inform that symlinks are not allowed in safe mode (#6670)
Merge pull request 6670
This commit is contained in:
Florian Thomas
jekyllbot
parent
f77d704a1b
commit
082e0623af
|
|
@ -115,9 +115,7 @@ MSG
|
||||||
path = File.join(dir.to_s, file.to_s)
|
path = File.join(dir.to_s, file.to_s)
|
||||||
return path if valid_include_file?(path, dir.to_s, safe)
|
return path if valid_include_file?(path, dir.to_s, safe)
|
||||||
end
|
end
|
||||||
raise IOError, "Could not locate the included file '#{file}' in any of "\
|
raise IOError, could_not_locate_message(file, includes_dirs, safe)
|
||||||
"#{includes_dirs}. Ensure it exists in one of those directories and, "\
|
|
||||||
"if it is a symlink, does not point outside your site source."
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def render(context)
|
def render(context)
|
||||||
|
|
@ -192,6 +190,18 @@ MSG
|
||||||
def read_file(file, context)
|
def read_file(file, context)
|
||||||
File.read(file, file_read_opts(context))
|
File.read(file, file_read_opts(context))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def could_not_locate_message(file, includes_dirs, safe)
|
||||||
|
message = "Could not locate the included file '#{file}' in any of "\
|
||||||
|
"#{includes_dirs}. Ensure it exists in one of those directories and"
|
||||||
|
message + if safe
|
||||||
|
" is not a symlink as those are not allowed in safe mode."
|
||||||
|
else
|
||||||
|
", if it is a symlink, does not point outside your site source."
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class IncludeRelativeTag < IncludeTag
|
class IncludeRelativeTag < IncludeTag
|
||||||
|
|
|
||||||
|
|
@ -912,7 +912,9 @@ CONTENT
|
||||||
end
|
end
|
||||||
assert_match(
|
assert_match(
|
||||||
"Could not locate the included file 'tmp/pages-test-does-not-exist' " \
|
"Could not locate the included file 'tmp/pages-test-does-not-exist' " \
|
||||||
"in any of [\"#{source_dir}/_includes\"].",
|
"in any of [\"#{source_dir}/_includes\"]. Ensure it exists in one of " \
|
||||||
|
"those directories and is not a symlink as those are not allowed in " \
|
||||||
|
"safe mode.",
|
||||||
ex.message
|
ex.message
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
@ -1271,8 +1273,8 @@ CONTENT
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
assert_match(
|
assert_match(
|
||||||
"Ensure it exists in one of those directories and, if it is a symlink, does " \
|
"Ensure it exists in one of those directories and is not a symlink "\
|
||||||
"not point outside your site source.",
|
"as those are not allowed in safe mode.",
|
||||||
ex.message
|
ex.message
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue