diff --git a/lib/jekyll/tags/include.rb b/lib/jekyll/tags/include.rb index 43bf3dfc..644297d4 100644 --- a/lib/jekyll/tags/include.rb +++ b/lib/jekyll/tags/include.rb @@ -151,7 +151,8 @@ eos end def dir_to_include(context) - File.join(File.realpath(context.registers[:site].source), File.dirname(context.registers[:page]["path"])) + page_path = context.registers[:page].nil? ? includes_dir : File.dirname(context.registers[:page]["path"]) + File.join(File.realpath(context.registers[:site].source), page_path) end end end diff --git a/test/test_tags.rb b/test/test_tags.rb index 75abf849..756bdcb5 100644 --- a/test/test_tags.rb +++ b/test/test_tags.rb @@ -548,5 +548,60 @@ CONTENT should "include files relative to self" do assert_match %r{9 —\ntitle: Test Post Where YAML}, @content end + + context "trying to do bad stuff" do + context "include missing file" do + setup do + @content = < 'pretty', 'source' => source_dir, 'destination' => dest_dir, 'read_posts' => true}) + end + assert_equal 'Included file \'./missing.html\' not found', exception.message + end + end + end + + context "with symlink'd include" do + + should "not allow symlink includes" do + File.open("/tmp/pages-test", 'w') { |file| file.write("SYMLINK TEST") } + assert_raise IOError do + content = < 'pretty', 'source' => source_dir, 'destination' => dest_dir, 'read_posts' => true, 'safe' => true }) + end + assert_no_match /SYMLINK TEST/, @result + end + + should "not expose the existence of symlinked files" do + ex = assert_raise IOError do + content = < 'pretty', 'source' => source_dir, 'destination' => dest_dir, 'read_posts' => true, 'safe' => true }) + end + assert_match /should exist and should not be a symlink/, ex.message + end + end end end