A short story:
Once there was a unicode string, let's call him Srcdir.
Along came a crufy old File::Find, who went through a tree and pasted each
of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
leaves -- despite some of them using unicode! Poor Srcdir, with these
leaves stuck on him, tainted them with his nice unicode-ness. They didn't
look like leaves at all, but instead garbage.
(In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..)
So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.
But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and the flag
remains set; and decode_utf8 sees the flag and does *nothing*. The result
is that the filename is not decoded, so looks valid and gets skipped.
File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.
Note that chdir srcdir is safe because we check for symlinks in the srcdir
path.
Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
sub refresh () {
eval q{use File::Find};
error($@) if $@;
sub refresh () {
eval q{use File::Find};
error($@) if $@;
+ eval q{use Cwd};
+ error($@) if $@;
+ my $origdir=getcwd();
my (%pages, %dirs);
foreach my $dir ($config{srcdir}, @{$config{underlaydirs}}, $config{underlaydir}) {
my (%pages, %dirs);
foreach my $dir ($config{srcdir}, @{$config{underlaydirs}}, $config{underlaydir}) {
- require File::Spec;
- $dir=File::Spec->canonpath($dir);
+ chdir($dir) || die "chdir: $!";
find({
no_chdir => 1,
wanted => sub {
find({
no_chdir => 1,
wanted => sub {
- my $file=File::Spec->canonpath(decode_utf8($_));
- return if $file eq $dir;
- $file=~s/^\Q$dir\E\/?//;
+ my $file=decode_utf8($_);
+ $file=~s/^\.\/?//;
return unless length $file;
if (IkiWiki::file_pruned($file)) {
$File::Find::prune=1;
return unless length $file;
if (IkiWiki::file_pruned($file)) {
$File::Find::prune=1;
+ }, '.');
+
+ chdir($origdir) || die "chdir: $!";
eval q{use File::Find};
error($@) if $@;
eval q{use File::Find};
error($@) if $@;
+ eval q{use Cwd};
+ error($@) if $@;
+ my $origdir=getcwd();
my $find_comments=sub {
my $dir=shift;
my $extension=shift;
return unless -d $dir;
my $find_comments=sub {
my $dir=shift;
my $extension=shift;
return unless -d $dir;
+
+ chdir($dir) || die "chdir: $!";
+
find({
no_chdir => 1,
wanted => sub {
my $file=decode_utf8($_);
find({
no_chdir => 1,
wanted => sub {
my $file=decode_utf8($_);
- $file=~s/^\Q$dir\E\/?//;
return if ! length $file || IkiWiki::file_pruned($file)
|| -l $_ || -d _ || $file !~ /\Q$extension\E$/;
my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
return if ! length $file || IkiWiki::file_pruned($file)
|| -l $_ || -d _ || $file !~ /\Q$extension\E$/;
my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
push @ret, [$f, $dir, $ctime];
}
}
push @ret, [$f, $dir, $ctime];
}
}
+ }, ".");
+
+ chdir($origdir) || die "chdir: $!";
};
$find_comments->($config{srcdir}, "._comment_pending");
};
$find_comments->($config{srcdir}, "._comment_pending");
eval q{use File::Find};
error($@) if $@;
eval q{use File::Find};
error($@) if $@;
- my ($page, $dir, $underlay);
+ eval q{use Cwd};
+ die $@ if $@;
+ my $origdir=getcwd();
+ my $abssrcdir=Cwd::abs_path($config{srcdir});
+
+ my ($page, $underlay);
my $helper=sub {
my $file=decode_utf8($_);
return if -l $file || -d _;
my $helper=sub {
my $file=decode_utf8($_);
return if -l $file || -d _;
- $file=~s/^\Q$dir\E\/?//;
return if ! length $file;
$page = pagename($file);
if (! exists $pagesources{$page} &&
return if ! length $file;
$page = pagename($file);
if (! exists $pagesources{$page} &&
if ($underlay) {
# avoid underlaydir override attacks; see security.mdwn
if ($underlay) {
# avoid underlaydir override attacks; see security.mdwn
- if (! -l "$config{srcdir}/$f" && ! -e _) {
+ if (! -l "$abssrcdir/$f" && ! -e _) {
if (! $pages{$page}) {
push @files, $f;
$pages{$page}=1;
if (! $pages{$page}) {
push @files, $f;
$pages{$page}=1;
+ chdir($config{srcdir}) || die "chdir: $!";
find({
no_chdir => 1,
wanted => $helper,
find({
no_chdir => 1,
wanted => $helper,
- }, $dir=$config{srcdir});
+ }, '.');
+ chdir($origdir) || die "chdir: $!";
+
$underlay=1;
foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
$underlay=1;
foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
+ chdir($_) || die "chdir: $!";
find({
no_chdir => 1,
wanted => $helper,
find({
no_chdir => 1,
wanted => $helper,
+ }, '.');
+ chdir($origdir) || die "chdir: $!";
return \@files, \%pages;
}
return \@files, \%pages;
}
* editpage, comments: Fix broken links in sidebar (due to forcebaseurl).
(Thanks, privat)
* calendar: Tune archive_pagespec to only match pages, not other files.
* editpage, comments: Fix broken links in sidebar (due to forcebaseurl).
(Thanks, privat)
* calendar: Tune archive_pagespec to only match pages, not other files.
+ * Fix issues with combining unicode srcdirs and source files.
-- Joey Hess <joeyh@debian.org> Fri, 11 Jun 2010 13:39:15 -0400
-- Joey Hess <joeyh@debian.org> Fri, 11 Jun 2010 13:39:15 -0400
sipb-www / ikiwiki.git / commitdiff
