Index: IkiWiki.pm
===================================================================
--- IkiWiki.pm (revision 2981)
+++ IkiWiki.pm (working copy)
@@ -26,7 +26,7 @@
memoize("file_pruned");
sub defaultconfig () { #{{{
- wiki_file_prune_regexps => [qr/\.\./, qr/^\./, qr/\/\./,
+ wiki_file_prune_regexps => [qr/\.\./, qr/^\.(?!htaccess)/, qr/\/\.(?!htaccess)/,
qr/\.x?html?$/, qr/\.ikiwiki-new$/,
qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//],
wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/,
[[tag patch]]
This lets the site administrator have a .htaccess file in their underlay
directory, say, then get it copied over when the wiki is built. Without
this, installations that are located at the root of a domain don't get the
benefit of .htaccess such as improved directory listings, IP blocking,
URL rewriting, authorisation, etc.
I'm concerned about security ramifications of this patch. While ikiwiki
won't allow editing such a .htaccess file in the web interface, it would
be possible for a user who has svn commit access to the wiki to use it to
add a .htaccess file that does $EVIL.
Perhaps this should be something that is configurable via the setup file
instead. --[[Joey]]
|