aboutsummaryrefslogtreecommitdiff
path: root/t/relativity.t
Commit message (Collapse)AuthorAge
* Exclude working directory from library path (CVE-2016-1238)Simon McVittie2016-07-28
| | | | | | | | | | | | | | | | | | | | | Current Perl versions put '.' at the end of the library search path @INC, although this will be fixed in a future Perl release. This means that when software loads an optionally-present module, it will be looked for in the current working directory before giving up. An attacker could use this to execute arbitrary Perl code from ikiwiki's current working directory. Removing '.' from the library search path in Perl is the correct fix for this vulnerability, but is not trivial to do due to backwards-compatibility concerns. Mitigate this (even if ikiwiki is run with a vulnerable Perl version) by explicitly removing '.' from the search path, and instead looking for ikiwiki's own modules relative to the absolute path of the executable when run from the source directory. In tests that specifically want to use the current working directory, use "-I".getcwd instead of "-I." so we use its absolute path, which is immune to the removal of ".".
* Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructureSimon McVittie2015-11-30
|
* Remove now-redundant test-cases for a non-default html5 settingSimon McVittie2014-10-16
|
* Now that we're always using HTML5, <base href> can be relativeSimon McVittie2014-10-16
|
* Extract test subs for each site. No change meant.Amitai Schlair2014-10-12
|
* Extract run_cgi(). No functional change intended.Amitai Schlair2014-10-12
|
* Extract check_generated_content(). Same output.Amitai Schlair2014-10-11
|
* Extract check_cgi_mode_bits(). No change intended.Amitai Schlair2014-10-10
|
* Extract thoroughly_rebuild(), a slight test change.Amitai Schlair2014-10-10
| | | | | | | I didn't try to parameterize when a test should fail when we can't remove ikiwiki.cgi because there already isn't one. (Hooray, natural language.) Instead, we stop worrying about it and always tolerate ENOENT.
* Extract write_setup_file(). No functional change.Amitai Schlair2014-10-10
| | | | Test output differs only by the line numbers of the TODO items.
* simplify IPC::Run check (same behavior)Amitai Schlair2014-10-06
|
* In html5 mode, generate a host- or protocol-relative <base> for the CGISimon McVittie2014-10-05
| | | | This increases the number of situations in which we do the right thing.
* Add reverse_proxy option which hard-codes cgiurl in CGI outputSimon McVittie2014-10-05
| | | | | This solves several people's issues with the CGI trying to be too clever when IkiWiki is placed behind a reverse-proxy.
* Avoid mixed content when cgiurl is https but url is notSimon McVittie2014-10-05
|
* Use protocol-relative URIs if cgiurl and url differ only by authority (hostname)Simon McVittie2014-10-05
|
* Fix a test-case that actually just repeated the previous one insteadSimon McVittie2014-10-05
|
* Force use of $config{url} as top URL in w3mmodeSimon McVittie2014-10-05
|
* relative URLs test: pass an appropriate PERL5LIB throughSimon McVittie2014-10-05
| | | | | We were previously using the system copy of IkiWiki, because the CGI resets its environment.
* add the beginnings of a test for CGI/static URL interactionsSimon McVittie2014-10-05