From a6e6f604bd8e9a8f90000163f8b00299829729d5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 28 Apr 2010 12:39:13 -0400 Subject: [PATCH] TMPL_INCLUDE re-enabled for templates read from the templatedir. (But not in-wiki templates.) --- IkiWiki.pm | 18 +++++++++++------- debian/changelog | 2 ++ doc/news/version_3.20100427/discussion.mdwn | 4 ++++ 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/IkiWiki.pm b/IkiWiki.pm index 623396c9c..dcee376ee 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -1661,7 +1661,11 @@ sub template_file ($) { } my $template=srcfile($tpage, 1); - if (! defined $template) { + if (defined $template) { + return $template, $tpage, 1 if wantarray; + return $template; + } + else { $name=~s:/::; # avoid path traversal foreach my $dir ($config{templatedir}, "$installdir/share/ikiwiki/templates") { @@ -1670,12 +1674,12 @@ sub template_file ($) { last; } } + if (defined $template) { + return $template, $tpage if wantarray; + return $template; + } } - if (defined $template) { - return $template, $tpage if wantarray; - return $template; - } return; } @@ -1683,7 +1687,7 @@ sub template_depends ($$;@) { my $name=shift; my $page=shift; - my ($filename, $tpage)=template_file($name); + my ($filename, $tpage, $untrusted)=template_file($name); if (defined $page && defined $tpage) { add_depends($page, $tpage); } @@ -1699,7 +1703,7 @@ sub template_depends ($$;@) { die_on_bad_params => 0, filename => $filename, @_, - no_includes => 1, + ($untrusted ? (no_includes => 1) : ()), ); return @opts if wantarray; diff --git a/debian/changelog b/debian/changelog index b19840865..0a70dc6ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ ikiwiki (3.20100428) UNRELEASED; urgency=low * template: Fix typo. + * TMPL_INCLUDE re-enabled for templates read from the templatedir. + (But not in-wiki templates.) -- Joey Hess Tue, 27 Apr 2010 12:10:51 -0400 diff --git a/doc/news/version_3.20100427/discussion.mdwn b/doc/news/version_3.20100427/discussion.mdwn index 4daf8085f..726f9a0d2 100644 --- a/doc/news/version_3.20100427/discussion.mdwn +++ b/doc/news/version_3.20100427/discussion.mdwn @@ -1,3 +1,7 @@ *TMPL_INCLUDE is no longer supported in any template used by ikiwiki. It used to be allowed in certian templates, but not in others.* Would it be possible to make that a config option? Because I do use includes in my templates, and I don't allow users to edit templates, so it isn't a security loophole for me. --[[KathrynAndersen]] + +> I don't like config options that make wikis unsafe, but I should have +> revisted enabling includes for templates read from the templatedir -- +> it's easy to do, and I've done it now. --[[Joey]] -- 2.26.2