From: Joey Hess <joey@kitenet.net>
Date: Wed, 21 Apr 2010 19:05:59 +0000 (-0400)
Subject: remove verify_src_file
X-Git-Tag: 3.20100427~62^2~14
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/034b4e826627dddf47ff27278897804e39741e57

remove verify_src_file

Splitting out this function bothered me. It is conceptially similar to
file_pruned, and yet also very specific to exactly the security needs of
find_src_files.

I liked that it got rid of duplicate code in the latter function. So
instead, put a helper sub in that, which I think allows refactoring
things more cleanly, and with less boilerplate.

As to the needs of gen_autofile, I'm not convinced this needs to handle
the same set of problems that verify_src_file did. So I sat down and
wrote a custom validator for autofiles, which turned out to seem to just
need three things: Make sure the candidate filename is not something
that would be pruned; untaint the candidate filename; and make sure that
srcdir doesn't already have something with its name. (Plus, of course,
all the other checks that were already in gen_autofile.)

(In passing, also fixed a bunch of bugs I had introduced in this branch.)
---

diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 03b2910fd..14f6f9d5f 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -281,68 +281,59 @@ sub srcdir_check () {
 	
 }
 
-sub verify_src_file ($$) {
-	my $file=shift;
-	my $dir=shift;
-
-	return if -l $file || -d _;
-	$file=~s/^\Q$dir\E\/?//;
-	return if ! length $file;
-	my $page = pagename($file);
-	if (! exists $pagesources{$page} &&
-		file_pruned($file)) {
-		return;
-	}
-
-	my ($file_untainted) = $file =~ /$config{wiki_file_regexp}/; # untaint
-	if (! defined $file_untainted) {
-		warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
-	}
-	return ($file_untainted, $page);
-}
-
 sub find_src_files () {
 	my @files;
 	my %pages;
 	eval q{use File::Find};
 	error($@) if $@;
-	find({
-		no_chdir => 1,
-		wanted => sub {
-			my ($file, $page) = verify_src_file(decode_utf8($_), $config{srcdir});
-			if (defined $file) {
-				push @files, $file;
-				if ($pages{$page}) {
-					debug(sprintf(gettext("%s has multiple possible source pages"), $page));
+
+	my ($page, $dir, $underlay);
+	my $helper=sub {
+		my $file=decode_utf8($_);
+
+		return if -l $file || -d _;
+		$file=~s/^\Q$dir\E\/?//;
+		return if ! length $file;
+		$page = pagename($file);
+		if (! exists $pagesources{$page} &&
+		    file_pruned($file)) {
+			$File::Find::prune=1;
+			return;
+		}
+
+		my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+		if (! defined $f) {
+			warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
+		}
+	
+		if ($underlay) {
+			# avoid underlaydir override attacks; see security.mdwn
+			if (! -l "$config{srcdir}/$f" && ! -e _) {
+				if (! $pages{$page}) {
+					push @files, $f;
+					$pages{$page}=1;
 				}
-				$pages{$page}=1;
 			}
-			else {
-				$File::Find::prune=1;
+		}
+		else {
+			push @files, $f;
+			if ($pages{$page}) {
+				debug(sprintf(gettext("%s has multiple possible source pages"), $page));
 			}
-		},
-	}, $config{srcdir});
-	foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+			$pages{$page}=1;
+		}
+	};
+
+	find({
+		no_chdir => 1,
+		wanted => $helper,
+	}, $dir=$config{srcdir});
+	$underlay=1;
+	foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
 		find({
 			no_chdir => 1,
-			wanted => sub {
-				my ($file, $page) = verify_src_file(decode_utf8($_), $dir);
-				if (defined $file) {
-					# avoid underlaydir override
-					# attacks; see security.mdwn
-					if (! -l "$config{srcdir}/$file" &&
-					    ! -e _) {
-						if (! $pages{$page}) {
-							push @files, $file;
-							$pages{$page}=1;
-						}
-					}
-				}
-				else {
-					$File::Find::prune=1;
-				}
-			},
-		}, $dir);
+			wanted => $helper,
+		}, $dir=$_);
 	};
 	return \@files, \%pages;
 }
@@ -691,24 +682,28 @@ sub gen_autofile ($$$) {
 	my $pages=shift;
 	my $del=shift;
 	
-	if (srcfile($autofile, 1)) {
-		return 0;
+	if (srcfile($autofile, 1) || file_pruned($autofile)) {
+		return;
 	}
-
-	my ($file, $page) = verify_src_file("$config{srcdir}/$autofile", $config{srcdir});
 	
+	my $file="$config{srcdir}/$autofile" =~ /$config{wiki_file_regexp}/; # untaint
+	if (! defined $file || -l $file || -d _ || -e _) {
+		return;
+	}
+
 	if ((!defined $file) ||
 	    (exists $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted})) {
-		return 0;
+		return;
 	}
 	
+	my $page = pagename($file);
 	if ($pages->{$page}) {
-		return 0;
+		return;
 	}
 
 	if (grep { $_ eq $file } @$del) {
-		$wikistate{$autofiles{$autofile}{generator}}{autofile_deleted}=1;
-		return 0;
+		$wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted}=1;
+		return;
 	}
 
 	$autofiles{$autofile}{generator}->();