]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/bugs/removal_of_transient_pages.mdwn
Exclude working directory from library path (CVE-2016-1238)
[git.ikiwiki.info.git] / doc / bugs / removal_of_transient_pages.mdwn
index dfa14d359a831eef1749927055628dcd177e8ffb..6d0caf42eeca6592fe4994f6e103e4d3bcbcd5c9 100644 (file)
@@ -59,3 +59,20 @@ inconsistent between the one-and two-argument forms. Thoughts?
 > I think required 2-argument would be better, but have not checked
 > all the call sites to see if the `$file` is available split out
 > as that would need. --[[Joey]] 
+
+[[!template id=gitbranch branch=smcv/ready/prune author="[[Simon McVittie|smcv]]"]]
+
+>> Try this, then? I had to make some changes to `attachment`
+>> to make the split versions available. I suggest reviewing
+>> patch-by-patch.
+
+>>> Branch updated; I'd missed a use of prune in ikiwiki.in itself.
+>>> Unfortunately, this means it does still need to support the
+>>> "undefined top directory" case: there isn't an obvious top
+>>> directory for wrappers. --[[smcv]]
+
+>> I also tried to fix a related bug which I found while testing it:
+>> the special case for renaming held attachments didn't seem to work.
+>> (`smcv/wip/rename-held`.) Unfortunately, it seems that with that
+>> change, the held attachment is committed to the `srcdir` when you
+>> rename it, which doesn't seem to be the intention either? --[[smcv]]