From 8368485fa0e92dd9ec6ebb2dfe1ce164bf46d55a Mon Sep 17 00:00:00 2001 From: Jason Roelofs Date: Tue, 3 Apr 2012 21:33:32 -0500 Subject: [PATCH 1/2] Remove deletion of dot files on cleanup. This is a potentially very dangerous action that's impossible to test that it's correct. If the '..' check line ever disappears, even running the tests will start deleting everything accessible on the person's computer. All dot-files that are generated are already known by Jekyll as either a static file or a page (yaml front matter), only remove those files. --- lib/jekyll/site.rb | 4 ++-- test/test_site.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/jekyll/site.rb b/lib/jekyll/site.rb index 9bdafa16..2f714e93 100644 --- a/lib/jekyll/site.rb +++ b/lib/jekyll/site.rb @@ -215,8 +215,8 @@ module Jekyll def cleanup # all files and directories in destination, including hidden ones dest_files = Set.new - Dir.glob(File.join(self.dest, "**", "*"), File::FNM_DOTMATCH) do |file| - dest_files << file unless file =~ /\/\.{1,2}$/ + Dir.glob(File.join(self.dest, "**", "*")) do |file| + dest_files << file end # files to be written diff --git a/test/test_site.rb b/test/test_site.rb index 712bf359..c0e70942 100644 --- a/test/test_site.rb +++ b/test/test_site.rb @@ -171,8 +171,6 @@ class TestSite < Test::Unit::TestCase clear_dest @site.process # generate some orphaned files: - # hidden file - File.open(dest_dir('.htpasswd'), 'w') # single file File.open(dest_dir('obsolete.html'), 'w') # single file in sub directory @@ -183,7 +181,6 @@ class TestSite < Test::Unit::TestCase end teardown do - FileUtils.rm_f(dest_dir('.htpasswd')) FileUtils.rm_f(dest_dir('obsolete.html')) FileUtils.rm_rf(dest_dir('qux')) FileUtils.rm_f(dest_dir('quux')) @@ -191,7 +188,6 @@ class TestSite < Test::Unit::TestCase should 'remove orphaned files in destination' do @site.process - assert !File.exist?(dest_dir('.htpasswd')) assert !File.exist?(dest_dir('obsolete.html')) assert !File.exist?(dest_dir('qux')) assert !File.exist?(dest_dir('quux')) From 604b60c9ba0be7d067100d01ef62532eab11d19d Mon Sep 17 00:00:00 2001 From: Jason Roelofs Date: Tue, 3 Apr 2012 22:03:43 -0500 Subject: [PATCH 2/2] Add checks to prevent accidental deletion of the source directory --- lib/jekyll/site.rb | 6 ++++++ test/test_site.rb | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/lib/jekyll/site.rb b/lib/jekyll/site.rb index 2f714e93..1f0f7b75 100644 --- a/lib/jekyll/site.rb +++ b/lib/jekyll/site.rb @@ -70,6 +70,12 @@ module Jekyll def setup require 'classifier' if self.lsi + # Check that the destination dir isn't the source dir or a directory + # parent to the source dir. + if self.source =~ /^#{self.dest}/ + raise FatalException.new "Destination directory cannot be or contain the Source directory." + end + # If safe mode is off, load in any Ruby files under the plugins # directory. unless self.safe diff --git a/test/test_site.rb b/test/test_site.rb index c0e70942..03f1886e 100644 --- a/test/test_site.rb +++ b/test/test_site.rb @@ -166,6 +166,28 @@ class TestSite < Test::Unit::TestCase assert_equal files, @site.filter_entries(files) end + context 'error handling' do + should "raise if destination is included in source" do + stub(Jekyll).configuration do + Jekyll::DEFAULTS.merge({'source' => source_dir, 'destination' => source_dir}) + end + + assert_raise Jekyll::FatalException do + site = Site.new(Jekyll.configuration) + end + end + + should "raise if destination is source" do + stub(Jekyll).configuration do + Jekyll::DEFAULTS.merge({'source' => source_dir, 'destination' => File.join(source_dir, "..")}) + end + + assert_raise Jekyll::FatalException do + site = Site.new(Jekyll.configuration) + end + end + end + context 'with orphaned files in destination' do setup do clear_dest