summaryrefslogtreecommitdiff
path: root/IkiWiki.pm
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2009-05-18 15:25:10 -0400
committerJoey Hess <joey@gnu.kitenet.net>2009-05-18 15:25:10 -0400
commit23a4ee6d15dbd9b8e8c6588a829dd30a26a8de32 (patch)
tree5d7d76ba25bd6331e1f2940c481477ecb4de9d12 /IkiWiki.pm
parent0516ba04d014628be983dbd3e4c28a8f52a2c3e7 (diff)
Allow curly braces to be used in pagespecs
And avoid a whole class of potential security problems (though none that I know of actually existing..), by avoiding performing any string interpolation on user-supplied data when translating pagespecs.
Diffstat (limited to 'IkiWiki.pm')
-rw-r--r--IkiWiki.pm16
1 files changed, 7 insertions, 9 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 6233d2ead..061a1c6db 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1678,12 +1678,6 @@ sub rcs_receive () {
$hooks{rcs}{rcs_receive}{call}->();
}
-sub safequote ($) {
- my $s=shift;
- $s=~s/[{}]//g;
- return "q{$s}";
-}
-
sub add_depends ($$) {
my $page=shift;
my $pagespec=shift;
@@ -1785,6 +1779,7 @@ sub pagespec_translate ($) {
# Convert spec to perl code.
my $code="";
+ my @data;
while ($spec=~m{
\s* # ignore whitespace
( # 1: match a single word
@@ -1812,14 +1807,17 @@ sub pagespec_translate ($) {
}
elsif ($word =~ /^(\w+)\((.*)\)$/) {
if (exists $IkiWiki::PageSpec::{"match_$1"}) {
- $code.="IkiWiki::PageSpec::match_$1(\$page, ".safequote($2).", \@_)";
+ push @data, $2;
+ $code.="IkiWiki::PageSpec::match_$1(\$page, \$data[$#data], \@_)";
}
else {
- $code.="IkiWiki::ErrorReason->new(".safequote(qq{unknown function in pagespec "$word"}).")";
+ push @data, qq{unknown function in pagespec "$word"};
+ $code.="IkiWiki::ErrorReason->new(\$data[$#data])";
}
}
else {
- $code.=" IkiWiki::PageSpec::match_glob(\$page, ".safequote($word).", \@_)";
+ push @data, $word;
+ $code.=" IkiWiki::PageSpec::match_glob(\$page, \$data[$#data], \@_)";
}
}