From 3373eb65257789b62b5eafcb4512c37c7151a6ed Mon Sep 17 00:00:00 2001
From: Parker Moore <parkrmoore@gmail.com>
Date: Sun, 7 Feb 2016 17:28:03 -0800
Subject: [PATCH 1/3] EntryFilter#special?: ignore filenames which begin with
 '~'

---
 lib/jekyll/entry_filter.rb | 2 +-
 test/test_entry_filter.rb  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/jekyll/entry_filter.rb b/lib/jekyll/entry_filter.rb
index 6d42c067..48509f9d 100644
--- a/lib/jekyll/entry_filter.rb
+++ b/lib/jekyll/entry_filter.rb
@@ -1,6 +1,6 @@
 module Jekyll
   class EntryFilter
-    SPECIAL_LEADING_CHARACTERS = ['.', '_', '#'].freeze
+    SPECIAL_LEADING_CHARACTERS = ['.', '_', '#', '~'].freeze
 
     attr_reader :site
 
diff --git a/test/test_entry_filter.rb b/test/test_entry_filter.rb
index c0ce59b3..546f0252 100644
--- a/test/test_entry_filter.rb
+++ b/test/test_entry_filter.rb
@@ -8,7 +8,7 @@ class TestEntryFilter < JekyllUnitTest
 
     should "filter entries" do
       ent1 = %w[foo.markdown bar.markdown baz.markdown #baz.markdown#
-              .baz.markdow foo.markdown~ .htaccess _posts _pages]
+              .baz.markdow foo.markdown~ .htaccess _posts _pages ~$benbalter.docx]
 
       entries = EntryFilter.new(@site).filter(ent1)
       assert_equal %w[foo.markdown bar.markdown baz.markdown .htaccess], entries

From 246e65914ffef6affb7b699de6fcd496168c332e Mon Sep 17 00:00:00 2001
From: Parker Moore <parkrmoore@gmail.com>
Date: Sun, 7 Feb 2016 17:52:15 -0800
Subject: [PATCH 2/3] Jekyll.sanitized_path: sanitizing a questionable path
 should handle tildes

---
 lib/jekyll.rb                  | 3 ++-
 test/test_path_sanitization.rb | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/jekyll.rb b/lib/jekyll.rb
index 8b92a045..6896bb0b 100644
--- a/lib/jekyll.rb
+++ b/lib/jekyll.rb
@@ -153,8 +153,9 @@ module Jekyll
     def sanitized_path(base_directory, questionable_path)
       return base_directory if base_directory.eql?(questionable_path)
 
+      questionable_path.insert(0, '/') if questionable_path.start_with?('~')
       clean_path = File.expand_path(questionable_path, "/")
-      clean_path = clean_path.sub(/\A\w\:\//, '/')
+      clean_path.sub!(/\A\w\:\//, '/')
 
       if clean_path.start_with?(base_directory.sub(/\A\w\:\//, '/'))
         clean_path
diff --git a/test/test_path_sanitization.rb b/test/test_path_sanitization.rb
index b04a2bad..148103ea 100644
--- a/test/test_path_sanitization.rb
+++ b/test/test_path_sanitization.rb
@@ -15,4 +15,13 @@ class TestPathSanitization < JekyllUnitTest
       assert_equal "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd", Jekyll.sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
     end
   end
+
+  should "escape tilde" do
+    assert_equal source_dir("~hi.txt"), Jekyll.sanitized_path(source_dir, "~hi.txt")
+    assert_equal source_dir("files", "~hi.txt"), Jekyll.sanitized_path(source_dir, "files/../files/~hi.txt")
+  end
+
+  should "remove path traversals" do
+    assert_equal source_dir("files", "hi.txt"), Jekyll.sanitized_path(source_dir, "f./../../../../../../files/hi.txt")
+  end
 end

From 0e89a37eaf7a426181b489fe0325081f4b7cda66 Mon Sep 17 00:00:00 2001
From: Parker Moore <parkrmoore@gmail.com>
Date: Sun, 7 Feb 2016 17:53:09 -0800
Subject: [PATCH 3/3] Revert "Jekyll.sanitized_path: sanitizing a questionable
 path should handle tildes"

This reverts commit 246e65914ffef6affb7b699de6fcd496168c332e.
---
 lib/jekyll.rb                  | 3 +--
 test/test_path_sanitization.rb | 9 ---------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/lib/jekyll.rb b/lib/jekyll.rb
index 6896bb0b..8b92a045 100644
--- a/lib/jekyll.rb
+++ b/lib/jekyll.rb
@@ -153,9 +153,8 @@ module Jekyll
     def sanitized_path(base_directory, questionable_path)
       return base_directory if base_directory.eql?(questionable_path)
 
-      questionable_path.insert(0, '/') if questionable_path.start_with?('~')
       clean_path = File.expand_path(questionable_path, "/")
-      clean_path.sub!(/\A\w\:\//, '/')
+      clean_path = clean_path.sub(/\A\w\:\//, '/')
 
       if clean_path.start_with?(base_directory.sub(/\A\w\:\//, '/'))
         clean_path
diff --git a/test/test_path_sanitization.rb b/test/test_path_sanitization.rb
index 148103ea..b04a2bad 100644
--- a/test/test_path_sanitization.rb
+++ b/test/test_path_sanitization.rb
@@ -15,13 +15,4 @@ class TestPathSanitization < JekyllUnitTest
       assert_equal "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd", Jekyll.sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
     end
   end
-
-  should "escape tilde" do
-    assert_equal source_dir("~hi.txt"), Jekyll.sanitized_path(source_dir, "~hi.txt")
-    assert_equal source_dir("files", "~hi.txt"), Jekyll.sanitized_path(source_dir, "files/../files/~hi.txt")
-  end
-
-  should "remove path traversals" do
-    assert_equal source_dir("files", "hi.txt"), Jekyll.sanitized_path(source_dir, "f./../../../../../../files/hi.txt")
-  end
 end