improve fix for symlink attacks to check subdirectories for symlinks too

before writing
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-03-29 18:50:36 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-03-29 18:50:36 +0000
commit: efe91335c65b96f3eb8b32d8c58c9cce68db47b4 (patch)
tree: 252c7b1a8af828b09e34c4d549975b71ca41831d /ikiwiki
parent: 2a16e15122574cca9c5b52ccfc46a022a71e25dc (diff)
download: ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar
ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar.gz
1 files changed, 11 insertions, 6 deletions
diff --git a/ikiwiki b/ikiwiki
index 4ef6ceba3..b1bc9984f 100755
--- a/ikiwiki
+++ b/ikiwiki
@@ -202,15 +202,20 @@ sub readfile ($) { #{{{
 	return $ret;
 } #}}}
 
-sub writefile ($$) { #{{{
-	my $file=shift;
+sub writefile ($$$) { #{{{
+	my $file=shift; # can include subdirs
+	my $destdir=shift; # directory to put file in
 	my $content=shift;
 	
-	if (-l $file) {
-		error("cannot write to a symlink ($file)");
+	my $test=$file;
+	while (length $test) {
+		if (-l "$destdir/$test") {
+			error("cannot write to a symlink ($test)");
+		}
+		$test=dirname($test);
 	}
 
-	my $dir=dirname($file);
+	my $dir=dirname("$destdir/$file");
 	if (! -d $dir) {
 		my $d="";
 		foreach my $s (split(m!/+!, $dir)) {
@@ -221,7 +226,7 @@ sub writefile ($$) { #{{{
 		}
 	}
 	
-	open (OUT, ">$file") || error("failed to write $file: $!");
+	open (OUT, ">$destdir/$file") || error("failed to write $destdir/$file: $!");
 	print OUT $content;
 	close OUT;
 } #}}}
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-03-29 18:50:36 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-03-29 18:50:36 +0000
commit	efe91335c65b96f3eb8b32d8c58c9cce68db47b4 (patch)
tree	252c7b1a8af828b09e34c4d549975b71ca41831d /ikiwiki
parent	2a16e15122574cca9c5b52ccfc46a022a71e25dc (diff)
download	ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar.gz