]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Render.pm
* git: Correct display of multiline commit messages in recentchanges.
[git.ikiwiki.info.git] / IkiWiki / Render.pm
index 5fd0dea0dc080e6bf2fc301f3b306f997eb2e07b..047ab8212f16591bdcf3daf03d36c7436f4cb819 100644 (file)
@@ -64,10 +64,9 @@ sub parentlinks ($) { #{{{
        return @ret;
 } #}}}
 
-sub genpage ($$$) { #{{{
+sub genpage ($$) { #{{{
        my $page=shift;
        my $content=shift;
-       my $mtime=shift;
 
        my $templatefile;
        run_hooks(templatefile => sub {
@@ -129,7 +128,7 @@ sub genpage ($$$) { #{{{
                content => $content,
                backlinks => $backlinks,
                more_backlinks => $more_backlinks,
-               mtime => displaytime($mtime),
+               mtime => displaytime($pagemtime{$page}),
                baseurl => baseurl($page),
        );
 
@@ -204,8 +203,9 @@ sub render ($) { #{{{
                        filter($page, $page,
                        readfile($srcfile)))));
                
-               writefile(htmlpage($page), $config{destdir},
-                       genpage($page, $content, mtime($srcfile)));
+               my $output=htmlpage($page);
+               writefile($output, $config{destdir}, genpage($page, $content));
+               utime($pagemtime{$page}, $pagemtime{$page}, $config{destdir}."/".$output);
        }
        else {
                my $srcfd=readfile($srcfile, 1, 1);
@@ -231,6 +231,7 @@ sub render ($) { #{{{
                                }
                        }
                });
+               utime($pagemtime{$file}, $pagemtime{$file}, $config{destdir}."/".$file);
        }
 } #}}}
 
@@ -245,6 +246,17 @@ sub prune ($) { #{{{
 } #}}}
 
 sub refresh () { #{{{
+       # security check, avoid following symlinks in the srcdir path
+       my $test=$config{srcdir};
+       while (length $test) {
+               if (-l $test) {
+                       error("symlink found in srcdir path ($test)");
+               }
+               unless ($test=~s/\/+$//) {
+                       $test=dirname($test);
+               }
+       }
+
        # find existing pages
        my %exists;
        my @files;
@@ -270,34 +282,37 @@ sub refresh () { #{{{
                        }
                },
        }, $config{srcdir});
-       find({
-               no_chdir => 1,
-               wanted => sub {
-                       $_=decode_utf8($_);
-                       if (file_pruned($_, $config{underlaydir})) {
-                               $File::Find::prune=1;
-                       }
-                       elsif (! -d $_ && ! -l $_) {
-                               my ($f)=/$config{wiki_file_regexp}/; # untaint
-                               if (! defined $f) {
-                                       warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+       foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+               find({
+                       no_chdir => 1,
+                       wanted => sub {
+                               $_=decode_utf8($_);
+                               if (file_pruned($_, $dir)) {
+                                       $File::Find::prune=1;
                                }
-                               else {
-                                       # Don't add pages that are in the
-                                       # srcdir.
-                                       $f=~s/^\Q$config{underlaydir}\E\/?//;
-                                       if (! -e "$config{srcdir}/$f" && 
-                                           ! -l "$config{srcdir}/$f") {
-                                               my $page=pagename($f);
-                                               if (! $exists{$page}) {
-                                                       push @files, $f;
-                                                       $exists{$page}=1;
+                               elsif (! -d $_ && ! -l $_) {
+                                       my ($f)=/$config{wiki_file_regexp}/; # untaint
+                                       if (! defined $f) {
+                                               warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+                                       }
+                                       else {
+                                               $f=~s/^\Q$dir\E\/?//;
+                                               # avoid underlaydir
+                                               # override attacks; see
+                                               # security.mdwn
+                                               if (! -e "$config{srcdir}/$f" && 
+                                                   ! -l "$config{srcdir}/$f") {
+                                                       my $page=pagename($f);
+                                                       if (! $exists{$page}) {
+                                                               push @files, $f;
+                                                               $exists{$page}=1;
+                                                       }
                                                }
                                        }
                                }
-                       }
-               },
-       }, $config{underlaydir});
+                       },
+               }, $dir);
+       };
 
        my %rendered;
 
@@ -471,8 +486,9 @@ sub commandline_render () { #{{{
        $content=preprocess($page, $page, $content);
        $content=linkify($page, $page, $content);
        $content=htmlize($page, $type, $content);
+       $pagemtime{$page}=mtime($srcfile);
 
-       print genpage($page, $content, mtime($srcfile));
+       print genpage($page, $content);
        exit 0;
 } #}}}