X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/40959ce76d159cefaf0431ad2cc61ad35a9f99b1..0b977fa22cabf8e1050857412123015c07c30c19:/IkiWiki/Render.pm diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index a95da40d2..35d663a7a 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -270,34 +270,37 @@ sub refresh () { #{{{ } }, }, $config{srcdir}); - find({ - no_chdir => 1, - wanted => sub { - $_=decode_utf8($_); - if (file_pruned($_, $config{underlaydir})) { - $File::Find::prune=1; - } - elsif (! -d $_ && ! -l $_) { - my ($f)=/$config{wiki_file_regexp}/; # untaint - if (! defined $f) { - warn(sprintf(gettext("skipping bad filename %s"), $_)."\n"); + foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) { + find({ + no_chdir => 1, + wanted => sub { + $_=decode_utf8($_); + if (file_pruned($_, $dir)) { + $File::Find::prune=1; } - else { - # Don't add pages that are in the - # srcdir. - $f=~s/^\Q$config{underlaydir}\E\/?//; - if (! -e "$config{srcdir}/$f" && - ! -l "$config{srcdir}/$f") { - my $page=pagename($f); - if (! $exists{$page}) { - push @files, $f; - $exists{$page}=1; + elsif (! -d $_ && ! -l $_) { + my ($f)=/$config{wiki_file_regexp}/; # untaint + if (! defined $f) { + warn(sprintf(gettext("skipping bad filename %s"), $_)."\n"); + } + else { + $f=~s/^\Q$dir\E\/?//; + # avoid underlaydir + # override attacks; see + # security.mdwn + if (! -e "$config{srcdir}/$f" && + ! -l "$config{srcdir}/$f") { + my $page=pagename($f); + if (! $exists{$page}) { + push @files, $f; + $exists{$page}=1; + } } } } - } - }, - }, $config{underlaydir}); + }, + }, $dir); + }; my %rendered; @@ -351,7 +354,7 @@ sub refresh () { #{{{ } run_hooks(needsbuild => sub { shift->(\@needsbuild) }); - # scan and rendder files + # scan and render files foreach my $file (@needsbuild) { debug(sprintf(gettext("scanning %s"), $file)); scan($file);