improve fix for symlink attacks to check subdirectories for symlinks too

before writing

2 files changed, 4 insertions, 4 deletions

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index b47c8e803..f360b6778 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -425,7 +425,7 @@ sub cgi_editpage ($$) { #{{{
 		my $content=$form->field('content');
 		$content=~s/\r\n/\n/g;
 		$content=~s/\r/\n/g;
-		writefile("$config{srcdir}/$file", $content);
+		writefile($file, $config{srcdir}, $content);
 		
 		my $message="web commit ";
 		if (length $session->param("name")) {
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 3d827d341..9e340c26e 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -349,7 +349,7 @@ sub render ($) { #{{{
 		$content=htmlize($type, $content);
 		
 		check_overwrite("$config{destdir}/".htmlpage($page), $page);
-		writefile("$config{destdir}/".htmlpage($page),
+		writefile(htmlpage($page), $config{destdir},
 			genpage($content, $page, mtime($srcfile)));
 		$oldpagemtime{$page}=time;
 		$renderedfiles{$page}=htmlpage($page);
@@ -358,14 +358,14 @@ sub render ($) { #{{{
 		# check_overwrite, as above, but currently renderedfiles
 		# only supports listing one file per page.
 		if ($config{rss} && exists $inlinepages{$page}) {
-			writefile("$config{destdir}/".rsspage($page),
+			writefile(rsspage($page), $config{destdir},
 				genrss($content, $page, mtime($srcfile)));
 		}
 	}
 	else {
 		$links{$file}=[];
 		check_overwrite("$config{destdir}/$file", $file);
-		writefile("$config{destdir}/$file", $content);
+		writefile($file, $config{destdir}, $content);
 		$oldpagemtime{$file}=time;
 		$renderedfiles{$file}=$file;
 	}