From: Joey Hess <joey@kitenet.net>
Date: Tue, 15 Jun 2010 21:41:26 +0000 (-0400)
Subject: fix other cases of unicode mixing issue
X-Git-Tag: 3.20100623~54
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/a2989598884807ace2a9efd248b7c32824cf6c6f?ds=sidebyside;hp=-c

fix other cases of unicode mixing issue

and fix underlaydir override attack guard when srcdir is non-absolute
---

a2989598884807ace2a9efd248b7c32824cf6c6f
diff --combined IkiWiki/Render.pm
index 0e7aa9a48,f81e373b7..740bb52b0
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@@ -292,11 -292,17 +292,16 @@@ sub find_src_files () 
  	eval q{use File::Find};
  	error($@) if $@;
  
+ 	eval q{use Cwd};
+ 	die $@ if $@;
+ 	my $origdir=getcwd();
+ 	my $abssrcdir=Cwd::abs_path($config{srcdir});
+ 
  	my ($page, $underlay);
  	my $helper=sub {
  		my $file=decode_utf8($_);
 -
  		return if -l $file || -d _;
- 		$file=~s/^\Q.\/\E//;
+ 		$file=~s/^\.\///;
  		return if ! length $file;
  		$page = pagename($file);
  		if (! exists $pagesources{$page} &&
@@@ -313,7 -319,7 +318,7 @@@
  	
  		if ($underlay) {
  			# avoid underlaydir override attacks; see security.mdwn
- 			if (! -l "$config{srcdir}/$f" && ! -e _) {
+ 			if (! -l "$abssrcdir/$f" && ! -e _) {
  				if (! $pages{$page}) {
  					push @files, $f;
  					$pages{$page}=1;
@@@ -329,10 -335,6 +334,6 @@@
  		}
  	};
  
- 	eval q{use Cwd};
- 	die $@ if $@;
- 	my $origdir=getcwd();
- 
  	chdir($config{srcdir}) || die "chdir: $!";
  	find({
  		no_chdir => 1,