New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't read symlinks in site.include in safe mode #7711
Don't read symlinks in site.include in safe mode #7711
Conversation
Why is the filtering here and not in |
I didn't want to create a new |
I'm so sorry. I didn't do a good job of describing what I wanted. My original thought is that there could be a |
@mattr- Since |
@ashmaroli Right on. Thanks for the clarification. Do we need to get appveyor passing before merging this? Looks like it's only the Ruby 2.4 build that's failing. |
Its a spurious failure. The builds have all passed now. |
Thank you!! ❤️ @jekyllbot: merge +bug |
Summary
As a result of #7188, any entry in
site.include
that points to a file within thesource_dir
is read-in during a build. That created asecurity
issue where an entry referring to a symlink is read-in even if it points to an entity outside thesource_dir
.This PR attempts to resolve that by mirroringEntryFilter#symlink?
without creating a newEntryFilter
instance.