diff options
| author | Joey Hess <joey@kitenet.net> | 2010-04-28 12:39:13 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2010-04-28 12:39:13 -0400 |
| commit | a6e6f604bd8e9a8f90000163f8b00299829729d5 (patch) | |
| tree | 05488793516ed936a3eb0dcb22c490623db7580e | |
| parent | 67e8edc59712cfc3dbd24fd7f3aae0fa734983be (diff) | |
TMPL_INCLUDE re-enabled for templates read from the templatedir. (But not in-wiki templates.)
| -rw-r--r-- | IkiWiki.pm | 18 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | doc/news/version_3.20100427/discussion.mdwn | 4 |
3 files changed, 17 insertions, 7 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm index 623396c9c..dcee376ee 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -1661,7 +1661,11 @@ sub template_file ($) { } my $template=srcfile($tpage, 1); - if (! defined $template) { + if (defined $template) { + return $template, $tpage, 1 if wantarray; + return $template; + } + else { $name=~s:/::; # avoid path traversal foreach my $dir ($config{templatedir}, "$installdir/share/ikiwiki/templates") { @@ -1670,12 +1674,12 @@ sub template_file ($) { last; } } + if (defined $template) { + return $template, $tpage if wantarray; + return $template; + } } - if (defined $template) { - return $template, $tpage if wantarray; - return $template; - } return; } @@ -1683,7 +1687,7 @@ sub template_depends ($$;@) { my $name=shift; my $page=shift; - my ($filename, $tpage)=template_file($name); + my ($filename, $tpage, $untrusted)=template_file($name); if (defined $page && defined $tpage) { add_depends($page, $tpage); } @@ -1699,7 +1703,7 @@ sub template_depends ($$;@) { die_on_bad_params => 0, filename => $filename, @_, - no_includes => 1, + ($untrusted ? (no_includes => 1) : ()), ); return @opts if wantarray; diff --git a/debian/changelog b/debian/changelog index b19840865..0a70dc6ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ ikiwiki (3.20100428) UNRELEASED; urgency=low * template: Fix typo. + * TMPL_INCLUDE re-enabled for templates read from the templatedir. + (But not in-wiki templates.) -- Joey Hess <joeyh@debian.org> Tue, 27 Apr 2010 12:10:51 -0400 diff --git a/doc/news/version_3.20100427/discussion.mdwn b/doc/news/version_3.20100427/discussion.mdwn index 4daf8085f..726f9a0d2 100644 --- a/doc/news/version_3.20100427/discussion.mdwn +++ b/doc/news/version_3.20100427/discussion.mdwn @@ -1,3 +1,7 @@ *TMPL_INCLUDE is no longer supported in any template used by ikiwiki. It used to be allowed in certian templates, but not in others.* Would it be possible to make that a config option? Because I do use includes in my templates, and I don't allow users to edit templates, so it isn't a security loophole for me. --[[KathrynAndersen]] + +> I don't like config options that make wikis unsafe, but I should have +> revisted enabling includes for templates read from the templatedir -- +> it's easy to do, and I've done it now. --[[Joey]] |