From a97964688b73d0a3237c798dce3fb064ff29ff11 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 17 Apr 2010 19:05:40 -0400 Subject: unfinished file_prune revamp Many calls to file_prune were incorrectly calling it with 2 parameters. In cases where the filename being checked is relative to the srcdir, that is not needed. Made absolute filenames be pruned. (This won't work for the 2 parameter call style.) --- IkiWiki/Plugin/attachment.pm | 2 +- IkiWiki/Plugin/comments.pm | 4 ++-- IkiWiki/Plugin/editpage.pm | 4 ++-- IkiWiki/Plugin/rename.pm | 5 ++--- 4 files changed, 7 insertions(+), 8 deletions(-) (limited to 'IkiWiki/Plugin') diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index ad1dd9bca..8c3ff887a 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -137,7 +137,7 @@ sub formbuilder (@) { $filename=linkpage(IkiWiki::possibly_foolish_untaint( attachment_location($form->field('page')). IkiWiki::basename($filename))); - if (IkiWiki::file_pruned($filename, $config{srcdir})) { + if (IkiWiki::file_pruned($filename)) { error(gettext("bad attachment filename")); } diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 0aa043215..1c219b6c6 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -338,7 +338,7 @@ sub editcomment ($$) { my $page = $form->field('page'); $page = IkiWiki::possibly_foolish_untaint($page); if (! defined $page || ! length $page || - IkiWiki::file_pruned($page, $config{srcdir})) { + IkiWiki::file_pruned($page)) { error(gettext("bad page name")); } @@ -548,7 +548,7 @@ sub commentmoderation ($$) { # pending comment before untainting. my ($f)= $id =~ /$config{wiki_file_regexp}/; if (! defined $f || ! length $f || - IkiWiki::file_pruned($f, $config{srcdir})) { + IkiWiki::file_pruned($f)) { error("illegal file"); } diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index 44fe5514a..ee1de8eaa 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -94,7 +94,7 @@ sub cgi_editpage ($$) { $page=possibly_foolish_untaint($page); my $absolute=($page =~ s#^/+##); if (! defined $page || ! length $page || - file_pruned($page, $config{srcdir})) { + file_pruned($page)) { error(gettext("bad page name")); } @@ -220,7 +220,7 @@ sub cgi_editpage ($$) { my $best_loc; if (! defined $from || ! length $from || $from ne $form->field('from') || - file_pruned($from, $config{srcdir}) || + file_pruned($from) || $from=~/^\// || $absolute || $form->submitted) { diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm index 1a9da6363..69e615ead 100644 --- a/IkiWiki/Plugin/rename.pm +++ b/IkiWiki/Plugin/rename.pm @@ -63,9 +63,8 @@ sub check_canrename ($$$$$$) { error(gettext("no change to the file name was specified")); } - # Must be a legal filename, and not absolute. - if (IkiWiki::file_pruned($destfile, $config{srcdir}) || - $destfile=~/^\//) { + # Must be a legal filename. + if (IkiWiki::file_pruned($destfile)) { error(sprintf(gettext("illegal name"))); } -- cgit v1.2.3