]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Wrapper.pm
passwordauth: prevent authentication bypass via multiple name parameters
[git.ikiwiki.info.git] / IkiWiki / Wrapper.pm
index bd134c9a35c2fa87eef5a505e43984bdc26cc1d5..c39aa2ef7d678207ef86c938baef3f7af1933c30 100644 (file)
@@ -8,6 +8,26 @@ use File::Spec;
 use Data::Dumper;
 use IkiWiki;
 
+sub gen_wrappers () {
+       debug(gettext("generating wrappers.."));
+       my %origconfig=(%config);
+       foreach my $wrapper (@{$config{wrappers}}) {
+               %config=(%origconfig, %{$wrapper});
+               $config{verbose}=$config{setupverbose}
+                       if exists $config{setupverbose};
+               $config{syslog}=$config{setupsyslog}
+                       if exists $config{setupsyslog};
+               delete @config{qw(setupsyslog setupverbose wrappers genwrappers rebuild)};
+               checkconfig();
+               if (! $config{cgi} && ! $config{post_commit} &&
+                   ! $config{test_receive}) {
+                       $config{post_commit}=1;
+               }
+               gen_wrapper();
+       }
+       %config=(%origconfig);
+}
+
 sub gen_wrapper () {
        $config{srcdir}=File::Spec->rel2abs($config{srcdir});
        $config{destdir}=File::Spec->rel2abs($config{destdir});
@@ -29,6 +49,7 @@ sub gen_wrapper () {
        push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
                       CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
                       HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
+                      HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT
                       REDIRECT_URL} if $config{cgi};
        my $envsave="";
        foreach my $var (@envsave) {
@@ -74,7 +95,7 @@ EOF
                # IKIWIKI_CGILOCK_FD so unlockwiki can close it.
                $pre_exec=<<"EOF";
        lockfd=open("$config{wikistatedir}/cgilock", O_CREAT | O_RDWR, 0666);
-       if (lockfd != -1 && flock(lockfd, LOCK_EX) == 0) {
+       if (lockfd != -1 && lockf(lockfd, F_LOCK, 0) == 0) {
                char *fd_s=malloc(8);
                sprintf(fd_s, "%i", lockfd);
                setenv("IKIWIKI_CGILOCK_FD", fd_s, 1);
@@ -108,7 +129,7 @@ EOF
 #include <sys/file.h>
 
 extern char **environ;
-char *newenviron[$#envsave+6];
+char *newenviron[$#envsave+7];
 int i=0;
 
 void addenv(char *var, char *val) {
@@ -127,6 +148,7 @@ $check_commit_hook
 @wrapper_hooks
 $envsave
        newenviron[i++]="HOME=$ENV{HOME}";
+       newenviron[i++]="PATH=$ENV{PATH}";
        newenviron[i++]="WRAPPED_OPTIONS=$configstring";
 
 #ifdef __TINYC__
@@ -215,8 +237,7 @@ EOF
                error("rename $wrapper.new $wrapper: $!");
        }
        #translators: The parameter is a filename.
-       printf(gettext("successfully generated %s"), $wrapper);
-       print "\n";
+       debug(sprintf(gettext("successfully generated %s"), $wrapper));
 }
 
 1