From a78a981792e7420783f5064f52100635429922f1 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kodama.kitenet.net>
Date: Tue, 1 Jul 2008 13:31:09 -0400
Subject: [PATCH] attachment location

Put the attachment in a subdir of the page it's attached to,
unless that page is an "index" page.
---
 IkiWiki/Plugin/attachment.pm | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index 23862bc05..f9d7f14f6 100644
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -42,21 +42,21 @@ sub formbuilder (@) { #{{{
 		# of the temp file that CGI writes the upload to.
 		my $tempfile=$q->tmpFileName($filename);
 		
+		# Put the attachment in a subdir of the page it's attached
+		# to, unless that page is an "index" page.
+		my $page=$form->field('page');
+		$page=~s/(^|\/)index//;
+		$filename="$page/$filename";
+		
 		# To untaint the filename, escape any hazardous characters,
 		# and make sure it isn't pruned.
-		$filename=IkiWiki::possibly_foolish_untaint(IkiWiki::titlepage($filename));
+		$filename=IkiWiki::titlepage(IkiWiki::possibly_foolish_untaint($filename);
 		if (IkiWiki::file_pruned($filename, $config{srcdir})) {
 			error(gettext("bad attachment filename"));
 		}
 		
-		# XXX Put the attachment in a subdir corresponding to the
-		# page being edited.
-		# The editpage code has already checked that
-		# $form->field('page') is valid.
-		$filename="XXX/$filename";
-
-		# Also check that the user is allowed to edit it by other
-		# policies.
+		# Check that the user is allowed to edit a page with the
+		# name of the attachment.
 		IkiWiki::check_canedit($filename, $q, $params{session}, 1);
 		
 		# Use a pagespec to test that the attachment is valid.
-- 
2.45.0