Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Don't allow people to proxy a path to itself, or to another proxy. #518

Merged
merged 1 commit into from

2 participants

@bhollis
Owner

This would make #516 less of a mystery.

@bhollis
Owner

Good catch, I hadn't meant to include that temporary debugging statement. Now it's just the exceptions.

@tdreyno tdreyno merged commit f062bb7 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 8 additions and 2 deletions.
  1. +8 −2 middleman-core/lib/middleman-core/sitemap/extensions/proxies.rb
View
10 middleman-core/lib/middleman-core/sitemap/extensions/proxies.rb
@@ -31,6 +31,8 @@ def proxy?
# @param [String] target
# @return [void]
def proxy_to(target)
+ target = ::Middleman::Util.normalize_path(target)
+ raise "You can't proxy #{path} to itself!" if target == path
@proxied_to = target
end
@@ -55,9 +57,13 @@ def get_source_file
proxy_resource = store.find_resource_by_path(proxied_to)
unless proxy_resource
- raise "Path #{path} proxies to unknown file #{proxied_to}"
+ raise "Path #{path} proxies to unknown file #{proxied_to}:#{store.resources.map(&:path)}"
end
+ if proxy_resource.proxy?
+ raise "You can't proxy #{path} to #{proxied_to} which is itself a proxy."
+ end
+
proxy_resource.source_file
end
end
@@ -105,4 +111,4 @@ def manipulate_resource_list(resources)
end
end
end
-end
+end
Something went wrong with that request. Please try again.