From c2a2f715087a4602876618fdec2fad073308a6d5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 21 Jul 2008 18:33:09 -0400 Subject: [PATCH] Add allow_symlinks_before_srcdir config setting can be used to avoid a security check that is a good safe default, but problimatic overkill in some situations. I decided to underdocument this, because the option looks ugly, and I don't want people randomly turning it on because it looks like a good idea. So if you need it, you'll get an error message mentioning how to fix it. --- IkiWiki/Render.pm | 6 +++--- debian/changelog | 3 +++ .../Allow_overriding_of_symlink_restriction.mdwn | 4 ++++ 3 files changed, 10 insertions(+), 3 deletions(-) rename doc/{forum => bugs}/Allow_overriding_of_symlink_restriction.mdwn (98%) diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index fc1bc0c92..ab3ccd7ae 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -245,11 +245,11 @@ sub prune ($) { #{{{ } #}}} sub refresh () { #{{{ - # security check, avoid following symlinks in the srcdir path + # security check, avoid following symlinks in the srcdir path by default my $test=$config{srcdir}; while (length $test) { - if (-l $test) { - error("symlink found in srcdir path ($test)"); + if (-l $test && ! $config{allow_symlinks_before_srcdir}) { + error("symlink found in srcdir path ($test) -- set allow_symlinks_before_srcdir to allow this"); } unless ($test=~s/\/+$//) { $test=dirname($test); diff --git a/debian/changelog b/debian/changelog index ca318e815..7ab18a2c7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ ikiwiki (2.55) UNRELEASED; urgency=low * Really fix bug with links to pages with names containing colons. Previous fix mised a few cases. * Avoid troublesome abs_path calls in wrapper setup. + * Add allow_symlinks_before_srcdir config setting that can be used to avoid + a security check that is a good safe default, but problimatic overkill in + some situations. -- Joey Hess Mon, 21 Jul 2008 11:35:46 -0400 diff --git a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn similarity index 98% rename from doc/forum/Allow_overriding_of_symlink_restriction.mdwn rename to doc/bugs/Allow_overriding_of_symlink_restriction.mdwn index 069a18f30..69ea299e8 100644 --- a/doc/forum/Allow_overriding_of_symlink_restriction.mdwn +++ b/doc/bugs/Allow_overriding_of_symlink_restriction.mdwn @@ -80,6 +80,8 @@ Is there a huge objection to this patch? > the `srcdir`. > --[[Joey]] +>> Slightly modified version of patch applied. --[[Joey]] + >> Ok, I'll try to get it cleaned up and documented. There is a second location where this can be an issue. That is in the @@ -133,3 +135,5 @@ like this being accepted before I bothered. >>> Patch using rel2abs() works well - it no longer expands symlinks. >>>> That patch is applied now. --[[Joey]] + +[[tag done]] -- 2.44.0