summaryrefslogtreecommitdiff
path: root/doc/forum
diff options
context:
space:
mode:
authorhttp://www.cse.unsw.edu.au/~willu/ <http://www.cse.unsw.edu.au/~willu/@web>2008-07-21 06:05:46 -0400
committerJoey Hess <joey@kitenet.net>2008-07-21 06:05:46 -0400
commit19d29f457639d045aa0a6f4e4766b9e96e9904d5 (patch)
treefd8a2b0dfc8a8e7ea551e320ad294d524aa2a500 /doc/forum
parentfb24242bb4868396211bd502e2f753294ec57947 (diff)
Update patch
Diffstat (limited to 'doc/forum')
-rw-r--r--doc/forum/Allow_overriding_of_symlink_restriction.mdwn64
1 files changed, 44 insertions, 20 deletions
diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
index 0d93a28c1..bd94811df 100644
--- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
+++ b/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
@@ -28,26 +28,50 @@ Now my problem: I have a hosted server where I cannot avoid having a symlink in
Is there a huge objection to this patch?
-(note: patch inline - look at the source to get it. And I didn't re-indent the code when I added the if...)
-
- index 990fcaa..d7cb37e 100644
- --- a/IkiWiki/Render.pm
- +++ b/IkiWiki/Render.pm
- @@ -260,6 +260,7 @@ sub prune ($) { #{{{
-
- sub refresh () { #{{{
- # security check, avoid following symlinks in the srcdir path
- + if (! $config{allowsrcdirlinks}) {
- my $test=$config{srcdir};
- while (length $test) {
- if (-l $test) {
- @@ -269,6 +270,7 @@ sub refresh () { #{{{
- $test=dirname($test);
- }
- }
- + }
-
- run_hooks(refresh => sub { shift->() });
+>>> [[patch]] updated.
+
+ diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
+ index 990fcaa..0fb78ba 100644
+ --- a/IkiWiki/Render.pm
+ +++ b/IkiWiki/Render.pm
+ @@ -260,13 +260,15 @@ sub prune ($) { #{{{
+
+ sub refresh () { #{{{
+ # security check, avoid following symlinks in the srcdir path
+ - my $test=$config{srcdir};
+ - while (length $test) {
+ - if (-l $test) {
+ - error("symlink found in srcdir path ($test)");
+ - }
+ - unless ($test=~s/\/+$//) {
+ - $test=dirname($test);
+ + if (! $config{allow_insecure_symlinks_in_path_to_srcdir}) {
+ + my $test=$config{srcdir};
+ + while (length $test) {
+ + if (-l $test) {
+ + error("symlink found in srcdir path ($test)");
+ + }
+ + unless ($test=~s/\/+$//) {
+ + $test=dirname($test);
+ + }
+ }
+ }
+
+ diff --git a/doc/ikiwiki.setup b/doc/ikiwiki.setup
+ index 10cb3da..eb86e49 100644
+ --- a/doc/ikiwiki.setup
+ +++ b/doc/ikiwiki.setup
+ @@ -203,4 +203,10 @@ use IkiWiki::Setup::Standard {
+ # For use with the attachment plugin, a program that returns
+ # nonzero if its standard input contains an virus.
+ #virus_checker => "clamdscan -",
+ +
+ + # The following setting allows symlinks in the path to your
+ + # srcdir. Symlinks are still not followed within srcdir.
+ + # Allowing symlinks to be followed, even in the path to srcdir,
+ + # will make some setups insecure.
+ + #allow_insecure_symlinks_in_path_to_srcdir => 0,
+ }
> No, I don't have a big objection to such an option, as long as it's
> extremely well documented that it will make many setups insecure.