Skip to content
This repository
Browse code

sanitize urls and ignore symlinks

  • Loading branch information...
commit 13cc44fb1257ab60f433f7ae689f4cd770709ea3 1 parent be8b771
Aman Gupta authored March 07, 2011
25  lib/jekyll/page.rb
@@ -55,14 +55,23 @@ def template
55 55
     #
56 56
     # Returns <String>
57 57
     def url
58  
-      return permalink if permalink
59  
-
60  
-      @url ||= {
61  
-        "basename"   => self.basename,
62  
-        "output_ext" => self.output_ext,
63  
-      }.inject(template) { |result, token|
64  
-        result.gsub(/:#{token.first}/, token.last)
65  
-      }.gsub(/\/\//, "/")
  58
+      return @url if @url
  59
+
  60
+      url = if permalink
  61
+        permalink
  62
+      else
  63
+        {
  64
+          "basename"   => self.basename,
  65
+          "output_ext" => self.output_ext,
  66
+        }.inject(template) { |result, token|
  67
+          result.gsub(/:#{token.first}/, token.last)
  68
+        }.gsub(/\/\//, "/")
  69
+      end
  70
+
  71
+      # sanitize url
  72
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
  73
+      @url += "/" if url =~ /\/$/
  74
+      @url
66 75
     end
67 76
 
68 77
     # Extract information from the page filename
37  lib/jekyll/post.rb
@@ -117,20 +117,29 @@ def template
117 117
     #
118 118
     # Returns <String>
119 119
     def url
120  
-      return permalink if permalink
121  
-
122  
-      @url ||= {
123  
-        "year"       => date.strftime("%Y"),
124  
-        "month"      => date.strftime("%m"),
125  
-        "day"        => date.strftime("%d"),
126  
-        "title"      => CGI.escape(slug),
127  
-        "i_day"      => date.strftime("%d").to_i.to_s,
128  
-        "i_month"    => date.strftime("%m").to_i.to_s,
129  
-        "categories" => categories.join('/'),
130  
-        "output_ext" => self.output_ext
131  
-      }.inject(template) { |result, token|
132  
-        result.gsub(/:#{Regexp.escape token.first}/, token.last)
133  
-      }.gsub(/\/\//, "/")
  120
+      return @url if @url
  121
+
  122
+      url = if permalink
  123
+        permalink
  124
+      else
  125
+        {
  126
+          "year"       => date.strftime("%Y"),
  127
+          "month"      => date.strftime("%m"),
  128
+          "day"        => date.strftime("%d"),
  129
+          "title"      => CGI.escape(slug),
  130
+          "i_day"      => date.strftime("%d").to_i.to_s,
  131
+          "i_month"    => date.strftime("%m").to_i.to_s,
  132
+          "categories" => categories.join('/'),
  133
+          "output_ext" => self.output_ext
  134
+        }.inject(template) { |result, token|
  135
+          result.gsub(/:#{Regexp.escape token.first}/, token.last)
  136
+        }.gsub(/\/\//, "/")
  137
+      end
  138
+
  139
+      # sanitize url
  140
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
  141
+      @url += "/" if url =~ /\/$/
  142
+      @url
134 143
     end
135 144
 
136 145
     # The UID for this post (useful in feeds)
7  lib/jekyll/site.rb
@@ -210,7 +210,7 @@ def write
210 210
     # Returns nothing
211 211
     def read_directories(dir = '')
212 212
       base = File.join(self.source, dir)
213  
-      entries = filter_entries(Dir.entries(base))
  213
+      entries = Dir.chdir(base){ filter_entries(Dir['*']) }
214 214
 
215 215
       self.read_posts(dir)
216 216
 
@@ -268,7 +268,10 @@ def site_payload
268 268
     def filter_entries(entries)
269 269
       entries = entries.reject do |e|
270 270
         unless ['.htaccess'].include?(e)
271  
-          ['.', '_', '#'].include?(e[0..0]) || e[-1..-1] == '~' || self.exclude.include?(e)
  271
+          ['.', '_', '#'].include?(e[0..0]) ||
  272
+          e[-1..-1] == '~' ||
  273
+          self.exclude.include?(e) ||
  274
+          File.symlink?(e)
272 275
         end
273 276
       end
274 277
     end

0 notes on commit 13cc44f

Please sign in to comment.
Something went wrong with that request. Please try again.