From 57ccbe08ea8553e31d4234380277865a3d6569ad Mon Sep 17 00:00:00 2001
From: Parker Moore <parkrmoore@gmail.com>
Date: Thu, 21 Apr 2016 16:32:52 -0700
Subject: [PATCH] Ensure symlinks work as expected (and secured).

---
 lib/jekyll/theme.rb               | 11 ++++++++++-
 test/fixtures/test-theme/_symlink |  1 +
 test/test_theme.rb                |  5 +++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 120000 test/fixtures/test-theme/_symlink

diff --git a/lib/jekyll/theme.rb b/lib/jekyll/theme.rb
index 15ca8c85..ed9cc68d 100644
--- a/lib/jekyll/theme.rb
+++ b/lib/jekyll/theme.rb
@@ -34,10 +34,19 @@ module Jekyll
     private
 
     def path_for(folder)
-      path = Jekyll.sanitized_path root, "_#{folder}"
+      resolved_dir = realpath_for(folder)
+      return unless resolved_dir
+
+      path = Jekyll.sanitized_path(root, resolved_dir)
       path if Dir.exists?(path)
     end
 
+    def realpath_for(folder)
+      File.realpath(Jekyll.sanitized_path(root, "_#{folder}"))
+    rescue Errno::ENOENT, Errno::EACCES, Errno::ELOOP
+      nil
+    end
+
     def gemspec
       @gemspec ||= Gem::Specification.find_by_name(name)
     rescue Gem::LoadError
diff --git a/test/fixtures/test-theme/_symlink b/test/fixtures/test-theme/_symlink
new file mode 120000
index 00000000..d2d6aac5
--- /dev/null
+++ b/test/fixtures/test-theme/_symlink
@@ -0,0 +1 @@
+_layouts
\ No newline at end of file
diff --git a/test/test_theme.rb b/test/test_theme.rb
index 46c456d4..9767946e 100644
--- a/test/test_theme.rb
+++ b/test/test_theme.rb
@@ -52,6 +52,11 @@ class TestTheme < JekyllUnitTest
     should "return nil for paths that don't exist" do
       assert_equal nil, @theme.send(:path_for, "foo")
     end
+
+    should "return the resolved path when a symlink & resolved path exists" do
+      expected = File.expand_path("./_layouts", @expected_root)
+      assert_equal expected, @theme.send(:path_for, :symlink)
+    end
   end
 
   should "retrieve the gemspec" do