2007-11-26 20:08:03 +01:00
|
|
|
If the srcdir is a symlink, Ikiwiki will not render the pages unless the srcdir has a trailing slash.
|
|
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
set -x
|
|
|
|
|
|
|
|
|
|
REALSRCDIR=~/tmp/ikiwiki/wikiwc2
|
|
|
|
|
SRCDIR=~/tmp/ikiwiki/wikiwc
|
|
|
|
|
DESTDIR=~/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
|
|
|
|
|
echo "*** Testing without trailing slash."
|
|
|
|
|
|
|
|
|
|
rm -rf $REALSRCDIR $SRCDIR $DESTDIR
|
|
|
|
|
|
|
|
|
|
# Create the real srcdir and link the srcdir to it
|
|
|
|
|
mkdir -p $REALSRCDIR
|
|
|
|
|
ln -s $REALSRCDIR $SRCDIR
|
|
|
|
|
|
|
|
|
|
mkdir -p $DESTDIR
|
|
|
|
|
|
|
|
|
|
echo Test > $SRCDIR/index.mdwn
|
|
|
|
|
|
|
|
|
|
# No trailing slash after $SRCDIR
|
|
|
|
|
ikiwiki --verbose $SRCDIR $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null
|
|
|
|
|
|
|
|
|
|
echo "*** Testing with trailing slash."
|
|
|
|
|
|
|
|
|
|
rm -rf $REALSRCDIR $SRCDIR $DESTDIR
|
|
|
|
|
|
|
|
|
|
# Create the real srcdir and link the srcdir to it
|
|
|
|
|
mkdir -p $REALSRCDIR
|
|
|
|
|
ln -s $REALSRCDIR $SRCDIR
|
|
|
|
|
|
|
|
|
|
mkdir -p $DESTDIR
|
|
|
|
|
|
|
|
|
|
echo Test > $SRCDIR/index.mdwn
|
|
|
|
|
|
|
|
|
|
# Trailing slash after $SRCDIR
|
|
|
|
|
ikiwiki --verbose $SRCDIR/ $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null
|
|
|
|
|
|
|
|
|
|
My output:
|
|
|
|
|
|
|
|
|
|
+ REALSRCDIR=/home/svend/tmp/ikiwiki/wikiwc2
|
|
|
|
|
+ SRCDIR=/home/svend/tmp/ikiwiki/wikiwc
|
|
|
|
|
+ DESTDIR=/home/svend/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
+ echo '*** Testing without trailing slash.'
|
|
|
|
|
*** Testing without trailing slash.
|
|
|
|
|
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
|
|
|
|
|
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
|
|
|
|
|
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
+ echo Test
|
|
|
|
|
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
|
|
|
|
|
+ echo '*** Testing with trailing slash.'
|
|
|
|
|
*** Testing with trailing slash.
|
|
|
|
|
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
|
|
|
|
|
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
|
|
|
|
|
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
|
|
|
|
|
+ echo Test
|
|
|
|
|
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc/ /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
|
|
|
|
|
scanning index.mdwn
|
|
|
|
|
rendering index.mdwn
|
|
|
|
|
|
2007-11-26 21:30:44 +01:00
|
|
|
Note that index.mdwn was only rendered when srcdir had a trailing slash.
|
|
|
|
|
|
|
|
|
|
> There are potential [[security]] issues with ikiwiki following a symlink,
|
|
|
|
|
> even if it's just a symlink at the top level of the srcdir.
|
|
|
|
|
> Consider ikiwiki.info's own setup, where the srcdir is ikiwiki/doc,
|
|
|
|
|
> checked out of revision control. A malicious committer could convert
|
|
|
|
|
> ikiwiki/doc into a symlink to /etc, then ikiwiki would happily publish
|
|
|
|
|
> all of /etc to the web.
|
|
|
|
|
>
|
|
|
|
|
> This kind of attack is why ikiwiki does not let File::Find follow
|
|
|
|
|
> symlinks when scanning the srcdir. By appending the slash, you're
|
|
|
|
|
> actually bypassing that check. Ikiwiki should not let you set
|
|
|
|
|
> up a potentially insecure configuration like that. More discussion of
|
|
|
|
|
> this hole [[here|security#index29h2]], and I've had to release
|
|
|
|
|
> a version of ikiwiki that explicitly checks for that, and fails to work.
|
|
|
|
|
> Sorry, but security trumps convenience. [[done]] --[[Joey]]
|
