Commit Graph

20 Commits (77df914b3af94cae62201bdc945fdddd639b1929)

Author SHA1 Message Date
Simon McVittie 4729ff0812 Exclude working directory from library path (CVE-2016-1238)
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.

Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.

In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
2016-07-28 09:50:21 +01:00
Simon McVittie cdfb4ab1a3 Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
Simon McVittie a1fda0b516 Standardize on --long-option instead of -long-option
[[forum/refresh_and_setup]] indicates some confusion between --setup
and -setup. Both work, but it's clearer if we stick to one in
documentation and code.

A 2012 commit to [[plugins/theme]] claims that "-setup" is required
and "--setup" won't work, but I cannot find any evidence in ikiwiki's
source code that this has ever been the case.
2015-03-01 16:15:01 +00:00
Joey Hess 96729cafc3 override LC_ALL, not LANG 2009-10-15 14:26:06 -04:00
Joey Hess 7ba4fa760a build wiki in C locale, to ensure that the "no broken links" message is not translated 2009-10-14 13:19:44 -04:00
Joey Hess 68fa7b5f8c use underlay_install as optimisaton 2009-07-21 13:16:59 +02:00
Joey Hess 5418385336 Optimise use of gettext, and avoid ugly warnings if Locale::gettext is not available.
The test suite was emitting a lot of ugly gettext warnings;
setting LC_ALL didn't solve the problem for all locale setups
(since ikiwiki remaps it to LANG, and ikiwiki didn't know about
the C locale).

People also seem generally annoyed by the messages when
Locale::Gettext is not installed, and I suspect will be
generally happier if it just silently doesn't localize.

The optimisation came about when I noticed that the gettext
sub was doing rather a lot of work each call just to see
if localisation is needed. We can avoid that work by caching,
and the best thing to cache is a version of the gettext sub
that does exactly the right thing.

This was slightly complicated by the locale setting,
which might need to override the original locale (or lack
thereof) after gettext has been called. So it needs to invalidate
the cache in that case. It used to do it via a global variable,
which I am happy to have also gotten rid of.
2009-06-08 18:33:54 -04:00
Joey Hess fd7db49f94 Fix test suite to not rely on an installed copy of ikiwiki after underlaydir change. Closes: #530502 2009-05-25 12:40:40 -04:00
Joey Hess e92c6722dd stop using perl -T here
See bug #411786. Perl's random corruption of the taint flag is even effecting
the untainting of source filenames now (which AFAICS, is a proper untaint
and always worked before..), and that makes using ikiwiki in perl taint
mode not work at all.
2009-05-22 13:27:23 -04:00
Joey Hess a7ff240afc test for brokenlinks when listdirectives is enabled, too 2008-09-11 19:06:44 -04:00
Joey Hess 2d43eda27d display broken links on failure 2008-09-11 18:56:28 -04:00
Joey Hess 88e9ef449d add a regression test to ensure that permalinks never change 2008-07-25 19:40:28 -04:00
Simon McVittie 60dc17c39c Hopefully fix regression tests in non-English environments 2008-07-12 23:00:57 +01:00
joey 8fd13334af fix path issue when runnign test 2007-09-05 23:51:08 +00:00
joey 9c5f4761d8 * Support for looking in multiple directories for underlay files.
* Plugins can add new directories to the search path with the add_underlay
  function.
* Split out smiley underlay files into a separate underlay, so if the plugin
  isn't used, the wiki isn't bloated with all those files.
2007-08-28 01:59:01 +00:00
joey 7c032d1465 test suite fixes 2007-08-21 19:58:14 +00:00
joey afcf0dc79e * Patch fixing various additional problems with test suite. Closes: #425891
once more.
2007-06-26 22:11:59 +00:00
joey ffc06c8e4d * Fix FTBFS in test suite introduced in last version. Closes: #425891 2007-05-24 20:21:45 +00:00
joey 05fbbad4b4 build fixes 2007-05-20 01:04:24 +00:00
joey d3d528b5c4 * Add a test ensuring that the basewiki is self-contained and has no broken
links.
2007-05-20 01:00:21 +00:00