Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read in static files into collection.files as StaticFiles. #2737

Merged
merged 6 commits into from
Aug 13, 2014
Merged

Read in static files into collection.files as StaticFiles. #2737

merged 6 commits into from
Aug 13, 2014

Conversation

parkr
Copy link
Member

@parkr parkr commented Aug 12, 2014

Fixes #2555.

parkr
parkr reviewed Aug 12, 2014
View reviewed changes
lib/jekyll/document.rb
@@ -214,7 +206,7 @@ def read(opts = {})
unless defaults.empty?
@data = defaults
end
@content = File.open(path, "rb", merged_file_read_opts(opts)) { |f| f.read }
@content = File.read(path, merged_file_read_opts(opts))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alfredxing This reverts your change from before. Why did you go with one and not the other? Aren't they the same?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with both implementations. I was actually working on this one (where static files were StaticFiles instead of Documents), but switched over to the Document one as per your comment in the PR (it was a bit simpler to implement it with Documents as well).

@parkr
Copy link
Member Author

parkr commented Aug 12, 2014

@mattr- I keep getting RedCarpet errors in Ruby 2.1 on Travis:

  1) Failure:
TestRedcarpet#test_: redcarpet with pygments enabled should render fenced code blocks with syntax highlighting.  [/home/travis/build/jekyll/jekyll/test/test_redcarpet.rb:35]:
<"<div class=\"highlight\"><pre><code class=\"language-ruby\" data-lang=\"ruby\"><span class=\"nb\">puts</span> <span class=\"s2\">&quot;Hello world&quot;</span>\n</code></pre></div>"> expected but was
<"">.

parkr added a commit that referenced this pull request Aug 13, 2014
@parkr
Merge pull request #2737 from jekyll/fix-reading-imgs
315cc38
@parkr parkr merged commit 315cc38 into master Aug 13, 2014
@parkr parkr deleted the fix-reading-imgs branch August 13, 2014 01:04
parkr added a commit that referenced this pull request Aug 13, 2014
@parkr
Update history to reflect merge of #2737 [ci skip]
2b81e5e
benbalter
benbalter reviewed Aug 26, 2014
View reviewed changes
lib/jekyll/collection.rb
doc.read
docs << doc
else
relative_dir = File.join(relative_directory, File.dirname(file_path)).chomp("/.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@parkr Shouldn't this be full_path? Where is this path sanitized?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you feel better if we did Jekyll.sanitized_path(relative_directory, File.dirname(file_path)).chomp("/.")? Can you create a PoC that exploits this line? The StaticFile class should handle the reading and writing path sanitation, but I can change this if you want.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The StaticFile class should handle the reading and writing path sanitation, but I can change this if you want.

I thought that too, but looked, and couldn't find a sanitize_path call (or am I missing something)?

parkr added a commit that referenced this pull request Aug 29, 2014
@parkr
Use Jekyll.sanitized_path when adding static files to Collections.
c44dc57 
h/t @benbalter #2737 (comment)
Not sure if the previous code can be exploited, but being super safe is never a bad thing.
@parkr parkr mentioned this pull request Aug 29, 2014
Merged
parkr added a commit that referenced this pull request Aug 31, 2014
@parkr
Use Jekyll.sanitized_path when adding static files to Collections.
b5dbc36 
h/t @benbalter #2737 (comment)
Not sure if the previous code can be exploited, but being super safe is never a bad thing.
@sonnym sonnym mentioned this pull request Mar 17, 2015
Closed
@jekyll jekyll locked and limited conversation to collaborators Feb 27, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Static & binary files in Collections
4 participants
@parkr @benbalter @alfredxing @jekyllbot