From 7317627b97f6e8d02237db9e2c6c99dd6deaadd8 Mon Sep 17 00:00:00 2001
From: ashmaroli <ashmaroli@users.noreply.github.com>
Date: Wed, 21 Mar 2018 20:06:06 +0530
Subject: [PATCH] Improve regex usage in `Tags::IncludeTag` (#6848)

Merge pull request 6848
---
 features/include_tag.feature | 25 +++++++++++++++++++++++++
 lib/jekyll/tags/include.rb   | 11 +++++++----
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/features/include_tag.feature b/features/include_tag.feature
index c8ebf717..f4d8b810 100644
--- a/features/include_tag.feature
+++ b/features/include_tag.feature
@@ -104,3 +104,28 @@ Feature: Include tags
     Then I should get a zero exit status
     And the _site directory should exist
     And I should see "include" in "_site/index.html"
+
+  Scenario: Include a file-path with non-alphanumeric character sequences
+    Given I have an _includes directory
+    And I have an "_includes/header-en.html" file that contains "include"
+    And I have an "index.html" page that contains "{% include ./header-en.html %}"
+    When I run jekyll build
+    Then I should get a non-zero exit status
+    And I should see "Invalid syntax for include tag." in the build output
+    When I have an "index.html" page that contains "{% include foo/.header-en.html %}"
+    When I run jekyll build
+    Then I should get a non-zero exit status
+    And I should see "Invalid syntax for include tag." in the build output
+    When I have an "index.html" page that contains "{% include //header-en.html %}"
+    When I run jekyll build
+    Then I should get a non-zero exit status
+    And I should see "Invalid syntax for include tag." in the build output
+    When I have an "index.html" page that contains "{% include ..header-en.html %}"
+    When I run jekyll build
+    Then I should get a non-zero exit status
+    And I should see "Invalid syntax for include tag." in the build output
+    When I have an "index.html" page that contains "{% include header-en.html %}"
+    When I run jekyll build
+    Then I should get a zero exit status
+    And the _site directory should exist
+    And I should see "include" in "_site/index.html"
diff --git a/lib/jekyll/tags/include.rb b/lib/jekyll/tags/include.rb
index 61992515..1c4d6566 100644
--- a/lib/jekyll/tags/include.rb
+++ b/lib/jekyll/tags/include.rb
@@ -21,6 +21,10 @@ module Jekyll
         (?<params>.*)
       !x
 
+      FULL_VALID_SYNTAX = %r!\A\s*(?:#{VALID_SYNTAX}(?=\s|\z)\s*)*\z!
+      VALID_FILENAME_CHARS = %r!^[\w/\.-]+$!
+      INVALID_SEQUENCES = %r![./]{2,}!
+
       def initialize(tag_name, markup, tokens)
         super
         matched = markup.strip.match(VARIABLE_SYNTAX)
@@ -59,7 +63,7 @@ module Jekyll
       end
 
       def validate_file_name(file)
-        if file !~ %r!^[a-zA-Z0-9_/\.-]+$! || file =~ %r!\./! || file =~ %r!/\.!
+        if file =~ INVALID_SEQUENCES || file !~ VALID_FILENAME_CHARS
           raise ArgumentError, <<-MSG
 Invalid syntax for include tag. File contains invalid characters or sequences:
 
@@ -74,8 +78,7 @@ MSG
       end
 
       def validate_params
-        full_valid_syntax = %r!\A\s*(?:#{VALID_SYNTAX}(?=\s|\z)\s*)*\z!
-        unless @params =~ full_valid_syntax
+        unless @params =~ FULL_VALID_SYNTAX
           raise ArgumentError, <<-MSG
 Invalid syntax for include tag:
 
@@ -96,7 +99,7 @@ MSG
 
       # Render the variable if required
       def render_variable(context)
-        if @file.match(VARIABLE_SYNTAX)
+        if @file =~ VARIABLE_SYNTAX
           partial = context.registers[:site]
             .liquid_renderer
             .file("(variable)")