sanitize urls and ignore symlinks

2011-03-07 22:12:31 -08:00 · 2011-03-07 22:12:31 -08:00 · 13cc44fb12
parent be8b7715d3
commit 13cc44fb12
3 changed files with 43 additions and 22 deletions
--- a/lib/jekyll/page.rb
+++ b/lib/jekyll/page.rb
@ -55,14 +55,23 @@ module Jekyll
    #
    # Returns <String>
    def url
-      return permalink if permalink
+      return @url if @url

-      @url ||= {
-        "basename"   => self.basename,
-        "output_ext" => self.output_ext,
-      }.inject(template) { |result, token|
-        result.gsub(/:#{token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      url = if permalink
+        permalink
+      else
+        {
+          "basename"   => self.basename,
+          "output_ext" => self.output_ext,
+        }.inject(template) { |result, token|
+          result.gsub(/:#{token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
    end

    # Extract information from the page filename
--- a/lib/jekyll/post.rb
+++ b/lib/jekyll/post.rb
@ -117,20 +117,29 @@ module Jekyll
    #
    # Returns <String>
    def url
-      return permalink if permalink
+      return @url if @url

-      @url ||= {
-        "year"       => date.strftime("%Y"),
-        "month"      => date.strftime("%m"),
-        "day"        => date.strftime("%d"),
-        "title"      => CGI.escape(slug),
-        "i_day"      => date.strftime("%d").to_i.to_s,
-        "i_month"    => date.strftime("%m").to_i.to_s,
-        "categories" => categories.join('/'),
-        "output_ext" => self.output_ext
-      }.inject(template) { |result, token|
-        result.gsub(/:#{Regexp.escape token.first}/, token.last)
-      }.gsub(/\/\//, "/")
+      url = if permalink
+        permalink
+      else
+        {
+          "year"       => date.strftime("%Y"),
+          "month"      => date.strftime("%m"),
+          "day"        => date.strftime("%d"),
+          "title"      => CGI.escape(slug),
+          "i_day"      => date.strftime("%d").to_i.to_s,
+          "i_month"    => date.strftime("%m").to_i.to_s,
+          "categories" => categories.join('/'),
+          "output_ext" => self.output_ext
+        }.inject(template) { |result, token|
+          result.gsub(/:#{Regexp.escape token.first}/, token.last)
+        }.gsub(/\/\//, "/")
+      end
+
+      # sanitize url
+      @url = url.split('/').reject{ |part| part =~ /^\.+$/ }.join('/')
+      @url += "/" if url =~ /\/$/
+      @url
    end

    # The UID for this post (useful in feeds)
--- a/lib/jekyll/site.rb
+++ b/lib/jekyll/site.rb
@ -210,7 +210,7 @@ module Jekyll
    # Returns nothing
    def read_directories(dir = '')
      base = File.join(self.source, dir)
-      entries = filter_entries(Dir.entries(base))
+      entries = Dir.chdir(base){ filter_entries(Dir['*']) }

      self.read_posts(dir)

@ -268,7 +268,10 @@ module Jekyll
    def filter_entries(entries)
      entries = entries.reject do |e|
        unless ['.htaccess'].include?(e)
-          ['.', '_', '#'].include?(e[0..0]) || e[-1..-1] == '~' || self.exclude.include?(e)
+          ['.', '_', '#'].include?(e[0..0]) ||
+          e[-1..-1] == '~' ||
+          self.exclude.include?(e) ||
+          File.symlink?(e)
        end
      end
    end