From 13cc44fb1257ab60f433f7ae689f4cd770709ea3 Mon Sep 17 00:00:00 2001
From: Aman Gupta <aman@tmm1.net>
Date: Mon, 7 Mar 2011 22:12:31 -0800
Subject: [PATCH] sanitize urls and ignore symlinks

---
 lib/jekyll/page.rb | 23 ++++++++++++++++-------
 lib/jekyll/post.rb | 35 ++++++++++++++++++++++-------------
 lib/jekyll/site.rb |  7 +++++--
 3 files changed, 43 insertions(+), 22 deletions(-)

diff --git a/lib/jekyll/page.rb b/lib/jekyll/page.rb
index 2e996308..03f03da2 100644
--- a/lib/jekyll/page.rb
+++ b/lib/jekyll/page.rb
@@ -55,14 +55,23 @@ module Jekyll
     #
     # Returns <String>
     def url
-      return permalink if permalink
+      return @url if @url
 
-      @url ||= {
-        "basename"   => self.basename,
-        "output_ext" => self.output_ext,
-      }.inject(template) { |result, token|
-        result.gsub(/:#{token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      url = if permalink
+        permalink
+      else
+        {
+          "basename"   => self.basename,
+          "output_ext" => self.output_ext,
+        }.inject(template) { |result, token|
+          result.gsub(/:#{token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
     end
 
     # Extract information from the page filename
diff --git a/lib/jekyll/post.rb b/lib/jekyll/post.rb
index 7747eff4..8c866fe4 100644
--- a/lib/jekyll/post.rb
+++ b/lib/jekyll/post.rb
@@ -117,20 +117,29 @@ module Jekyll
     #
     # Returns <String>
     def url
-      return permalink if permalink
+      return @url if @url
 
-      @url ||= {
-        "year"       => date.strftime("%Y"),
-        "month"      => date.strftime("%m"),
-        "day"        => date.strftime("%d"),
-        "title"      => CGI.escape(slug),
-        "i_day"      => date.strftime("%d").to_i.to_s,
-        "i_month"    => date.strftime("%m").to_i.to_s,
-        "categories" => categories.join('/'),
-        "output_ext" => self.output_ext
-      }.inject(template) { |result, token|
-        result.gsub(/:#{Regexp.escape token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      url = if permalink
+        permalink
+      else
+        {
+          "year"       => date.strftime("%Y"),
+          "month"      => date.strftime("%m"),
+          "day"        => date.strftime("%d"),
+          "title"      => CGI.escape(slug),
+          "i_day"      => date.strftime("%d").to_i.to_s,
+          "i_month"    => date.strftime("%m").to_i.to_s,
+          "categories" => categories.join('/'),
+          "output_ext" => self.output_ext
+        }.inject(template) { |result, token|
+          result.gsub(/:#{Regexp.escape token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
     end
 
     # The UID for this post (useful in feeds)
diff --git a/lib/jekyll/site.rb b/lib/jekyll/site.rb
index f7bea02e..1ee62a54 100644
--- a/lib/jekyll/site.rb
+++ b/lib/jekyll/site.rb
@@ -210,7 +210,7 @@ module Jekyll
     # Returns nothing
     def read_directories(dir = '')
       base = File.join(self.source, dir)
-      entries = filter_entries(Dir.entries(base))
+      entries = Dir.chdir(base){ filter_entries(Dir['*']) }
 
       self.read_posts(dir)
 
@@ -268,7 +268,10 @@ module Jekyll
     def filter_entries(entries)
       entries = entries.reject do |e|
         unless ['.htaccess'].include?(e)
-          ['.', '_', '#'].include?(e[0..0]) || e[-1..-1] == '~' || self.exclude.include?(e)
+          ['.', '_', '#'].include?(e[0..0]) ||
+          e[-1..-1] == '~' ||
+          self.exclude.include?(e) ||
+          File.symlink?(e)
         end
       end
     end