aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorchrysn <chrysn@web>2013-08-10 08:48:50 -0400
committeradmin <admin@branchable.com>2013-08-10 08:48:50 -0400
commitecc9dd10068f534644d858c54109969f5c9d12d7 (patch)
treee1fd4e1c8b15f738d8e607c8a858cb81fcda5742
parentb140745662d71b829c995aa1d7dc290048867a8a (diff)
downloadikiwiki-ecc9dd10068f534644d858c54109969f5c9d12d7.tar
ikiwiki-ecc9dd10068f534644d858c54109969f5c9d12d7.tar.gz
raise recursion limit to 8
-rw-r--r--doc/bugs/preprocessing_loop_control_too_tight.mdwn19
1 files changed, 19 insertions, 0 deletions
diff --git a/doc/bugs/preprocessing_loop_control_too_tight.mdwn b/doc/bugs/preprocessing_loop_control_too_tight.mdwn
new file mode 100644
index 000000000..f1a9bc9a7
--- /dev/null
+++ b/doc/bugs/preprocessing_loop_control_too_tight.mdwn
@@ -0,0 +1,19 @@
+the preprocessing hook makes sure that no infinite loops occur by restricting the depth of nested directives to 3.
+
+this is insufficient in some situations in which sidebars are conditionally assembled from templates.
+
+given there are no limits on the number of directives per page and the number of edits a user can do in a particular time frame, i assume that raising that limit slightly won't make the DoS attacks that can be done against ikiwiki too much worse.
+
+i'd like to suggest 8 as a new value for recursion depth limit. most people can wrap their minds around a depth 3 nested directive setup, but when you reach a depth of 8, it's likely to be easier to write a dedicated plugin.
+
+<code><pre>
+diff --git a/IkiWiki.pm b/IkiWiki.pm
+index 75c9579..ad0f8b0 100644
+--- a/IkiWiki.pm
++++ b/IkiWiki.pm
+@@ -1487 +1487 @@ sub preprocess ($$$;$$) {
+- if ($preprocessing{$page}++ > 3) {
++ if ($preprocessing{$page}++ > 8) {
+</pre></code>
+
+[[!tag patch]]