summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/Render.pm6
-rw-r--r--debian/changelog3
-rw-r--r--doc/bugs/Allow_overriding_of_symlink_restriction.mdwn (renamed from doc/forum/Allow_overriding_of_symlink_restriction.mdwn)4
3 files changed, 10 insertions, 3 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index fc1bc0c92..ab3ccd7ae 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -245,11 +245,11 @@ sub prune ($) { #{{{
} #}}}
sub refresh () { #{{{
- # security check, avoid following symlinks in the srcdir path
+ # security check, avoid following symlinks in the srcdir path by default
my $test=$config{srcdir};
while (length $test) {
- if (-l $test) {
- error("symlink found in srcdir path ($test)");
+ if (-l $test && ! $config{allow_symlinks_before_srcdir}) {
+ error("symlink found in srcdir path ($test) -- set allow_symlinks_before_srcdir to allow this");
}
unless ($test=~s/\/+$//) {
$test=dirname($test);
diff --git a/debian/changelog b/debian/changelog
index ca318e815..7ab18a2c7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ ikiwiki (2.55) UNRELEASED; urgency=low
* Really fix bug with links to pages with names containing colons.
Previous fix mised a few cases.
* Avoid troublesome abs_path calls in wrapper setup.
+ * Add allow_symlinks_before_srcdir config setting that can be used to avoid
+ a security check that is a good safe default, but problimatic overkill in
+ some situations.
-- Joey Hess <joeyh@debian.org> Mon, 21 Jul 2008 11:35:46 -0400
diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn
index 069a18f30..69ea299e8 100644
--- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
+++ b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn
@@ -80,6 +80,8 @@ Is there a huge objection to this patch?
> the `srcdir`.
> --[[Joey]]
+>> Slightly modified version of patch applied. --[[Joey]]
+
>> Ok, I'll try to get it cleaned up and documented.
There is a second location where this can be an issue. That is in the
@@ -133,3 +135,5 @@ like this being accepted before I bothered.
>>> Patch using rel2abs() works well - it no longer expands symlinks.
>>>> That patch is applied now. --[[Joey]]
+
+[[tag done]]