Don't allow uploading an attachment with the same name as an existing page, to avoid...

[www/ikiwiki.git] / IkiWiki / Plugin / attachment.pm

diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index 8f9d7f5a442c7635458c5d0e1591489797b0773c..c6711aa05ac80e2957a982305b3ee187cfd13cce 100644 (file)
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -16,6 +16,12 @@ sub check_canattach ($$;$) {
        my $dest=shift; # where it's going to be put, under the srcdir
        my $file=shift; # the path to the attachment currently
 
+       # Don't allow an attachment to be uploaded with the same name as an
+       # existing page.
+       if (exists $pagesources{$dest} && $pagesources{$dest} ne $dest) {
+               error(sprintf(gettext("there is already a page named %s"), $dest));
+       }
+
        # Use a special pagespec to test that the attachment is valid.
        my $allowed=1;
        foreach my $admin (@{$config{adminuser}}) {
@@ -32,7 +38,7 @@ sub check_canattach ($$;$) {
                }
        }
        if (! $allowed) {
-               error(gettext("attachment rejected")." ($allowed)");
+               error(gettext("prohibited by allowed_attachments")." ($allowed)");
        }
        else {
                return 1;
@@ -430,6 +436,9 @@ sub match_user ($$;@) { #{{{
        if (defined $params{user} && lc $params{user} eq lc $user) {
                return IkiWiki::SuccessReason->new("user is $user");
        }
+       elsif (! defined $params{user}) {
+               return IkiWiki::FailReason->new("not logged in");
+       }
        else {
                return IkiWiki::FailReason->new("user is $params{user}, not $user");
        }