]> sipb.mit.edu Git - ikiwiki.git/commitdiff
fix other cases of unicode mixing issue
authorJoey Hess <joey@kitenet.net>
Tue, 15 Jun 2010 21:41:26 +0000 (17:41 -0400)
committerJoey Hess <joey@kitenet.net>
Tue, 15 Jun 2010 21:41:26 +0000 (17:41 -0400)
and fix underlaydir override attack guard when srcdir is non-absolute

1  2 
IkiWiki/Render.pm

diff --combined IkiWiki/Render.pm
index 0e7aa9a48a2bd5ddb4267ca948e3f6eba6ba121a,f81e373b73ad37dcdfc988f0f08a08eb2122012d..740bb52b0fc6d9ea1797a08080a273f5fb3701f6
@@@ -292,11 -292,17 +292,16 @@@ sub find_src_files () 
        eval q{use File::Find};
        error($@) if $@;
  
+       eval q{use Cwd};
+       die $@ if $@;
+       my $origdir=getcwd();
+       my $abssrcdir=Cwd::abs_path($config{srcdir});
        my ($page, $underlay);
        my $helper=sub {
                my $file=decode_utf8($_);
 -
                return if -l $file || -d _;
-               $file=~s/^\Q.\/\E//;
+               $file=~s/^\.\///;
                return if ! length $file;
                $page = pagename($file);
                if (! exists $pagesources{$page} &&
        
                if ($underlay) {
                        # avoid underlaydir override attacks; see security.mdwn
-                       if (! -l "$config{srcdir}/$f" && ! -e _) {
+                       if (! -l "$abssrcdir/$f" && ! -e _) {
                                if (! $pages{$page}) {
                                        push @files, $f;
                                        $pages{$page}=1;
                }
        };
  
-       eval q{use Cwd};
-       die $@ if $@;
-       my $origdir=getcwd();
        chdir($config{srcdir}) || die "chdir: $!";
        find({
                no_chdir => 1,