return @ret;
} #}}}
-sub genpage ($$$) { #{{{
+sub genpage ($$) { #{{{
my $page=shift;
my $content=shift;
- my $mtime=shift;
my $templatefile;
run_hooks(templatefile => sub {
content => $content,
backlinks => $backlinks,
more_backlinks => $more_backlinks,
- mtime => displaytime($mtime),
+ mtime => displaytime($pagemtime{$page}),
baseurl => baseurl($page),
);
filter($page, $page,
readfile($srcfile)))));
- writefile(htmlpage($page), $config{destdir},
- genpage($page, $content, mtime($srcfile)));
+ my $output=htmlpage($page);
+ writefile($output, $config{destdir}, genpage($page, $content));
+ utime($pagemtime{$page}, $pagemtime{$page}, $config{destdir}."/".$output);
}
else {
my $srcfd=readfile($srcfile, 1, 1);
}
}
});
+ utime($pagemtime{$file}, $pagemtime{$file}, $config{destdir}."/".$file);
}
} #}}}
} #}}}
sub refresh () { #{{{
+ # security check, avoid following symlinks in the srcdir path
+ my $test=$config{srcdir};
+ while (length $test) {
+ if (-l $test) {
+ error("symlink found in srcdir path ($test)");
+ }
+ unless ($test=~s/\/+$//) {
+ $test=dirname($test);
+ }
+ }
+
# find existing pages
my %exists;
my @files;
}
},
}, $config{srcdir});
- find({
- no_chdir => 1,
- wanted => sub {
- $_=decode_utf8($_);
- if (file_pruned($_, $config{underlaydir})) {
- $File::Find::prune=1;
- }
- elsif (! -d $_ && ! -l $_) {
- my ($f)=/$config{wiki_file_regexp}/; # untaint
- if (! defined $f) {
- warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+ foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+ find({
+ no_chdir => 1,
+ wanted => sub {
+ $_=decode_utf8($_);
+ if (file_pruned($_, $dir)) {
+ $File::Find::prune=1;
}
- else {
- # Don't add pages that are in the
- # srcdir.
- $f=~s/^\Q$config{underlaydir}\E\/?//;
- if (! -e "$config{srcdir}/$f" &&
- ! -l "$config{srcdir}/$f") {
- my $page=pagename($f);
- if (! $exists{$page}) {
- push @files, $f;
- $exists{$page}=1;
+ elsif (! -d $_ && ! -l $_) {
+ my ($f)=/$config{wiki_file_regexp}/; # untaint
+ if (! defined $f) {
+ warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+ }
+ else {
+ $f=~s/^\Q$dir\E\/?//;
+ # avoid underlaydir
+ # override attacks; see
+ # security.mdwn
+ if (! -e "$config{srcdir}/$f" &&
+ ! -l "$config{srcdir}/$f") {
+ my $page=pagename($f);
+ if (! $exists{$page}) {
+ push @files, $f;
+ $exists{$page}=1;
+ }
}
}
}
- }
- },
- }, $config{underlaydir});
+ },
+ }, $dir);
+ };
my %rendered;
$content=preprocess($page, $page, $content);
$content=linkify($page, $page, $content);
$content=htmlize($page, $type, $content);
+ $pagemtime{$page}=mtime($srcfile);
- print genpage($page, $content, mtime($srcfile));
+ print genpage($page, $content);
exit 0;
} #}}}