Skip to content

Commit

Permalink
url escape before sanitizing
Browse files Browse the repository at this point in the history
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
  • Loading branch information
benbalter authored and parkr committed Jan 14, 2014
1 parent 823f875 commit a06dff4
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
9 changes: 7 additions & 2 deletions lib/jekyll/url.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,12 @@ def generate_url

# Returns a sanitized String URL
def sanitize_url(in_url)

# prevent escaped periods from bypassing sanitization
url = URI.unescape(in_url)

# Remove all double slashes
url = in_url.gsub(/\/\//, "/")
url = url.gsub(/\/\//, "/")

# Remove every URL segment that consists solely of dots
url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
Expand All @@ -61,7 +65,8 @@ def sanitize_url(in_url)

# Always add a leading slash
url.gsub!(/\A([^\/])/, '/\1')
url

URI.escape url
end
end
end
2 changes: 1 addition & 1 deletion test/test_post.rb
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def do_render(post)
post.write(dest_dir)

assert !File.exist?(File.expand_path("../baddie.html", dest_dir))
assert File.exist(File.expand_path("/baddie.html", dest_dir))
assert File.exist?(File.expand_path("baddie.html", dest_dir))
end

context "with CRLF linebreaks" do
Expand Down

0 comments on commit a06dff4

Please sign in to comment.