From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (mandoc.bsd.lv [local]) by mandoc.bsd.lv (OpenSMTPD) with ESMTPA id 7e130ed5 for ; Sat, 9 Nov 2019 04:19:58 -0500 (EST) Date: Sat, 9 Nov 2019 04:19:58 -0500 (EST) X-Mailinglist: mandoc-source Reply-To: source@mandoc.bsd.lv MIME-Version: 1.0 From: schwarze@mandoc.bsd.lv To: source@mandoc.bsd.lv Subject: cvsweb: merge rev. X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Message-ID: <8d07681e13fc23e2@mandoc.bsd.lv> Log Message: ----------- merge rev. 3.119.2.12: A web server should absolutely run chrooted, so storing a configuration file below /usr/local/etc/ makes no sense whatsoever. Also, the configuration file should certainly not be in a directory where files can get executed as CGI scripts, so looking in the same directory as cvsweb.cgi is a bad idea, too. Considerably simplify things by hardcoding a reasonable location. The INSTALL file already instructs the user to check this. Modified Files: -------------- cvsweb: cvsweb.cgi Revision Data ------------- Index: cvsweb.cgi =================================================================== RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v retrieving revision 4.3 retrieving revision 4.4 diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.3 -r4.4 --- cvsweb.cgi +++ cvsweb.cgi @@ -88,7 +88,6 @@ use vars qw ( ); use Cwd qw(abs_path); -use File::Basename qw(dirname); use File::Path qw(rmtree); use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir tmpdir updir); @@ -204,22 +203,8 @@ sub checkout_to_temp($$$); # (think mod_perl)... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); -my ($mydir) = (dirname($0) =~ /(.*)/); # untaint - -##### Start of Configuration Area ######## - -# == EDIT this == -# Locations to search for user configuration, in order: -for (catfile($mydir, 'cvsweb.conf'), '/usr/local/etc/cvsweb/cvsweb.conf') { - if (-r $_) { - $config = $_; - last; - } -} - -##### End of Configuration Area ######## - -undef $mydir; +# Location of the configuration file inside the web server chroot: +$config = '/conf/cvsweb/cvsweb.conf'; ######## Configuration parameters ######### -- To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv