From 05f1fac2a7e1c1aacb7638948fe59f557f6aa67e Mon Sep 17 00:00:00 2001
From: Ben Balter <ben.balter@github.com>
Date: Tue, 1 Jul 2014 18:28:51 -0400
Subject: [PATCH] Add feature for layouts vuln.

---
 features/site_configuration.feature | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/features/site_configuration.feature b/features/site_configuration.feature
index f42f3833..8aaa9e1d 100644
--- a/features/site_configuration.feature
+++ b/features/site_configuration.feature
@@ -273,3 +273,11 @@ Feature: Site configuration
     And I should see "Whatever" in "_site/index.html"
     And the "_site/test.txt" file should exist
     And I should see "this is a test" in "_site/test.txt"
+
+  Scenario: arbitrary file reads via layouts
+    Given I have an "index.html" page with layout "page" that contains "FOO"
+    And I have a "_config.yml" file that contains "layouts: '../../../../../../../../../../../../../../usr/include'"
+    When I run jekyll build
+    Then the _site directory should exist
+    And I should see "FOO" in "_site/index.html"
+    And I should not see " " in "_site/index.html"