From 4c140efba8ae49946de92a1acb40ead4ccd00ffb Mon Sep 17 00:00:00 2001
From: Jens Nazarenus <jens@0x6a.de>
Date: Tue, 14 Jan 2014 22:56:47 +0100
Subject: [PATCH 1/2] fix full path leak to source directory when using include
 tag

---
 lib/jekyll/tags/include.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/jekyll/tags/include.rb b/lib/jekyll/tags/include.rb
index 5c679dc1..adc7c2bf 100644
--- a/lib/jekyll/tags/include.rb
+++ b/lib/jekyll/tags/include.rb
@@ -102,7 +102,7 @@ eos
         validate_file_name(file)
 
         path = File.join(dir, file)
-        validate_file(path, context.registers[:site].safe)
+        validate_file(context.registers[:site].source, path, context.registers[:site].safe)
 
         begin
           partial = Liquid::Template.parse(source(path, context))
@@ -122,11 +122,12 @@ eos
         end
       end
 
-      def validate_file(file, safe)
+      def validate_file(sourcedir, file, safe)
+        relative_file = Pathname.new(file).relative_path_from(Pathname.new(sourcedir))
         if !File.exists?(file)
-          raise IOError.new "Included file '#{file}' not found" 
+          raise IOError.new "Included file '#{relative_file}' not found" 
         elsif File.symlink?(file) && safe
-          raise IOError.new "The included file '#{file}' should not be a symlink"
+          raise IOError.new "The included file '#{relative_file}' should not be a symlink"
         end
       end
 

From 82bee23bd048983e2e11e654754e67359419c5b6 Mon Sep 17 00:00:00 2001
From: Jens Nazarenus <jens@0x6a.de>
Date: Wed, 15 Jan 2014 21:35:55 +0100
Subject: [PATCH 2/2] added tests for full path leak to source directory when
 using include tag

---
 test/test_tags.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/test/test_tags.rb b/test/test_tags.rb
index 8ecaf19b..efc108bd 100644
--- a/test/test_tags.rb
+++ b/test/test_tags.rb
@@ -487,6 +487,25 @@ CONTENT
       end
     end
 
+    context "include missing file" do
+      setup do
+        @content = <<CONTENT
+---
+title: missing file
+---
+
+{% include missing.html %}
+CONTENT
+      end
+
+      should "raise error relative to source directory" do
+        exception = assert_raise IOError do
+          create_post(@content, {'permalink' => 'pretty', 'source' => source_dir, 'destination' => dest_dir, 'read_posts' => true})
+        end
+        assert_equal 'Included file \'_includes/missing.html\' not found', exception.message
+      end
+    end
+
     context "include tag with variable and liquid filters" do
       setup do
         stub(Jekyll).configuration do