From c84cb5c007c540273965931ceb16953145a26bff Mon Sep 17 00:00:00 2001
From: Ben Balter <ben.balter@github.com>
Date: Mon, 6 Jan 2014 23:34:13 -0500
Subject: [PATCH] escape relative post permalinks, cleanup

Signed-off-by: Parker Moore <parkrmoore@gmail.com>
---
 lib/jekyll/post.rb | 2 +-
 test/test_post.rb  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/jekyll/post.rb b/lib/jekyll/post.rb
index 23e131ee..f9e678c6 100644
--- a/lib/jekyll/post.rb
+++ b/lib/jekyll/post.rb
@@ -270,7 +270,7 @@ module Jekyll
     # Returns destination file path String.
     def destination(dest)
       # The url needs to be unescaped in order to preserve the correct filename
-      path = File.join(dest, CGI.unescape(self.url))
+      path = File.join(dest, File.expand_path(CGI.unescape(self.url), "/"))
       path = File.join(path, "index.html") if path[/\.html$/].nil?
       path
     end
diff --git a/test/test_post.rb b/test/test_post.rb
index 9f189d2b..8145d755 100644
--- a/test/test_post.rb
+++ b/test/test_post.rb
@@ -104,11 +104,13 @@ class TestPost < Test::Unit::TestCase
       end
 
       should "not be writable outside of destination" do
+        unexpected = File.expand_path("../../../baddie.html", dest_dir)
+        File.delete unexpected if File.exist?(unexpected)
         post = setup_post("2014-01-06-permalink-traversal.md")
         do_render(post)
         post.write(dest_dir)
 
-        assert !File.exist?(File.expand_path("../../../baddie.html", dest_dir))
+        assert !File.exist?(unexpected)
         assert File.exist?(File.expand_path("baddie.html", dest_dir))
       end