fix other cases of unicode mixing issue
and fix underlaydir override attack guard when srcdir is non-absolutemaster
Joey Hess
commit
a298959888
|
|
@ -33,18 +33,19 @@ sub genindex ($) {
|
|||
sub refresh () {
|
||||
eval q{use File::Find};
|
||||
error($@) if $@;
|
||||
eval q{use Cwd};
|
||||
error($@) if $@;
|
||||
my $origdir=getcwd();
|
||||
|
||||
my (%pages, %dirs);
|
||||
foreach my $dir ($config{srcdir}, @{$config{underlaydirs}}, $config{underlaydir}) {
|
||||
require File::Spec;
|
||||
$dir=File::Spec->canonpath($dir);
|
||||
chdir($dir) || die "chdir: $!";
|
||||
|
||||
find({
|
||||
no_chdir => 1,
|
||||
wanted => sub {
|
||||
my $file=File::Spec->canonpath(decode_utf8($_));
|
||||
return if $file eq $dir;
|
||||
$file=~s/^\Q$dir\E\/?//;
|
||||
my $file=decode_utf8($_);
|
||||
$file=~s/^\.\/?//;
|
||||
return unless length $file;
|
||||
if (IkiWiki::file_pruned($file)) {
|
||||
$File::Find::prune=1;
|
||||
|
|
@ -61,7 +62,9 @@ sub refresh () {
|
|||
}
|
||||
}
|
||||
}
|
||||
}, $dir);
|
||||
}, '.');
|
||||
|
||||
chdir($origdir) || die "chdir: $!";
|
||||
}
|
||||
|
||||
my %deleted;
|
||||
|
|
|
|||
|
|
@ -660,16 +660,22 @@ sub comments_pending () {
|
|||
|
||||
eval q{use File::Find};
|
||||
error($@) if $@;
|
||||
eval q{use Cwd};
|
||||
error($@) if $@;
|
||||
my $origdir=getcwd();
|
||||
|
||||
my $find_comments=sub {
|
||||
my $dir=shift;
|
||||
my $extension=shift;
|
||||
return unless -d $dir;
|
||||
|
||||
chdir($dir) || die "chdir: $!";
|
||||
|
||||
find({
|
||||
no_chdir => 1,
|
||||
wanted => sub {
|
||||
my $file=decode_utf8($_);
|
||||
$file=~s/^\Q$dir\E\/?//;
|
||||
$file=~s/^\.\///;
|
||||
return if ! length $file || IkiWiki::file_pruned($file)
|
||||
|| -l $_ || -d _ || $file !~ /\Q$extension\E$/;
|
||||
my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
|
||||
|
|
@ -678,7 +684,9 @@ sub comments_pending () {
|
|||
push @ret, [$f, $dir, $ctime];
|
||||
}
|
||||
}
|
||||
}, $dir);
|
||||
}, ".");
|
||||
|
||||
chdir($origdir) || die "chdir: $!";
|
||||
};
|
||||
|
||||
$find_comments->($config{srcdir}, "._comment_pending");
|
||||
|
|
|
|||
|
|
@ -292,11 +292,16 @@ sub find_src_files () {
|
|||
eval q{use File::Find};
|
||||
error($@) if $@;
|
||||
|
||||
eval q{use Cwd};
|
||||
die $@ if $@;
|
||||
my $origdir=getcwd();
|
||||
my $abssrcdir=Cwd::abs_path($config{srcdir});
|
||||
|
||||
my ($page, $underlay);
|
||||
my $helper=sub {
|
||||
my $file=decode_utf8($_);
|
||||
return if -l $file || -d _;
|
||||
$file=~s/^\Q.\/\E//;
|
||||
$file=~s/^\.\///;
|
||||
return if ! length $file;
|
||||
$page = pagename($file);
|
||||
if (! exists $pagesources{$page} &&
|
||||
|
|
@ -313,7 +318,7 @@ sub find_src_files () {
|
|||
|
||||
if ($underlay) {
|
||||
# avoid underlaydir override attacks; see security.mdwn
|
||||
if (! -l "$config{srcdir}/$f" && ! -e _) {
|
||||
if (! -l "$abssrcdir/$f" && ! -e _) {
|
||||
if (! $pages{$page}) {
|
||||
push @files, $f;
|
||||
$pages{$page}=1;
|
||||
|
|
@ -329,10 +334,6 @@ sub find_src_files () {
|
|||
}
|
||||
};
|
||||
|
||||
eval q{use Cwd};
|
||||
die $@ if $@;
|
||||
my $origdir=getcwd();
|
||||
|
||||
chdir($config{srcdir}) || die "chdir: $!";
|
||||
find({
|
||||
no_chdir => 1,
|
||||
|
|
|
|||
Loading…
Reference in New Issue