Skip to content
Browse files

Prevent _includes dir from being a symlink.

  • Loading branch information...
1 parent 61acd47 commit 3ab016870d507b5913caf980a272a8680cc2a38d @mojombo mojombo committed Nov 22, 2010
Showing with 8 additions and 1 deletion.
  1. +1 −0 History.txt
  2. +7 −1 lib/jekyll/tags/include.rb
View
1 History.txt
@@ -9,6 +9,7 @@
* Bug Fixes
* Fixed filename basename generation (#208)
* Set mode to UTF8 on Sequel connections (#237)
+ * Prevent _includes dir from being a symlink
== 0.7.0 / 2010-08-24
* Minor Enhancements
View
8 lib/jekyll/tags/include.rb
@@ -7,11 +7,17 @@ def initialize(tag_name, file, tokens)
end
def render(context)
+ includes_dir = File.join(context.registers[:site].source, '_includes')
+
+ if File.symlink?(includes_dir)
+ return "Includes directory '#{includes_dir}' cannot be a symlink"
+ end
+
if @file !~ /^[a-zA-Z0-9_\/\.-]+$/ || @file =~ /\.\// || @file =~ /\/\./
return "Include file '#{@file}' contains invalid characters or sequences"
end
- Dir.chdir(File.join(context.registers[:site].source, '_includes')) do
+ Dir.chdir(includes_dir) do
choices = Dir['**/*'].reject { |x| File.symlink?(x) }
if choices.include?(@file)
source = File.read(@file)

0 comments on commit 3ab0168

Please sign in to comment.
Something went wrong with that request. Please try again.