new page, hit cancel, and need to be redirected to somewhere sane.
}
if ($form->submitted eq "Cancel") {
}
if ($form->submitted eq "Cancel") {
- redirect($q, "$config{url}/".htmlpage($page));
+ if ($newfile && defined $from) {
+ redirect($q, "$config{url}/".htmlpage($from));
+ }
+ elsif ($newfile) {
+ redirect($q, $config{url});
+ }
+ else {
+ redirect($q, "$config{url}/".htmlpage($page));
+ }
return;
}
elsif ($form->submitted eq "Preview") {
return;
}
elsif ($form->submitted eq "Preview") {
* pagetemplate hooks are now also called when generating cgi pages.
* Add a favicon plugin, which simply adds a link tag for an icon to each
page (and cgis).
* pagetemplate hooks are now also called when generating cgi pages.
* Add a favicon plugin, which simply adds a link tag for an icon to each
page (and cgis).
- * Deal with CPAN installing Markdown as Text::Markdown, while it's
+ * Deal with CPAN installing Markdown as Text::Markdown, while it's
installed as just Markdown by apt.
installed as just Markdown by apt.
+ * Patch from James Westby to deal with the case where you're editing a
+ new page, hit cancel, and need to be redirected to somewhere sane.
- -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:13:35 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 15 Sep 2006 21:20:31 -0400
ikiwiki (1.26) unstable; urgency=low
ikiwiki (1.26) unstable; urgency=low
}
elsif ($form->submitted eq "Preview") {
}
elsif ($form->submitted eq "Preview") {
+> I think you mean to use `$newfile`? I've applied a modieid version
+> that also deal with creating a new page with no defined $from location.
+> [[bugs/done]] --[[Joey]]
(groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could
at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.]
(groups of dot separated alpha-num chars if my perl-foo isn't failing me). You could
at least exclude `/` and `..`. I'm happy to turn this in to a patch if you agree.]
+> The reason it's safe to use possibly_foolish_untaint here is because
+> of the check for $hooks{htmlize}{$type}. This limits it to types
+> that have a registered htmlize hook (mdwn, etc), and not whatever random
+> garbage an attacker might try to put in. If it wasn't for that check,
+> using possibly_foolish_untaint there would be _very_ foolish indeed..
+> --[[Joey]]