Many calls to file_prune were incorrectly calling it with 2 parameters.
In cases where the filename being checked is relative to the srcdir,
that is not needed.
Made absolute filenames be pruned. (This won't work for the 2 parameter call
style.)
},
wiki_file_prune_regexps => {
type => "internal",
},
wiki_file_prune_regexps => {
type => "internal",
- default => [qr/(^|\/)\.\.(\/|$)/, qr/^\./, qr/\/\./,
+ default => [qr/(^|\/)\.\.(\/|$)/, qr/^\//, qr/^\./, qr/\/\./,
qr/\.x?html?$/, qr/\.ikiwiki-new$/,
qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//,
qr/(^|\/)_MTN\//, qr/(^|\/)_darcs\//,
qr/\.x?html?$/, qr/\.ikiwiki-new$/,
qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//,
qr/(^|\/)_MTN\//, qr/(^|\/)_darcs\//,
$filename=linkpage(IkiWiki::possibly_foolish_untaint(
attachment_location($form->field('page')).
IkiWiki::basename($filename)));
$filename=linkpage(IkiWiki::possibly_foolish_untaint(
attachment_location($form->field('page')).
IkiWiki::basename($filename)));
- if (IkiWiki::file_pruned($filename, $config{srcdir})) {
+ if (IkiWiki::file_pruned($filename)) {
error(gettext("bad attachment filename"));
}
error(gettext("bad attachment filename"));
}
my $page = $form->field('page');
$page = IkiWiki::possibly_foolish_untaint($page);
if (! defined $page || ! length $page ||
my $page = $form->field('page');
$page = IkiWiki::possibly_foolish_untaint($page);
if (! defined $page || ! length $page ||
- IkiWiki::file_pruned($page, $config{srcdir})) {
+ IkiWiki::file_pruned($page)) {
error(gettext("bad page name"));
}
error(gettext("bad page name"));
}
# pending comment before untainting.
my ($f)= $id =~ /$config{wiki_file_regexp}/;
if (! defined $f || ! length $f ||
# pending comment before untainting.
my ($f)= $id =~ /$config{wiki_file_regexp}/;
if (! defined $f || ! length $f ||
- IkiWiki::file_pruned($f, $config{srcdir})) {
+ IkiWiki::file_pruned($f)) {
$page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||
$page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||
- file_pruned($page, $config{srcdir})) {
error(gettext("bad page name"));
}
error(gettext("bad page name"));
}
my $best_loc;
if (! defined $from || ! length $from ||
$from ne $form->field('from') ||
my $best_loc;
if (! defined $from || ! length $from ||
$from ne $form->field('from') ||
- file_pruned($from, $config{srcdir}) ||
$from=~/^\// ||
$absolute ||
$form->submitted) {
$from=~/^\// ||
$absolute ||
$form->submitted) {
error(gettext("no change to the file name was specified"));
}
error(gettext("no change to the file name was specified"));
}
- # Must be a legal filename, and not absolute.
- if (IkiWiki::file_pruned($destfile, $config{srcdir}) ||
- $destfile=~/^\//) {
+ # Must be a legal filename.
+ if (IkiWiki::file_pruned($destfile)) {
error(sprintf(gettext("illegal name")));
}
error(sprintf(gettext("illegal name")));
}
my ($file)=$change->{file}=~/$config{wiki_file_regexp}/;
$file=IkiWiki::possibly_foolish_untaint($file);
if (! defined $file || ! length $file ||
my ($file)=$change->{file}=~/$config{wiki_file_regexp}/;
$file=IkiWiki::possibly_foolish_untaint($file);
if (! defined $file || ! length $file ||
- IkiWiki::file_pruned($file, $config{srcdir})) {
+ IkiWiki::file_pruned($file)) {
error(gettext("bad file name %s"), $file);
}
error(gettext("bad file name %s"), $file);
}
#!/usr/bin/perl
use warnings;
use strict;
#!/usr/bin/perl
use warnings;
use strict;
-use Test::More tests => 27;
+use Test::More tests => 54;
BEGIN { use_ok("IkiWiki"); }
%config=IkiWiki::defaultconfig();
ok(IkiWiki::file_pruned("src/.htaccess", "src"));
BEGIN { use_ok("IkiWiki"); }
%config=IkiWiki::defaultconfig();
ok(IkiWiki::file_pruned("src/.htaccess", "src"));
+ok(IkiWiki::file_pruned(".htaccess"));
ok(IkiWiki::file_pruned("src/.ikiwiki/", "src"));
ok(IkiWiki::file_pruned("src/.ikiwiki/", "src"));
+ok(IkiWiki::file_pruned(".ikiwiki/"));
ok(IkiWiki::file_pruned("src/.ikiwiki/index", "src"));
ok(IkiWiki::file_pruned("src/.ikiwiki/index", "src"));
+ok(IkiWiki::file_pruned(".ikiwiki/index"));
ok(IkiWiki::file_pruned("src/CVS/foo", "src"));
ok(IkiWiki::file_pruned("src/CVS/foo", "src"));
+ok(IkiWiki::file_pruned("CVS/foo"));
ok(IkiWiki::file_pruned("src/subdir/CVS/foo", "src"));
ok(IkiWiki::file_pruned("src/subdir/CVS/foo", "src"));
+ok(IkiWiki::file_pruned("subdir/CVS/foo"));
ok(IkiWiki::file_pruned("src/.svn", "src"));
ok(IkiWiki::file_pruned("src/.svn", "src"));
+ok(IkiWiki::file_pruned(".svn"));
ok(IkiWiki::file_pruned("src/subdir/.svn", "src"));
ok(IkiWiki::file_pruned("src/subdir/.svn", "src"));
+ok(IkiWiki::file_pruned("subdir/.svn"));
ok(IkiWiki::file_pruned("src/subdir/.svn/foo", "src"));
ok(IkiWiki::file_pruned("src/subdir/.svn/foo", "src"));
+ok(IkiWiki::file_pruned("subdir/.svn/foo"));
ok(IkiWiki::file_pruned("src/.git", "src"));
ok(IkiWiki::file_pruned("src/.git", "src"));
+ok(IkiWiki::file_pruned(".git"));
ok(IkiWiki::file_pruned("src/subdir/.git", "src"));
ok(IkiWiki::file_pruned("src/subdir/.git", "src"));
+ok(IkiWiki::file_pruned("subdir/.git"));
ok(IkiWiki::file_pruned("src/subdir/.git/foo", "src"));
ok(IkiWiki::file_pruned("src/subdir/.git/foo", "src"));
+ok(IkiWiki::file_pruned("subdir/.git/foo"));
ok(! IkiWiki::file_pruned("src/svn/fo", "src"));
ok(! IkiWiki::file_pruned("src/svn/fo", "src"));
+ok(! IkiWiki::file_pruned("svn/fo"));
ok(! IkiWiki::file_pruned("src/git", "src"));
ok(! IkiWiki::file_pruned("src/git", "src"));
+ok(! IkiWiki::file_pruned("git"));
ok(! IkiWiki::file_pruned("src/index.mdwn", "src"));
ok(! IkiWiki::file_pruned("src/index.mdwn", "src"));
+ok(! IkiWiki::file_pruned("index.mdwn"));
ok(! IkiWiki::file_pruned("src/index.", "src"));
ok(! IkiWiki::file_pruned("src/index.", "src"));
+ok(! IkiWiki::file_pruned("index."));
# these are ok because while the filename starts with ".", the canonpathed
# version does not
ok(! IkiWiki::file_pruned("src/.", "src"));
ok(! IkiWiki::file_pruned("src/./", "src"));
# these are ok because while the filename starts with ".", the canonpathed
# version does not
ok(! IkiWiki::file_pruned("src/.", "src"));
ok(! IkiWiki::file_pruned("src/./", "src"));
+# OTOH, without a srcdir, no canonpath, so they're not allowed.
+ok(IkiWiki::file_pruned("."));
+ok(IkiWiki::file_pruned("./"));
+
+# Without a srcdir, absolute filenames are not allowed.
+ok(IkiWiki::file_pruned("/etc/passwd"));
+ok(IkiWiki::file_pruned("//etc/passwd"));
+ok(IkiWiki::file_pruned("/"));
+ok(IkiWiki::file_pruned("//"));
+ok(IkiWiki::file_pruned("///"));
+
ok(IkiWiki::file_pruned("src/..", "src"));
ok(IkiWiki::file_pruned("src/..", "src"));
+ok(IkiWiki::file_pruned(".."));
ok(IkiWiki::file_pruned("src/../", "src"));
ok(IkiWiki::file_pruned("src/../", "src"));
+ok(IkiWiki::file_pruned("../"));
ok(IkiWiki::file_pruned("src/../", "src"));
ok(IkiWiki::file_pruned("src/../", "src"));
+ok(IkiWiki::file_pruned("../"));
+# This is perhaps counterintuitive.
ok(! IkiWiki::file_pruned("src", "src"));
ok(! IkiWiki::file_pruned("src", "src"));
+
+# Dots, etc, in the srcdir are ok.
ok(! IkiWiki::file_pruned("/.foo/src", "/.foo/src"));
ok(IkiWiki::file_pruned("/.foo/src/.foo/src", "/.foo/src"));
ok(! IkiWiki::file_pruned("/.foo/src/index.mdwn", "/.foo/src/index.mdwn"));
ok(! IkiWiki::file_pruned("/.foo/src", "/.foo/src"));
ok(IkiWiki::file_pruned("/.foo/src/.foo/src", "/.foo/src"));
ok(! IkiWiki::file_pruned("/.foo/src/index.mdwn", "/.foo/src/index.mdwn"));
-ok(IkiWiki::file_pruned("x/y/foo.dpkg-tmp", "src"));
-ok(IkiWiki::file_pruned("x/y/foo.ikiwiki-new", "src"));
+ok(IkiWiki::file_pruned("src/y/foo.dpkg-tmp", "src"));
+ok(IkiWiki::file_pruned("y/foo.dpkg-tmp"));
+ok(IkiWiki::file_pruned("src/y/foo.ikiwiki-new", "src"));
+ok(IkiWiki::file_pruned("y/foo.ikiwiki-new"));