X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/40959ce76d159cefaf0431ad2cc61ad35a9f99b1..ad8fc996ca9fcbf65de81a1890863acf26174287:/IkiWiki/Render.pm
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index a95da40d2..4fefadf09 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -55,8 +55,8 @@ sub parentlinks ($) { #{{{
my $path="";
my $title=$config{wikiname};
- return if $page eq 'index'; # toplevel
foreach my $dir (split("/", $page)) {
+ next if $dir eq 'index';
push @ret, { url => urlto($path, $page), page => $title };
$path.="/".$dir;
$title=pagetitle($dir);
@@ -64,10 +64,9 @@ sub parentlinks ($) { #{{{
return @ret;
} #}}}
-sub genpage ($$$) { #{{{
+sub genpage ($$) { #{{{
my $page=shift;
my $content=shift;
- my $mtime=shift;
my $templatefile;
run_hooks(templatefile => sub {
@@ -129,7 +128,7 @@ sub genpage ($$$) { #{{{
content => $content,
backlinks => $backlinks,
more_backlinks => $more_backlinks,
- mtime => displaytime($mtime),
+ mtime => displaytime($pagemtime{$page}),
baseurl => baseurl($page),
);
@@ -204,8 +203,9 @@ sub render ($) { #{{{
filter($page, $page,
readfile($srcfile)))));
- writefile(htmlpage($page), $config{destdir},
- genpage($page, $content, mtime($srcfile)));
+ my $output=htmlpage($page);
+ writefile($output, $config{destdir}, genpage($page, $content));
+ utime($pagemtime{$page}, $pagemtime{$page}, $config{destdir}."/".$output);
}
else {
my $srcfd=readfile($srcfile, 1, 1);
@@ -231,6 +231,7 @@ sub render ($) { #{{{
}
}
});
+ utime($pagemtime{$file}, $pagemtime{$file}, $config{destdir}."/".$file);
}
} #}}}
@@ -245,6 +246,17 @@ sub prune ($) { #{{{
} #}}}
sub refresh () { #{{{
+ # security check, avoid following symlinks in the srcdir path
+ my $test=$config{srcdir};
+ while (length $test) {
+ if (-l $test) {
+ error("symlink found in srcdir path ($test)");
+ }
+ unless ($test=~s/\/+$//) {
+ $test=dirname($test);
+ }
+ }
+
# find existing pages
my %exists;
my @files;
@@ -270,34 +282,37 @@ sub refresh () { #{{{
}
},
}, $config{srcdir});
- find({
- no_chdir => 1,
- wanted => sub {
- $_=decode_utf8($_);
- if (file_pruned($_, $config{underlaydir})) {
- $File::Find::prune=1;
- }
- elsif (! -d $_ && ! -l $_) {
- my ($f)=/$config{wiki_file_regexp}/; # untaint
- if (! defined $f) {
- warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+ foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+ find({
+ no_chdir => 1,
+ wanted => sub {
+ $_=decode_utf8($_);
+ if (file_pruned($_, $dir)) {
+ $File::Find::prune=1;
}
- else {
- # Don't add pages that are in the
- # srcdir.
- $f=~s/^\Q$config{underlaydir}\E\/?//;
- if (! -e "$config{srcdir}/$f" &&
- ! -l "$config{srcdir}/$f") {
- my $page=pagename($f);
- if (! $exists{$page}) {
- push @files, $f;
- $exists{$page}=1;
+ elsif (! -d $_ && ! -l $_) {
+ my ($f)=/$config{wiki_file_regexp}/; # untaint
+ if (! defined $f) {
+ warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+ }
+ else {
+ $f=~s/^\Q$dir\E\/?//;
+ # avoid underlaydir
+ # override attacks; see
+ # security.mdwn
+ if (! -e "$config{srcdir}/$f" &&
+ ! -l "$config{srcdir}/$f") {
+ my $page=pagename($f);
+ if (! $exists{$page}) {
+ push @files, $f;
+ $exists{$page}=1;
+ }
}
}
}
- }
- },
- }, $config{underlaydir});
+ },
+ }, $dir);
+ };
my %rendered;
@@ -351,7 +366,7 @@ sub refresh () { #{{{
}
run_hooks(needsbuild => sub { shift->(\@needsbuild) });
- # scan and rendder files
+ # scan and render files
foreach my $file (@needsbuild) {
debug(sprintf(gettext("scanning %s"), $file));
scan($file);
@@ -471,8 +486,9 @@ sub commandline_render () { #{{{
$content=preprocess($page, $page, $content);
$content=linkify($page, $page, $content);
$content=htmlize($page, $type, $content);
+ $pagemtime{$page}=mtime($srcfile);
- print genpage($page, $content, mtime($srcfile));
+ print genpage($page, $content);
exit 0;
} #}}}