X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/72c95e8434cf4f2c96d2320eec13cbc01580cb52..9af4c0f6ed27852d072e7d7869ca6506e175a3c7:/IkiWiki/Render.pm

diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 911e9c273..4fefadf09 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -55,8 +55,8 @@ sub parentlinks ($) { #{{{
 	my $path="";
 	my $title=$config{wikiname};
 	
-	return if $page eq 'index'; # toplevel
 	foreach my $dir (split("/", $page)) {
+		next if $dir eq 'index';
 		push @ret, { url => urlto($path, $page), page => $title };
 		$path.="/".$dir;
 		$title=pagetitle($dir);
@@ -64,12 +64,19 @@ sub parentlinks ($) { #{{{
 	return @ret;
 } #}}}
 
-sub genpage ($$$) { #{{{
+sub genpage ($$) { #{{{
 	my $page=shift;
 	my $content=shift;
-	my $mtime=shift;
 
-	my $template=template("page.tmpl", blind_cache => 1);
+	my $templatefile;
+	run_hooks(templatefile => sub {
+		return if defined $templatefile;
+		my $file=shift->(page => $page);
+		if (defined $file && defined template_file($file)) {
+			$templatefile=$file;
+		}
+	});
+	my $template=template(defined $templatefile ? $templatefile : 'page.tmpl', blind_cache => 1);
 	my $actions=0;
 
 	if (length $config{cgiurl}) {
@@ -121,7 +128,7 @@ sub genpage ($$$) { #{{{
 		content => $content,
 		backlinks => $backlinks,
 		more_backlinks => $more_backlinks,
-		mtime => displaytime($mtime),
+		mtime => displaytime($pagemtime{$page}),
 		baseurl => baseurl($page),
 	);
 
@@ -196,8 +203,9 @@ sub render ($) { #{{{
 			filter($page, $page,
 			readfile($srcfile)))));
 		
-		writefile(htmlpage($page), $config{destdir},
-			genpage($page, $content, mtime($srcfile)));
+		my $output=htmlpage($page);
+		writefile($output, $config{destdir}, genpage($page, $content));
+		utime($pagemtime{$page}, $pagemtime{$page}, $config{destdir}."/".$output);
 	}
 	else {
 		my $srcfd=readfile($srcfile, 1, 1);
@@ -223,6 +231,7 @@ sub render ($) { #{{{
 				}
 			}
 		});
+		utime($pagemtime{$file}, $pagemtime{$file}, $config{destdir}."/".$file);
 	}
 } #}}}
 
@@ -237,6 +246,17 @@ sub prune ($) { #{{{
 } #}}}
 
 sub refresh () { #{{{
+	# security check, avoid following symlinks in the srcdir path
+	my $test=$config{srcdir};
+	while (length $test) {
+		if (-l $test) {
+			error("symlink found in srcdir path ($test)");
+		}
+		unless ($test=~s/\/+$//) {
+			$test=dirname($test);
+		}
+	}
+
 	# find existing pages
 	my %exists;
 	my @files;
@@ -262,34 +282,37 @@ sub refresh () { #{{{
 			}
 		},
 	}, $config{srcdir});
-	find({
-		no_chdir => 1,
-		wanted => sub {
-			$_=decode_utf8($_);
-			if (file_pruned($_, $config{underlaydir})) {
-				$File::Find::prune=1;
-			}
-			elsif (! -d $_ && ! -l $_) {
-				my ($f)=/$config{wiki_file_regexp}/; # untaint
-				if (! defined $f) {
-					warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+	foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+		find({
+			no_chdir => 1,
+			wanted => sub {
+				$_=decode_utf8($_);
+				if (file_pruned($_, $dir)) {
+					$File::Find::prune=1;
 				}
-				else {
-					# Don't add pages that are in the
-					# srcdir.
-					$f=~s/^\Q$config{underlaydir}\E\/?//;
-					if (! -e "$config{srcdir}/$f" && 
-					    ! -l "$config{srcdir}/$f") {
-					    	my $page=pagename($f);
-						if (! $exists{$page}) {
-							push @files, $f;
-							$exists{$page}=1;
+				elsif (! -d $_ && ! -l $_) {
+					my ($f)=/$config{wiki_file_regexp}/; # untaint
+					if (! defined $f) {
+						warn(sprintf(gettext("skipping bad filename %s"), $_)."\n");
+					}
+					else {
+						$f=~s/^\Q$dir\E\/?//;
+						# avoid underlaydir
+						# override attacks; see
+						# security.mdwn
+						if (! -e "$config{srcdir}/$f" && 
+						    ! -l "$config{srcdir}/$f") {
+						    	my $page=pagename($f);
+							if (! $exists{$page}) {
+								push @files, $f;
+								$exists{$page}=1;
+							}
 						}
 					}
 				}
-			}
-		},
-	}, $config{underlaydir});
+			},
+		}, $dir);
+	};
 
 	my %rendered;
 
@@ -343,7 +366,7 @@ sub refresh () { #{{{
 	}
 	run_hooks(needsbuild => sub { shift->(\@needsbuild) });
 
-	# scan and rendder files
+	# scan and render files
 	foreach my $file (@needsbuild) {
 		debug(sprintf(gettext("scanning %s"), $file));
 		scan($file);
@@ -463,8 +486,9 @@ sub commandline_render () { #{{{
 	$content=preprocess($page, $page, $content);
 	$content=linkify($page, $page, $content);
 	$content=htmlize($page, $type, $content);
+	$pagemtime{$page}=mtime($srcfile);
 
-	print genpage($page, $content, mtime($srcfile));
+	print genpage($page, $content);
 	exit 0;
 } #}}}