aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2010-04-21 15:05:59 -0400
committerJoey Hess <joey@kitenet.net>2010-04-21 15:05:59 -0400
commit034b4e826627dddf47ff27278897804e39741e57 (patch)
treea7617cd4b144f3aaf50123b66a35d9913fcdcd3f /IkiWiki
parent9c8761ba49b06a76a923eb91735f842f419d2916 (diff)
downloadikiwiki-034b4e826627dddf47ff27278897804e39741e57.tar
ikiwiki-034b4e826627dddf47ff27278897804e39741e57.tar.gz
remove verify_src_file
Splitting out this function bothered me. It is conceptially similar to file_pruned, and yet also very specific to exactly the security needs of find_src_files. I liked that it got rid of duplicate code in the latter function. So instead, put a helper sub in that, which I think allows refactoring things more cleanly, and with less boilerplate. As to the needs of gen_autofile, I'm not convinced this needs to handle the same set of problems that verify_src_file did. So I sat down and wrote a custom validator for autofiles, which turned out to seem to just need three things: Make sure the candidate filename is not something that would be pruned; untaint the candidate filename; and make sure that srcdir doesn't already have something with its name. (Plus, of course, all the other checks that were already in gen_autofile.) (In passing, also fixed a bunch of bugs I had introduced in this branch.)
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/Render.pm115
1 files changed, 55 insertions, 60 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 03b2910fd..14f6f9d5f 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -281,68 +281,59 @@ sub srcdir_check () {
}
-sub verify_src_file ($$) {
- my $file=shift;
- my $dir=shift;
-
- return if -l $file || -d _;
- $file=~s/^\Q$dir\E\/?//;
- return if ! length $file;
- my $page = pagename($file);
- if (! exists $pagesources{$page} &&
- file_pruned($file)) {
- return;
- }
-
- my ($file_untainted) = $file =~ /$config{wiki_file_regexp}/; # untaint
- if (! defined $file_untainted) {
- warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
- }
- return ($file_untainted, $page);
-}
-
sub find_src_files () {
my @files;
my %pages;
eval q{use File::Find};
error($@) if $@;
- find({
- no_chdir => 1,
- wanted => sub {
- my ($file, $page) = verify_src_file(decode_utf8($_), $config{srcdir});
- if (defined $file) {
- push @files, $file;
- if ($pages{$page}) {
- debug(sprintf(gettext("%s has multiple possible source pages"), $page));
+
+ my ($page, $dir, $underlay);
+ my $helper=sub {
+ my $file=decode_utf8($_);
+
+ return if -l $file || -d _;
+ $file=~s/^\Q$dir\E\/?//;
+ return if ! length $file;
+ $page = pagename($file);
+ if (! exists $pagesources{$page} &&
+ file_pruned($file)) {
+ $File::Find::prune=1;
+ return;
+ }
+
+ my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+ if (! defined $f) {
+ warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
+ }
+
+ if ($underlay) {
+ # avoid underlaydir override attacks; see security.mdwn
+ if (! -l "$config{srcdir}/$f" && ! -e _) {
+ if (! $pages{$page}) {
+ push @files, $f;
+ $pages{$page}=1;
}
- $pages{$page}=1;
}
- else {
- $File::Find::prune=1;
+ }
+ else {
+ push @files, $f;
+ if ($pages{$page}) {
+ debug(sprintf(gettext("%s has multiple possible source pages"), $page));
}
- },
- }, $config{srcdir});
- foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+ $pages{$page}=1;
+ }
+ };
+
+ find({
+ no_chdir => 1,
+ wanted => $helper,
+ }, $dir=$config{srcdir});
+ $underlay=1;
+ foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
find({
no_chdir => 1,
- wanted => sub {
- my ($file, $page) = verify_src_file(decode_utf8($_), $dir);
- if (defined $file) {
- # avoid underlaydir override
- # attacks; see security.mdwn
- if (! -l "$config{srcdir}/$file" &&
- ! -e _) {
- if (! $pages{$page}) {
- push @files, $file;
- $pages{$page}=1;
- }
- }
- }
- else {
- $File::Find::prune=1;
- }
- },
- }, $dir);
+ wanted => $helper,
+ }, $dir=$_);
};
return \@files, \%pages;
}
@@ -691,24 +682,28 @@ sub gen_autofile ($$$) {
my $pages=shift;
my $del=shift;
- if (srcfile($autofile, 1)) {
- return 0;
+ if (srcfile($autofile, 1) || file_pruned($autofile)) {
+ return;
}
-
- my ($file, $page) = verify_src_file("$config{srcdir}/$autofile", $config{srcdir});
+ my $file="$config{srcdir}/$autofile" =~ /$config{wiki_file_regexp}/; # untaint
+ if (! defined $file || -l $file || -d _ || -e _) {
+ return;
+ }
+
if ((!defined $file) ||
(exists $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted})) {
- return 0;
+ return;
}
+ my $page = pagename($file);
if ($pages->{$page}) {
- return 0;
+ return;
}
if (grep { $_ eq $file } @$del) {
- $wikistate{$autofiles{$autofile}{generator}}{autofile_deleted}=1;
- return 0;
+ $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted}=1;
+ return;
}
$autofiles{$autofile}{generator}->();