaint is safe because we check file_pruned.
 	my $page=$form->field('page');
 	$page=possibly_foolish_untaint($page);
+	my $absolute=($page =~ s#^/+##);
 	if (! defined $page || ! length $page ||
-	    file_pruned($page, $config{srcdir}) || $page=~/^\//) {
+	    file_pruned($page, $config{srcdir})) {
 		error("bad page name");
 	}
 
@@ -424,7 +425,8 @@ sub cgi_editpage ($$) { #{{{
 			if (! defined $from || ! length $from ||
 			    $from ne $form->field('from') ||
 			    file_pruned($from, $config{srcdir}) ||
-			    $from=~/^\// ||
+			    $from=~/^\// || 
+			    $absolute ||
 			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
 			}
@@ -645,8 +647,14 @@ sub cgi_getsession ($) { #{{{
 	CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
 	
 	my $oldmask=umask(077);
-	my $session = CGI::Session->new("driver:DB_File", $q,
-		{ FileName => "$config{wikistatedir}/sessions.db" });
+	my $session = eval {
+		CGI::Session->new("driver:DB_File", $q,
+			{ FileName => "$config{wikistatedir}/sessions.db" })
+	};
+	if (! $session || $@) {
+		error($@." ".CGI::Session->errstr());
+	}
+	
 	umask($oldmask);
 
 	return $session;