]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Wrapper.pm
passwordauth: prevent authentication bypass via multiple name parameters
[git.ikiwiki.info.git] / IkiWiki / Wrapper.pm
index 84cc7540bbfa5e63b8d9d85d21cc0b0d63bbb478..c39aa2ef7d678207ef86c938baef3f7af1933c30 100644 (file)
@@ -49,7 +49,7 @@ sub gen_wrapper () {
        push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
                       CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
                       HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
        push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
                       CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
                       HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
-                      HTTP_HOST SERVER_PORT HTTPS
+                      HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT
                       REDIRECT_URL} if $config{cgi};
        my $envsave="";
        foreach my $var (@envsave) {
                       REDIRECT_URL} if $config{cgi};
        my $envsave="";
        foreach my $var (@envsave) {
@@ -95,7 +95,7 @@ EOF
                # IKIWIKI_CGILOCK_FD so unlockwiki can close it.
                $pre_exec=<<"EOF";
        lockfd=open("$config{wikistatedir}/cgilock", O_CREAT | O_RDWR, 0666);
                # IKIWIKI_CGILOCK_FD so unlockwiki can close it.
                $pre_exec=<<"EOF";
        lockfd=open("$config{wikistatedir}/cgilock", O_CREAT | O_RDWR, 0666);
-       if (lockfd != -1 && flock(lockfd, LOCK_EX) == 0) {
+       if (lockfd != -1 && lockf(lockfd, F_LOCK, 0) == 0) {
                char *fd_s=malloc(8);
                sprintf(fd_s, "%i", lockfd);
                setenv("IKIWIKI_CGILOCK_FD", fd_s, 1);
                char *fd_s=malloc(8);
                sprintf(fd_s, "%i", lockfd);
                setenv("IKIWIKI_CGILOCK_FD", fd_s, 1);
@@ -237,8 +237,7 @@ EOF
                error("rename $wrapper.new $wrapper: $!");
        }
        #translators: The parameter is a filename.
                error("rename $wrapper.new $wrapper: $!");
        }
        #translators: The parameter is a filename.
-       printf(gettext("successfully generated %s"), $wrapper);
-       print "\n";
+       debug(sprintf(gettext("successfully generated %s"), $wrapper));
 }
 
 1
 }
 
 1