diff options
| author | Joey Hess <joey@kodama.kitenet.net> | 2008-07-21 18:33:09 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kodama.kitenet.net> | 2008-07-21 18:33:09 -0400 |
| commit | c2a2f715087a4602876618fdec2fad073308a6d5 (patch) | |
| tree | 3a0f7c149a78d9d1274707a3144b6775b5359c91 | |
| parent | e630e7507ea253680750e670d7d213bc5ca3e57a (diff) | |
| download | ikiwiki-c2a2f715087a4602876618fdec2fad073308a6d5.tar ikiwiki-c2a2f715087a4602876618fdec2fad073308a6d5.tar.gz | |
Add allow_symlinks_before_srcdir config setting
can be used to avoid a security check that is a good safe default, but
problimatic overkill in some situations.
I decided to underdocument this, because the option looks ugly, and I don't
want people randomly turning it on because it looks like a good idea. So if
you need it, you'll get an error message mentioning how to fix it.
| -rw-r--r-- | IkiWiki/Render.pm | 6 | ||||
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | doc/bugs/Allow_overriding_of_symlink_restriction.mdwn (renamed from doc/forum/Allow_overriding_of_symlink_restriction.mdwn) | 4 |
3 files changed, 10 insertions, 3 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index fc1bc0c92..ab3ccd7ae 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -245,11 +245,11 @@ sub prune ($) { #{{{ } #}}} sub refresh () { #{{{ - # security check, avoid following symlinks in the srcdir path + # security check, avoid following symlinks in the srcdir path by default my $test=$config{srcdir}; while (length $test) { - if (-l $test) { - error("symlink found in srcdir path ($test)"); + if (-l $test && ! $config{allow_symlinks_before_srcdir}) { + error("symlink found in srcdir path ($test) -- set allow_symlinks_before_srcdir to allow this"); } unless ($test=~s/\/+$//) { $test=dirname($test); diff --git a/debian/changelog b/debian/changelog index ca318e815..7ab18a2c7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ ikiwiki (2.55) UNRELEASED; urgency=low * Really fix bug with links to pages with names containing colons. Previous fix mised a few cases. * Avoid troublesome abs_path calls in wrapper setup. + * Add allow_symlinks_before_srcdir config setting that can be used to avoid + a security check that is a good safe default, but problimatic overkill in + some situations. -- Joey Hess <joeyh@debian.org> Mon, 21 Jul 2008 11:35:46 -0400 diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn index 069a18f30..69ea299e8 100644 --- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn +++ b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn @@ -80,6 +80,8 @@ Is there a huge objection to this patch? > the `srcdir`. > --[[Joey]] +>> Slightly modified version of patch applied. --[[Joey]] + >> Ok, I'll try to get it cleaned up and documented. There is a second location where this can be an issue. That is in the @@ -133,3 +135,5 @@ like this being accepted before I bothered. >>> Patch using rel2abs() works well - it no longer expands symlinks. >>>> That patch is applied now. --[[Joey]] + +[[tag done]] |