X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/a29b111afb09668098cf441aecf92306fb3f4b83..19d29f457639d045aa0a6f4e4766b9e96e9904d5:/doc/forum/Allow_overriding_of_symlink_restriction.mdwn

diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
index f658f0cb3..bd94811df 100644
--- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
+++ b/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
@@ -28,26 +28,50 @@ Now my problem:  I have a hosted server where I cannot avoid having a symlink in
 
 Is there a huge objection to this patch?
 
-(note: patch inline - look at the source to get it.  And I didn't re-indent the code when I added the if...)
-
-	index 990fcaa..d7cb37e 100644
-	--- a/IkiWiki/Render.pm
-	+++ b/IkiWiki/Render.pm
-	@@ -260,6 +260,7 @@ sub prune ($) { #{{{
-	 
-	 sub refresh () { #{{{
-	        # security check, avoid following symlinks in the srcdir path
-	+       if (! $config{allowsrcdirlinks}) {
-	        my $test=$config{srcdir};
-	        while (length $test) {
-	                if (-l $test) {
-	@@ -269,6 +270,7 @@ sub refresh () { #{{{
-	                        $test=dirname($test);
-	                }
-	        }
-	+       }
-        
-        	run_hooks(refresh => sub { shift->() });
+>>> [[patch]] updated.
+
+    diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
+    index 990fcaa..0fb78ba 100644
+    --- a/IkiWiki/Render.pm
+    +++ b/IkiWiki/Render.pm
+    @@ -260,13 +260,15 @@ sub prune ($) { #{{{
+     
+     sub refresh () { #{{{
+     	# security check, avoid following symlinks in the srcdir path
+    -	my $test=$config{srcdir};
+    -	while (length $test) {
+    -		if (-l $test) {
+    -			error("symlink found in srcdir path ($test)");
+    -		}
+    -		unless ($test=~s/\/+$//) {
+    -			$test=dirname($test);
+    +	if (! $config{allow_insecure_symlinks_in_path_to_srcdir}) {
+    +		my $test=$config{srcdir};
+    +		while (length $test) {
+    +			if (-l $test) {
+    +				error("symlink found in srcdir path ($test)");
+    +			}
+    +			unless ($test=~s/\/+$//) {
+    +				$test=dirname($test);
+    +			}
+     		}
+     	}
+     	
+    diff --git a/doc/ikiwiki.setup b/doc/ikiwiki.setup
+    index 10cb3da..eb86e49 100644
+    --- a/doc/ikiwiki.setup
+    +++ b/doc/ikiwiki.setup
+    @@ -203,4 +203,10 @@ use IkiWiki::Setup::Standard {
+     	# For use with the attachment plugin, a program that returns
+     	# nonzero if its standard input contains an virus.
+     	#virus_checker => "clamdscan -",
+    +	
+    +	# The following setting allows symlinks in the path to your
+    +	# srcdir.  Symlinks are still not followed within srcdir.
+    +	# Allowing symlinks to be followed, even in the path to srcdir,
+    +	# will make some setups insecure.
+    +	#allow_insecure_symlinks_in_path_to_srcdir => 0,
+     }
 
 > No, I don't have a big objection to such an option, as long as it's
 > extremely well documented that it will make many setups insecure.
@@ -68,24 +92,30 @@ patch fixes things.  Again, patch inline.  Again, this patch could be
 cleaned up :).  I just wanted to see if there was any chance of a patch
 like this being accepted before I bothered.
 
-	diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
-	index 79b9eb3..e88118b 100644
-	--- a/IkiWiki/Wrapper.pm
-	+++ b/IkiWiki/Wrapper.pm
-	@@ -9,9 +9,13 @@ use Data::Dumper;
-	 use IkiWiki;
-	 
-	 sub gen_wrapper () { #{{{
-	+        my $this = $0;
-	+        if ($config{allowsrcdirlinks}) {
-	+       } else {
-	        $config{srcdir}=abs_path($config{srcdir});
-	        $config{destdir}=abs_path($config{destdir});
-	        my $this=abs_path($0);
-	+       }
-	        if (! -x $this) {
-	                error(sprintf(gettext("%s doesn't seem to be executable"), $this
-	        }
+>>> Patch updated:
+
+    index 79b9eb3..ce1c395 100644
+    --- a/IkiWiki/Wrapper.pm
+    +++ b/IkiWiki/Wrapper.pm
+    @@ -4,14 +4,14 @@ package IkiWiki;
+     
+     use warnings;
+     use strict;
+    -use Cwd q{abs_path};
+     use Data::Dumper;
+     use IkiWiki;
+    +use File::Spec;
+     
+     sub gen_wrapper () { #{{{
+    -       $config{srcdir}=abs_path($config{srcdir});
+    -       $config{destdir}=abs_path($config{destdir});
+    -       my $this=abs_path($0);
+    +       $config{srcdir}=File::Spec->rel2abs($config{srcdir});
+    +       $config{destdir}=File::Spec->rel2abs($config{destdir});
+    +       my $this=File::Spec->rel2abs($0);
+            if (! -x $this) {
+                    error(sprintf(gettext("%s doesn't seem to be executable"), $this
+            }
 
 > ikiwiki uses absolute paths for `srcdir`, `destdir` and `this` because
 > the wrapper could be run from any location, and if any of them happen to
@@ -100,6 +130,7 @@ like this being accepted before I bothered.
 
 >> I'll do that.  I assume something like <code> File::Spec->file_name_is_absolute( $path ); </code> would have more cross-platformy goodness.
 >> hrm.  I might see if <code> File::Spec->rel2abs( $path ) ; </code> will give absolute an path without expanding symlinks.
+>>> Patch using rel2abs() works well - it no longer expands symlinks.
 
 > I suppose you could do the same thing with `$this`, but it does not sound
 > like it has caused you problems anyway.