diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-08-24 00:56:09 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-08-24 00:56:09 +0000 |
commit | 10ebaac3908463892dbf14352263d98ad56e472f (patch) | |
tree | 2290ab575b6143c282d5713ef5a72e3f13ec1625 | |
parent | e8d954fb1eb328c6389b23b41a9f62d63b0e0993 (diff) | |
download | ikiwiki-10ebaac3908463892dbf14352263d98ad56e472f.tar ikiwiki-10ebaac3908463892dbf14352263d98ad56e472f.tar.gz |
web commit by http://willu.myopenid.com/: Add patch to fix a security FIXME
-rw-r--r-- | doc/bugs/Monotone_rcs_support.mdwn | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/bugs/Monotone_rcs_support.mdwn b/doc/bugs/Monotone_rcs_support.mdwn index 9e20f0a7e..116939722 100644 --- a/doc/bugs/Monotone_rcs_support.mdwn +++ b/doc/bugs/Monotone_rcs_support.mdwn @@ -46,6 +46,39 @@ Note: This patch requires a rather recent Monotone perl module (18 August 2007 o >>>> applied +Here is another patch. It fixes a FIXME you added. I was using $file within backticks because +I was getting an error trying to do it right. I've figured out the error, and now do it right. This +should also speed things up (very slightly) + + Index: IkiWiki/Rcs/monotone.pm + =================================================================== + --- IkiWiki/Rcs/monotone.pm (revision 4234) + +++ IkiWiki/Rcs/monotone.pm (working copy) + @@ -239,17 +239,11 @@ + + # Something has been committed, has this file changed? + my ($out, $err); + - #$automator->setOpts("-r", $oldrev, "-r", $rev); + - #my ($out, $err) = $automator->call("content_diff", $file); + - #debug("Problem committing $file") if ($err ne ""); + - # FIXME: use of $file in these backticks is not wise from a + - # security POV. Probably safe, but should be avoided + - # anyway. + - # At the moment the backticks are used because the above call using the automate + - # interface was failing. When that bug in monotone is fixed, we should switch + - # back. + - my $diff = `mtn --root=$config{mtnrootdir} au content_diff -r $oldrev -r $rev $file`; # was just $out; + - + + $automator->setOpts("r", $oldrev, "r", $rev); + + ($out, $err) = $automator->call("content_diff", $file); + + debug("Problem committing $file") if ($err ne ""); + + my $diff = $out; + + + if ($diff) { + # Commit a revision with just this file changed off + # the old revision. + + >> BTW, will all the monotone output parsing work if LANG != C? >>> It should (he says crossing fingers). |