sanitize urls and ignore symlinks

jekyll · Mar 11, 2011 · 13cc44f · 13cc44f
1 parent be8b771
commit 13cc44f
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 24 deletions.
diff --git a/lib/jekyll/page.rb b/lib/jekyll/page.rb
@@ -55,14 +55,23 @@ def template
     #
     # Returns <String>
     def url
-      return permalink if permalink
-
-      @url ||= {
-        "basename"   => self.basename,
-        "output_ext" => self.output_ext,
-      }.inject(template) { |result, token|
-        result.gsub(/:#{token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      return @url if @url
+
+      url = if permalink
+        permalink
+      else
+        {
+          "basename"   => self.basename,
+          "output_ext" => self.output_ext,
+        }.inject(template) { |result, token|
+          result.gsub(/:#{token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
     end
 
     # Extract information from the page filename

diff --git a/lib/jekyll/post.rb b/lib/jekyll/post.rb
@@ -117,20 +117,29 @@ def template
     #
     # Returns <String>
     def url
-      return permalink if permalink
-
-      @url ||= {
-        "year"       => date.strftime("%Y"),
-        "month"      => date.strftime("%m"),
-        "day"        => date.strftime("%d"),
-        "title"      => CGI.escape(slug),
-        "i_day"      => date.strftime("%d").to_i.to_s,
-        "i_month"    => date.strftime("%m").to_i.to_s,
-        "categories" => categories.join('/'),
-        "output_ext" => self.output_ext
-      }.inject(template) { |result, token|
-        result.gsub(/:#{Regexp.escape token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      return @url if @url
+
+      url = if permalink
+        permalink
+      else
+        {
+          "year"       => date.strftime("%Y"),
+          "month"      => date.strftime("%m"),
+          "day"        => date.strftime("%d"),
+          "title"      => CGI.escape(slug),
+          "i_day"      => date.strftime("%d").to_i.to_s,
+          "i_month"    => date.strftime("%m").to_i.to_s,
+          "categories" => categories.join('/'),
+          "output_ext" => self.output_ext
+        }.inject(template) { |result, token|
+          result.gsub(/:#{Regexp.escape token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
     end
 
     # The UID for this post (useful in feeds)

diff --git a/lib/jekyll/site.rb b/lib/jekyll/site.rb
@@ -210,7 +210,7 @@ def write
     # Returns nothing
     def read_directories(dir = '')
       base = File.join(self.source, dir)
-      entries = filter_entries(Dir.entries(base))
+      entries = Dir.chdir(base){ filter_entries(Dir['*']) }
 
       self.read_posts(dir)
 
@@ -268,7 +268,10 @@ def site_payload
     def filter_entries(entries)
       entries = entries.reject do |e|
         unless ['.htaccess'].include?(e)
-          ['.', '_', '#'].include?(e[0..0]) || e[-1..-1] == '~' || self.exclude.include?(e)
+          ['.', '_', '#'].include?(e[0..0]) ||
+          e[-1..-1] == '~' ||
+          self.exclude.include?(e) ||
+          File.symlink?(e)
         end
       end
     end