X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/3f520da78aeda38e47b43b28023b52f321f71291..1c5a9c0cc8265a6a552b1500eb3a3d2aa17b9720:/IkiWiki/Plugin/getsource.pm

diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm
index 08d9d110c..ae9ea3cc7 100644
--- a/IkiWiki/Plugin/getsource.pm
+++ b/IkiWiki/Plugin/getsource.pm
@@ -42,37 +42,49 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
 	my $cgi=shift;
 
-	# Note: we use sessioncgi rather than just cgi
-	# because we need $IkiWiki::pagesources{} to be
-	# populated.
-
-	return unless (defined $cgi->param('do') &&
-					$cgi->param("do") eq "getsource");
+	return unless defined $cgi->param('do') &&
+	              $cgi->param("do") eq "getsource";
 
 	IkiWiki::decode_cgi_utf8($cgi);
 
 	my $page=$cgi->param('page');
 
+	if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+		error("invalid page parameter");
+	}
+
+	# For %pagesources.
 	IkiWiki::loadindex();
 
-	if ($IkiWiki::pagesources{$page}) {
-		
-		my $data = IkiWiki::readfile(IkiWiki::srcfile($IkiWiki::pagesources{$page}));
-		
-		if (! $config{getsource_mimetype}) {
-			$config{getsource_mimetype} = "text/plain; charset=utf-8";
-		}
-		
-		print "Content-Type: $config{getsource_mimetype}\r\n";
-		
-		print ("\r\n");
-		
-		print $data;
-		
-		exit 0;
+	if (! exists $pagesources{$page}) {
+		IkiWiki::cgi_custom_failure(
+			$cgi->header(-status => "404 Not Found"),
+			IkiWiki::misctemplate(gettext("missing page"),
+				"<p>".
+				sprintf(gettext("The page %s does not exist."),
+					htmllink("", "", $page)).
+				"</p>"));
+		exit;
+	}
+
+	if (! defined pagetype($pagesources{$page})) {
+		IkiWiki::cgi_custom_failure(
+			$cgi->header(-status => "403 Forbidden"),
+			IkiWiki::misctemplate(gettext("not a page"),
+				"<p>".
+				sprintf(gettext("%s is an attachment, not a page."),
+					htmllink("", "", $page)).
+				"</p>"));
+		exit;
+	}
+
+	if (! $config{getsource_mimetype}) {
+		$config{getsource_mimetype} = "text/plain; charset=utf-8";
 	}
-	
-	error("Unable to find page source for page: $page");
+
+	print "Content-Type: $config{getsource_mimetype}\r\n";
+	print ("\r\n");
+	print readfile(srcfile($pagesources{$page}));
 
 	exit 0;
 }