X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/18d24036477223794e8319428cd7ba971129c29c..ed05e40566a8d2a39530507598d835764885cf73:/IkiWiki/Plugin/remove.pm

diff --git a/IkiWiki/Plugin/remove.pm b/IkiWiki/Plugin/remove.pm
index 91f133ab6..21028cde3 100644
--- a/IkiWiki/Plugin/remove.pm
+++ b/IkiWiki/Plugin/remove.pm
@@ -30,7 +30,6 @@ sub confirmation_form ($$) { #{{{
 
 	eval q{use CGI::FormBuilder};
 	error($@) if $@;
-	my @fields=qw(do page);
 	my $f = CGI::FormBuilder->new(
 		name => "remove",
 		header => 0,
@@ -40,7 +39,7 @@ sub confirmation_form ($$) { #{{{
 		params => $q,
 		action => $config{cgiurl},
 		stylesheet => IkiWiki::baseurl()."style.css",
-		fields => \@fields,
+		fields => [qw{do page}],
 	);
 	
 	$f->field(name => "do", type => "hidden", value => "remove", force => 1);
@@ -98,7 +97,11 @@ sub formbuilder (@) { #{{{
 			removal_confirm($q, $session, 0, $form->field("page"));
 		}
 		elsif ($form->submitted eq "Remove Attachments") {
-			removal_confirm($q, $session, 1, $q->param("attachment_select"));
+			my @pages=$q->param("attachment_select");
+			if (! @pages) {
+				error(gettext("Please select the attachments to remove."));
+			}
+			removal_confirm($q, $session, 1, @pages);
 		}
 	}
 } #}}}
@@ -121,24 +124,24 @@ sub sessioncgi ($$) { #{{{
 			# and that the user is allowed to edit(/remove) it.
 			my @files;
 			foreach my $page (@pages) {
+				# Must be a known source file.
 				if (! exists $pagesources{$page}) {
 					error(sprintf(gettext("%s does not exist"),
 					htmllink("", "", $page, noimageinline => 1)));
 				}
+				
+				# Must be editiable.
 				IkiWiki::check_canedit($page, $q, $session);
 
+				# Must exist on disk, and be a regular file.
 				my $file=$pagesources{$page};
 				if (! -e "$config{srcdir}/$file") {
 					error(sprintf(gettext("%s is not in the srcdir, so it cannot be deleted"), $file));
 				}
-				elsif (! -f "$config{srcdir}/$file") {
+				elsif (-l "$config{srcdir}/$file" && ! -f _) {
 					error(sprintf(gettext("%s is not a file"), $file));
 				}
 
-				# This untaint is safe because we've
-				# verified the file is a known source file,
-				# and is in the srcdir, and is a regular
-				# file.
 				push @files, IkiWiki::possibly_foolish_untaint($file);
 			}