Add allow_symlinks_before_srcdir config setting

can be used to avoid a security check that is a good safe default, but
problimatic overkill in some situations.

I decided to underdocument this, because the option looks ugly, and I don't
want people randomly turning it on because it looks like a good idea. So if
you need it, you'll get an error message mentioning how to fix it.

diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index fc1bc0c92649d7dca4a7095b57bc0f2be275ce67..ab3ccd7aec0655035e7626bedc77e87053699ab5 100644 (file)
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -245,11 +245,11 @@ sub prune ($) { #{{{
 } #}}}
 
 sub refresh () { #{{{
 } #}}}
 
 sub refresh () { #{{{

-       # security check, avoid following symlinks in the srcdir path
+       # security check, avoid following symlinks in the srcdir path by default

        my $test=$config{srcdir};
        while (length $test) {
        my $test=$config{srcdir};
        while (length $test) {

-               if (-l $test) {
-                       error("symlink found in srcdir path ($test)");
+               if (-l $test && ! $config{allow_symlinks_before_srcdir}) {
+                       error("symlink found in srcdir path ($test) -- set allow_symlinks_before_srcdir to allow this");

                }
                unless ($test=~s/\/+$//) {
                        $test=dirname($test);
                }
                unless ($test=~s/\/+$//) {
                        $test=dirname($test);

diff --git a/debian/changelog b/debian/changelog
index ca318e81598e29a996e232fa9ed777c981260c53..7ab18a2c70eb348e6ec2ceac21ed34fdb4b726f3 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ ikiwiki (2.55) UNRELEASED; urgency=low
   * Really fix bug with links to pages with names containing colons. 
     Previous fix mised a few cases.
   * Avoid troublesome abs_path calls in wrapper setup.
   * Really fix bug with links to pages with names containing colons. 
     Previous fix mised a few cases.
   * Avoid troublesome abs_path calls in wrapper setup.

+  * Add allow_symlinks_before_srcdir config setting that can be used to avoid
+    a security check that is a good safe default, but problimatic overkill in
+    some situations.

 
  -- Joey Hess <joeyh@debian.org>  Mon, 21 Jul 2008 11:35:46 -0400
 
 
  -- Joey Hess <joeyh@debian.org>  Mon, 21 Jul 2008 11:35:46 -0400
 

diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn
similarity index 98%
rename from doc/forum/Allow_overriding_of_symlink_restriction.mdwn
rename to doc/bugs/Allow_overriding_of_symlink_restriction.mdwn
index 069a18f3026a104cf32d162e608d8b7a162fa816..69ea299e8e18f8ee8a7953fc1f968a8919835ae4 100644 (file)
--- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn
+++ b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn
@@ -80,6 +80,8 @@ Is there a huge objection to this patch?
 > the `srcdir`.
 > --[[Joey]]
 
 > the `srcdir`.
 > --[[Joey]]
 

+>> Slightly modified version of patch applied. --[[Joey]]
+

 >> Ok, I'll try to get it cleaned up and documented.
 
 There is a second location where this can be an issue.  That is in the
 >> Ok, I'll try to get it cleaned up and documented.
 
 There is a second location where this can be an issue.  That is in the


@@ -133,3 +135,5 @@ like this being accepted before I bothered.
 >>> Patch using rel2abs() works well - it no longer expands symlinks.
 
 >>>> That patch is applied now. --[[Joey]]
 >>> Patch using rel2abs() works well - it no longer expands symlinks.
 
 >>>> That patch is applied now. --[[Joey]]

+
+[[tag done]]