X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/79312b2754571ac80253993217da2b0899086342..4971f873a0ed64dc3eb4d9ddd5c4977d72317a14:/IkiWiki/Plugin/getsource.pm?ds=sidebyside

diff --git a/IkiWiki/Plugin/getsource.pm b/IkiWiki/Plugin/getsource.pm
index e8aea2c39..ae9ea3cc7 100644
--- a/IkiWiki/Plugin/getsource.pm
+++ b/IkiWiki/Plugin/getsource.pm
@@ -42,17 +42,18 @@ sub pagetemplate (@) {
 sub cgi_getsource ($) {
 	my $cgi=shift;
 
-	# Note: we use sessioncgi rather than just cgi
-	# because we need %pagesources to be
-	# populated.
-
-	return unless (defined $cgi->param('do') &&
-					$cgi->param("do") eq "getsource");
+	return unless defined $cgi->param('do') &&
+	              $cgi->param("do") eq "getsource";
 
 	IkiWiki::decode_cgi_utf8($cgi);
 
 	my $page=$cgi->param('page');
 
+	if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
+		error("invalid page parameter");
+	}
+
+	# For %pagesources.
 	IkiWiki::loadindex();
 
 	if (! exists $pagesources{$page}) {