Validate file name as soon as possible
This commit is contained in:
Anatol Broder
parent
8017548bd0
commit
25519b38f6
|
|
@ -11,10 +11,11 @@ module Jekyll
|
||||||
def initialize(tag_name, markup, tokens)
|
def initialize(tag_name, markup, tokens)
|
||||||
super
|
super
|
||||||
@file, @params = markup.strip.split(' ', 2);
|
@file, @params = markup.strip.split(' ', 2);
|
||||||
|
validate_file_name
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_params(context)
|
def parse_params(context)
|
||||||
validate_syntax
|
validate_params
|
||||||
|
|
||||||
params = {}
|
params = {}
|
||||||
markup = @params
|
markup = @params
|
||||||
|
|
@ -35,12 +36,6 @@ module Jekyll
|
||||||
params
|
params
|
||||||
end
|
end
|
||||||
|
|
||||||
# ensure the entire markup string from start to end is valid syntax, and params are separated by spaces
|
|
||||||
def validate_syntax
|
|
||||||
validate_file_name
|
|
||||||
validate_params
|
|
||||||
end
|
|
||||||
|
|
||||||
def validate_file_name
|
def validate_file_name
|
||||||
if @file !~ /^[a-zA-Z0-9_\/\.-]+$/ || @file =~ /\.\// || @file =~ /\/\./
|
if @file !~ /^[a-zA-Z0-9_\/\.-]+$/ || @file =~ /\.\// || @file =~ /\/\./
|
||||||
raise SyntaxError.new <<-eos
|
raise SyntaxError.new <<-eos
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue