From 9c5f4761d8bf785ca98d5fda66fbbe9dbe11897c Mon Sep 17 00:00:00 2001
From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Tue, 28 Aug 2007 01:59:01 +0000
Subject: * Support for looking in multiple directories for underlay files. *
 Plugins can add new directories to the search path with the add_underlay  
 function. * Split out smiley underlay files into a separate underlay, so if
 the plugin   isn't used, the wiki isn't bloated with all those files.

---
 IkiWiki/CGI.pm           |  7 ++++---
 IkiWiki/Plugin/smiley.pm |  1 +
 IkiWiki/Render.pm        | 51 +++++++++++++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 27 deletions(-)

(limited to 'IkiWiki')

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 82b619592..c785e31de 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -335,7 +335,8 @@ sub cgi_editpage ($$) { #{{{
 	# characters.
 	my ($page)=$form->field('page');
 	$page=titlepage(possibly_foolish_untaint($page));
-	if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
+	if (! defined $page || ! length $page ||
+	    file_pruned($page, $config{srcdir}) || $page=~/^\//) {
 		error("bad page name");
 	}
 	
@@ -512,8 +513,8 @@ sub cgi_editpage ($$) { #{{{
 
 		my $exists=-e "$config{srcdir}/$file";
 
-		if ($form->field("do") ne "create" &&
-		    ! $exists && ! -e "$config{underlaydir}/$file") {
+		if ($form->field("do") ne "create" && ! $exists &&
+		    ! eval { srcfile($file) }) {
 			$form->tmpl_param("page_gone", 1);
 			$form->field(name => "do", value => "create", force => 1);
 			$form->tmpl_param("page_select", 0);
diff --git a/IkiWiki/Plugin/smiley.pm b/IkiWiki/Plugin/smiley.pm
index 96e714d3d..932c2c4fe 100644
--- a/IkiWiki/Plugin/smiley.pm
+++ b/IkiWiki/Plugin/smiley.pm
@@ -9,6 +9,7 @@ my %smileys;
 my $smiley_regexp;
 
 sub import { #{{{
+	add_underlay("smiley");
 	hook(type => "filter", id => "smiley", call => \&filter);
 } # }}}
 
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 5fd0dea0d..35d663a7a 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -270,34 +270,37 @@ sub refresh () { #{{{
 			}
 		},
 	}, $config{srcdir});
-	find({
-		no_chdir => 1,
-		wanted => sub {
-			$_=decode_utf8($_);
-			if (file_pruned($_, $config{underlaydir})) {
-				$File::Find::prune=1;
-			}
-			elsif (! -d $_ && ! -l $_) {
-				my ($f)=/$config{wiki_file_regexp}/; # untaint
-				if (! defined $f) {
-					warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+	foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+		find({
+			no_chdir => 1,
+			wanted => sub {
+				$_=decode_utf8($_);
+				if (file_pruned($_, $dir)) {
+					$File::Find::prune=1;
 				}
-				else {
-					# Don't add pages that are in the
-					# srcdir.
-					$f=~s/^\Q$config{underlaydir}\E\/?//;
-					if (! -e "$config{srcdir}/$f" && 
-					    ! -l "$config{srcdir}/$f") {
-					    	my $page=pagename($f);
-						if (! $exists{$page}) {
-							push @files, $f;
-							$exists{$page}=1;
+				elsif (! -d $_ && ! -l $_) {
+					my ($f)=/$config{wiki_file_regexp}/; # untaint
+					if (! defined $f) {
+						warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+					}
+					else {
+						$f=~s/^\Q$dir\E\/?//;
+						# avoid underlaydir
+						# override attacks; see
+						# security.mdwn
+						if (! -e "$config{srcdir}/$f" && 
+						    ! -l "$config{srcdir}/$f") {
+						    	my $page=pagename($f);
+							if (! $exists{$page}) {
+								push @files, $f;
+								$exists{$page}=1;
+							}
 						}
 					}
 				}
-			}
-		},
-	}, $config{underlaydir});
+			},
+		}, $dir);
+	};
 
 	my %rendered;
 
-- 
cgit v1.2.3