Changeset 20816 in project


Ignore:
Timestamp:
10/12/10 20:56:10 (10 years ago)
Author:
sjamaan
Message:

qwiki: Add saner handling of symlinks in the wiki

File:
1 edited

Legend:

Unmodified
Added
Removed
  • release/4/qwiki/trunk/qwiki.scm

    r19354 r20816  
    202202               (append path '("index"))
    203203               path)))
     204
     205;; This exists to normalize the first symlink in a path. Applying this
     206;; recursively (letting the browser recur) causes all files to be
     207;; accessed (safely) through their canonical location.  Doing so means
     208;; the search and cache won't get confused by two locations being one.
     209;; It also helps ward off symlink attacks (though we should only let
     210;; trusted people on our wiki in the first place) and improve search engine
     211;; ranking (because there's only one canonical page instead of two identical
     212;; pages).  Also, it will cure cancer and effectuate world peace.
     213(define (rewrite-symlinks path)
     214  (let lp ((consumed-path '())
     215           (remaining-path path))
     216    (and-let* (((not (null? remaining-path))) ; Return #f when no symlinks
     217               (tgt (path->source-filename
     218                     (reverse (cons (car remaining-path) consumed-path)))))
     219      (if (symbolic-link? tgt)
     220          (append (reverse consumed-path)
     221                  (string-split (read-symbolic-link tgt) "/")
     222                  (cdr remaining-path))
     223          (lp (cons (car remaining-path) consumed-path)
     224              (cdr remaining-path))))))
    204225
    205226;; Like with-output-to-file, only this creates parent directories as needed.
     
    621642                      (handler (alist-ref action
    622643                                          (qwiki-page-action-handlers)
    623                                           eq? qwiki-show)))
    624                  (handler (normalize-path (relative-uri-path uri))
    625                           (current-request))))))))))
     644                                          eq? qwiki-show))
     645                      (normalized-path (normalize-path (relative-uri-path uri))))
     646                 (cond
     647                  ((rewrite-symlinks normalized-path) =>
     648                   (lambda (new-path)
     649                     (redirect-to-qwiki-page (current-request)
     650                                             path: new-path action: action)))
     651                  (else (handler normalized-path (current-request))))))))))))
    626652
    627653)
Note: See TracChangeset for help on using the changeset viewer.