use cgi dir for better security
[iankelling.org] / b.rb
diff --git a/b.rb b/b.rb
index 511ac8d..2a612a6 100644 (file)
--- a/b.rb
+++ b/b.rb
@@ -49,6 +49,7 @@ module B # blog module
   end
 
   def fwrite(output_path, string)
+    output_path = File.join('./', output_path)
     FileUtils.mkdir_p(File.dirname(output_path))
     File.write(output_path, string)
   end
@@ -161,11 +162,11 @@ EOF
     b = File.basename(file,'.md')
     # date is in the format: YYYY-MM-DD-
     date = Time.parse(b[0..DATE_LEN])
-    rel_path = "blog/#{b[(DATE_LEN + 1)..-1]}.html"
+    rel_path = "/blog/#{b[(DATE_LEN + 1)..-1]}.html"
     comments = $db.execute <<-SQL, [WAIT_DATE]
       select comment, date from c
       where page = '#{rel_path}' and (
-       state = 'picked' or state = 'known'
+       state = 'picked' or state = 'known' or state = 'timed'
        or (state = 'waiting' and date < ?))
 SQL
     # get earliest comment. earlier ones stored in git will also be
@@ -221,7 +222,7 @@ EOF
         comment_html("Note: there #{text} pending approval.", NOW)
     end
     com_section = <<-EOF
-      <form class="comment" action="/comment.rb" method="post">
+      <form class="comment" action="/cgi/comment" method="post">
         <input class="misc" type="text" name="url">
         <input name="goto" type="hidden" value="#{rel_path}">
         <textarea rows="10" name="comment" placeholder="markdown" maxlength="1000"></textarea>
@@ -270,7 +271,7 @@ EOF
           footer: footer_extra,
           comments: com_section,
           description: description)
-    url="#{DURL}/#{rel_path}"
+    url="#{DURL}#{rel_path}"
 
 
     # following from https://creativecommons.org/choose,