New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inform that symlinks are not allowed in safe mode #6670

Merged
merged 2 commits into from Jan 14, 2018

Conversation

Projects
None yet
4 participants
@Crunch09
Member

Crunch09 commented Jan 4, 2018

If the file given to include / include_relative can't be found in safe mode it might be because it is a symlink which are not allowed in safe mode. We should make the user aware of this.

This closes #6480.

There was a note added to the symlink check two years ago which says that the symlinks could now be allowed in safe mode. Can someone confirm this as i'm not familiar with the security implications (especially for github pages)? Maybe @parkr or @envygeeks as he has written that note?

/cc @jekyll/build

inform that symlinks are not allowed in safe mode
If the file given to `include` / `include_relative` can't be
found in safe mode it might be because it is a symlink which are
not allowed in safe mode. We should make the user aware of this.

This closes #6480.

@jekyllbot jekyllbot requested review from ayastreb, mattr- and parkr Jan 4, 2018

@Crunch09 Crunch09 assigned Crunch09 and unassigned parkr Jan 4, 2018

@@ -192,6 +190,16 @@ def realpath_prefixed_with?(path, dir)
def read_file(file, context)
File.read(file, file_read_opts(context))
end
def could_not_locate_message(file, includes_dirs, safe)

This comment has been minimized.

@ashmaroli

ashmaroli Jan 14, 2018

Member

IMO, this method should be marked as private to denote its "internal" role..

@ashmaroli

LGTM 👍

@parkr

parkr approved these changes Jan 14, 2018

@parkr

This comment has been minimized.

Member

parkr commented Jan 14, 2018

@jekyllbot: merge +bug

@jekyllbot jekyllbot merged commit 082e062 into jekyll:master Jan 14, 2018

3 checks passed

WIP ready for review
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jekyllbot jekyllbot added bug fix labels Jan 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment