diff options
Diffstat (limited to 'IkiWiki')
-rw-r--r-- | IkiWiki/Plugin/attachment.pm | 2 | ||||
-rw-r--r-- | IkiWiki/Plugin/autoindex.pm | 14 | ||||
-rw-r--r-- | IkiWiki/Plugin/comments.pm | 24 | ||||
-rw-r--r-- | IkiWiki/Plugin/editpage.pm | 7 | ||||
-rw-r--r-- | IkiWiki/Plugin/rename.pm | 5 | ||||
-rw-r--r-- | IkiWiki/Receive.pm | 2 |
6 files changed, 26 insertions, 28 deletions
diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index ad1dd9bca..8c3ff887a 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -137,7 +137,7 @@ sub formbuilder (@) { $filename=linkpage(IkiWiki::possibly_foolish_untaint( attachment_location($form->field('page')). IkiWiki::basename($filename))); - if (IkiWiki::file_pruned($filename, $config{srcdir})) { + if (IkiWiki::file_pruned($filename)) { error(gettext("bad attachment filename")); } diff --git a/IkiWiki/Plugin/autoindex.pm b/IkiWiki/Plugin/autoindex.pm index c71d73349..0dd76259e 100644 --- a/IkiWiki/Plugin/autoindex.pm +++ b/IkiWiki/Plugin/autoindex.pm @@ -36,18 +36,22 @@ sub refresh () { my (%pages, %dirs); foreach my $dir ($config{srcdir}, @{$config{underlaydirs}}, $config{underlaydir}) { + require File::Spec; + $dir=File::Spec->canonpath($dir); + find({ no_chdir => 1, wanted => sub { - $_=decode_utf8($_); - if (IkiWiki::file_pruned($_, $dir)) { + my $file=File::Spec->canonpath(decode_utf8($_)); + return if $file eq $dir; + $file=~s/^\Q$dir\E\/?//; + return unless length $file; + if (IkiWiki::file_pruned($file)) { $File::Find::prune=1; } elsif (! -l $_) { - my ($f)=/$config{wiki_file_regexp}/; # untaint + my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint return unless defined $f; - $f=~s/^\Q$dir\E\/?//; - return unless length $f; return if $f =~ /\._([^.]+)$/; # skip internal page if (! -d _) { $pages{pagename($f)}=1; diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 0aa043215..58bd4b851 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -338,7 +338,7 @@ sub editcomment ($$) { my $page = $form->field('page'); $page = IkiWiki::possibly_foolish_untaint($page); if (! defined $page || ! length $page || - IkiWiki::file_pruned($page, $config{srcdir})) { + IkiWiki::file_pruned($page)) { error(gettext("bad page name")); } @@ -548,7 +548,7 @@ sub commentmoderation ($$) { # pending comment before untainting. my ($f)= $id =~ /$config{wiki_file_regexp}/; if (! defined $f || ! length $f || - IkiWiki::file_pruned($f, $config{srcdir})) { + IkiWiki::file_pruned($f)) { error("illegal file"); } @@ -644,18 +644,14 @@ sub comments_pending () { find({ no_chdir => 1, wanted => sub { - $_=decode_utf8($_); - if (IkiWiki::file_pruned($_, $dir)) { - $File::Find::prune=1; - } - elsif (! -l $_ && ! -d _) { - $File::Find::prune=0; - my ($f)=/$config{wiki_file_regexp}/; # untaint - if (defined $f && $f =~ /\Q._comment\E$/) { - my $ctime=(stat($f))[10]; - $f=~s/^\Q$dir\E\/?//; - push @ret, [$f, $ctime]; - } + my $file=decode_utf8($_); + $file=~s/^\Q$dir\E\/?//; + return if ! length $file || IkiWiki::file_pruned($file) + || -l $_ || -d _ || $file !~ /\Q._comment\E$/; + my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint + if (defined $f) { + my $ctime=(stat($_))[10]; + push @ret, [$f, $ctime]; } } }, $dir); diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index 44fe5514a..26e38abc1 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -92,9 +92,9 @@ sub cgi_editpage ($$) { # wiki_file_regexp. my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/; $page=possibly_foolish_untaint($page); - my $absolute=($page =~ s#^/+##); + my $absolute=($page =~ s#^/+##); # absolute name used to force location if (! defined $page || ! length $page || - file_pruned($page, $config{srcdir})) { + file_pruned($page)) { error(gettext("bad page name")); } @@ -220,8 +220,7 @@ sub cgi_editpage ($$) { my $best_loc; if (! defined $from || ! length $from || $from ne $form->field('from') || - file_pruned($from, $config{srcdir}) || - $from=~/^\// || + file_pruned($from) || $absolute || $form->submitted) { @page_locs=$best_loc=$page; diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm index 1a9da6363..69e615ead 100644 --- a/IkiWiki/Plugin/rename.pm +++ b/IkiWiki/Plugin/rename.pm @@ -63,9 +63,8 @@ sub check_canrename ($$$$$$) { error(gettext("no change to the file name was specified")); } - # Must be a legal filename, and not absolute. - if (IkiWiki::file_pruned($destfile, $config{srcdir}) || - $destfile=~/^\//) { + # Must be a legal filename. + if (IkiWiki::file_pruned($destfile)) { error(sprintf(gettext("illegal name"))); } diff --git a/IkiWiki/Receive.pm b/IkiWiki/Receive.pm index cd94d0938..ae1bd8bef 100644 --- a/IkiWiki/Receive.pm +++ b/IkiWiki/Receive.pm @@ -82,7 +82,7 @@ sub test () { my ($file)=$change->{file}=~/$config{wiki_file_regexp}/; $file=IkiWiki::possibly_foolish_untaint($file); if (! defined $file || ! length $file || - IkiWiki::file_pruned($file, $config{srcdir})) { + IkiWiki::file_pruned($file)) { error(gettext("bad file name %s"), $file); } |