diff options
| author | David Riebenbauer <davrieb@liegesta.at> | 2010-02-03 06:57:20 +0100 |
|---|---|---|
| committer | David Riebenbauer <davrieb@liegesta.at> | 2010-02-03 07:34:04 +0100 |
| commit | da5d29f95f6e693e8c14be1b896cf25cf4fdb3c0 (patch) | |
| tree | 8963b1bd672f41a7dcaaf402acef24359f0651b5 /IkiWiki | |
| parent | bd1e29b8c4d2c2e0329789d1baf0a879617aeee4 (diff) | |
| download | ikiwiki-da5d29f95f6e693e8c14be1b896cf25cf4fdb3c0.tar ikiwiki-da5d29f95f6e693e8c14be1b896cf25cf4fdb3c0.tar.gz | |
fix bugs in `find_src_files()`.
Use `_` to avoid superfluous stat.
Check for `defined $file`, instead of just `$file`.
Add spaces after commas.
Change return values of `verify_src_file()` to not return the tainted filename.
Rename `$f` to `$file_untainted in `verify_src_file()`.
$f changes to `$file` in `find_src_files()`.
This attempts to fix commit f3abeac919c4736429bd3362af6edf51ede8e7fe.
For discussion see
<http://ikiwiki.info/todo/auto-create_tag_pages_according_to_a_template/>
Diffstat (limited to 'IkiWiki')
| -rw-r--r-- | IkiWiki/Render.pm | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index d2fa80fbb..5b72b6de1 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -284,7 +284,7 @@ sub verify_src_file ($$) { my $file=decode_utf8(shift); my $dir=shift; - return if -l $file || -d $file; + return if -l $file || -d _; $file=~s/^\Q$dir\E\/?//; return if ! length $file; my $page = pagename($file); @@ -294,11 +294,11 @@ sub verify_src_file ($$) { return; } - my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint - if (! defined $f) { + my ($file_untainted) = $file =~ /$config{wiki_file_regexp}/; # untaint + if (! defined $file_untainted) { warn(sprintf(gettext("skipping bad filename %s"), $file)."\n"); } - return ($file,$page,$f); + return ($file_untainted, $page); } sub find_src_files () { @@ -309,8 +309,8 @@ sub find_src_files () { find({ no_chdir => 1, wanted => sub { - my ($file,$page,$f) = verify_src_file($_,$config{srcdir}); - if ($file) { + my ($file, $page) = verify_src_file($_, $config{srcdir}); + if (defined $file) { push @files, $file; if ($pages{$page}) { debug(sprintf(gettext("%s has multiple possible source pages"), $page)); @@ -323,14 +323,14 @@ sub find_src_files () { find({ no_chdir => 1, wanted => sub { - my ($file,$page,$f) = verify_src_file($_,$dir); - if ($f) { + my ($file, $page) = verify_src_file($_, $dir); + if (defined $file) { # avoid underlaydir override # attacks; see security.mdwn - if (! -l "$config{srcdir}/$f" && + if (! -l "$config{srcdir}/$file" && ! -e _) { if (! $pages{$page}) { - push @files, $f; + push @files, $file; $pages{$page}=1; } } |