diff options
-rw-r--r-- | IkiWiki/Render.pm | 6 | ||||
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | doc/bugs/Allow_overriding_of_symlink_restriction.mdwn (renamed from doc/forum/Allow_overriding_of_symlink_restriction.mdwn) | 4 |
3 files changed, 10 insertions, 3 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index fc1bc0c92..ab3ccd7ae 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -245,11 +245,11 @@ sub prune ($) { #{{{ } #}}} sub refresh () { #{{{ - # security check, avoid following symlinks in the srcdir path + # security check, avoid following symlinks in the srcdir path by default my $test=$config{srcdir}; while (length $test) { - if (-l $test) { - error("symlink found in srcdir path ($test)"); + if (-l $test && ! $config{allow_symlinks_before_srcdir}) { + error("symlink found in srcdir path ($test) -- set allow_symlinks_before_srcdir to allow this"); } unless ($test=~s/\/+$//) { $test=dirname($test); diff --git a/debian/changelog b/debian/changelog index ca318e815..7ab18a2c7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ ikiwiki (2.55) UNRELEASED; urgency=low * Really fix bug with links to pages with names containing colons. Previous fix mised a few cases. * Avoid troublesome abs_path calls in wrapper setup. + * Add allow_symlinks_before_srcdir config setting that can be used to avoid + a security check that is a good safe default, but problimatic overkill in + some situations. -- Joey Hess <joeyh@debian.org> Mon, 21 Jul 2008 11:35:46 -0400 diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn index 069a18f30..69ea299e8 100644 --- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn +++ b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn @@ -80,6 +80,8 @@ Is there a huge objection to this patch? > the `srcdir`. > --[[Joey]] +>> Slightly modified version of patch applied. --[[Joey]] + >> Ok, I'll try to get it cleaned up and documented. There is a second location where this can be an issue. That is in the @@ -133,3 +135,5 @@ like this being accepted before I bothered. >>> Patch using rel2abs() works well - it no longer expands symlinks. >>>> That patch is applied now. --[[Joey]] + +[[tag done]] |