diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-12 18:07:14 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-12 18:07:14 +0000 |
| commit | 0563a600e9cd8c882208047edc3a215d20a5ca6e (patch) | |
| tree | ec4df6bb5c1619dee0c314b1fefc9c17cea46146 /ikiwiki | |
| parent | 8859b2feaf39aeb581254b9be83b53dac5573966 (diff) | |
security improvements, switched to single session db file
Diffstat (limited to 'ikiwiki')
| -rwxr-xr-x | ikiwiki | 20 |
1 files changed, 18 insertions, 2 deletions
@@ -306,6 +306,17 @@ sub finalize ($$) { #{{{ return $template->output; } #}}} +# Important security check. Make sure to call this before saving any files +# to the source directory. +sub check_overwrite ($$) { #{{{ + my $dest=shift; + my $src=shift; + + if (! exists $renderedfiles{$src} && -e $dest) { + error("$dest exists and was not rendered from $src before, not overwriting"); + } +} #}}} + sub render ($) { #{{{ my $file=shift; @@ -320,12 +331,14 @@ sub render ($) { #{{{ $content=htmlize($type, $content); $content=finalize($content, $page); + check_overwrite("$destdir/".htmlpage($page), $page); writefile("$destdir/".htmlpage($page), $content); $oldpagemtime{$page}=time; $renderedfiles{$page}=htmlpage($page); } else { $links{$file}=[]; + check_overwrite("$destdir/$file", $file); writefile("$destdir/$file", $content); $oldpagemtime{$file}=time; $renderedfiles{$file}=$file; @@ -941,8 +954,11 @@ sub cgi () { #{{{ } CGI::Session->name("ikiwiki_session"); - my $session = CGI::Session->new(undef, $q, - { Directory=> "$srcdir/.ikiwiki/sessions" }); + + my $oldmask=umask(077); + my $session = CGI::Session->new("driver:db_file", $q, + { FileName => "$srcdir/.ikiwiki/sessions.db" }); + umask($oldmask); # Everything below this point needs the user to be signed in. if ((! $anonok && ! defined $session->param("name")) || $do eq 'signin') { |