diff options
| author | Bjørn Erik Pedersen <[email protected]> | 2019-07-25 00:12:40 +0200 |
|---|---|---|
| committer | Bjørn Erik Pedersen <[email protected]> | 2019-07-25 11:27:25 +0200 |
| commit | e5f229974166402f51e4ee0695ffb4d1e09fa174 (patch) | |
| tree | 44dc7adc4fd02cb563583afaff6ddaa781821e2f /helpers | |
| parent | 87a07282a2f01779e098cde0aaee1bae34dc32e6 (diff) | |
| download | hugo-e5f229974166402f51e4ee0695ffb4d1e09fa174.tar.gz hugo-e5f229974166402f51e4ee0695ffb4d1e09fa174.zip | |
Block symlink dir traversal for /static
This is in line with how it behaved before, but it was lifted a little for the project mount for Hugo Modules,
but that could create hard-to-detect loops.
Diffstat (limited to 'helpers')
| -rw-r--r-- | helpers/path_test.go | 6 | ||||
| -rw-r--r-- | helpers/pathspec.go | 9 | ||||
| -rw-r--r-- | helpers/pathspec_test.go | 2 | ||||
| -rw-r--r-- | helpers/testhelpers_test.go | 2 | ||||
| -rw-r--r-- | helpers/url_test.go | 8 |
5 files changed, 14 insertions, 13 deletions
diff --git a/helpers/path_test.go b/helpers/path_test.go index e58a045c1..d27d2e9b9 100644 --- a/helpers/path_test.go +++ b/helpers/path_test.go @@ -60,7 +60,7 @@ func TestMakePath(t *testing.T) { v.Set("removePathAccents", test.removeAccents) l := langs.NewDefaultLanguage(v) - p, err := NewPathSpec(hugofs.NewMem(v), l) + p, err := NewPathSpec(hugofs.NewMem(v), l, nil) require.NoError(t, err) output := p.MakePath(test.input) @@ -73,7 +73,7 @@ func TestMakePath(t *testing.T) { func TestMakePathSanitized(t *testing.T) { v := newTestCfg() - p, _ := NewPathSpec(hugofs.NewMem(v), v) + p, _ := NewPathSpec(hugofs.NewMem(v), v, nil) tests := []struct { input string @@ -101,7 +101,7 @@ func TestMakePathSanitizedDisablePathToLower(t *testing.T) { v.Set("disablePathToLower", true) l := langs.NewDefaultLanguage(v) - p, _ := NewPathSpec(hugofs.NewMem(v), l) + p, _ := NewPathSpec(hugofs.NewMem(v), l, nil) tests := []struct { input string diff --git a/helpers/pathspec.go b/helpers/pathspec.go index b82ebd992..d61757b3d 100644 --- a/helpers/pathspec.go +++ b/helpers/pathspec.go @@ -16,6 +16,7 @@ package helpers import ( "strings" + "github.com/gohugoio/hugo/common/loggers" "github.com/gohugoio/hugo/config" "github.com/gohugoio/hugo/hugofs" "github.com/gohugoio/hugo/hugolib/filesystems" @@ -37,13 +38,13 @@ type PathSpec struct { } // NewPathSpec creats a new PathSpec from the given filesystems and language. -func NewPathSpec(fs *hugofs.Fs, cfg config.Provider) (*PathSpec, error) { - return NewPathSpecWithBaseBaseFsProvided(fs, cfg, nil) +func NewPathSpec(fs *hugofs.Fs, cfg config.Provider, logger *loggers.Logger) (*PathSpec, error) { + return NewPathSpecWithBaseBaseFsProvided(fs, cfg, logger, nil) } // NewPathSpecWithBaseBaseFsProvided creats a new PathSpec from the given filesystems and language. // If an existing BaseFs is provided, parts of that is reused. -func NewPathSpecWithBaseBaseFsProvided(fs *hugofs.Fs, cfg config.Provider, baseBaseFs *filesystems.BaseFs) (*PathSpec, error) { +func NewPathSpecWithBaseBaseFsProvided(fs *hugofs.Fs, cfg config.Provider, logger *loggers.Logger, baseBaseFs *filesystems.BaseFs) (*PathSpec, error) { p, err := paths.New(fs, cfg) if err != nil { @@ -56,7 +57,7 @@ func NewPathSpecWithBaseBaseFsProvided(fs *hugofs.Fs, cfg config.Provider, baseB filesystems.WithBaseFs(baseBaseFs), } } - bfs, err := filesystems.NewBase(p, options...) + bfs, err := filesystems.NewBase(p, logger, options...) if err != nil { return nil, err } diff --git a/helpers/pathspec_test.go b/helpers/pathspec_test.go index 1c27f7e11..06a5a6199 100644 --- a/helpers/pathspec_test.go +++ b/helpers/pathspec_test.go @@ -42,7 +42,7 @@ func TestNewPathSpecFromConfig(t *testing.T) { fs := hugofs.NewMem(v) fs.Source.MkdirAll(filepath.FromSlash("thework/thethemes/thetheme"), 0777) - p, err := NewPathSpec(fs, l) + p, err := NewPathSpec(fs, l, nil) require.NoError(t, err) require.True(t, p.CanonifyURLs) diff --git a/helpers/testhelpers_test.go b/helpers/testhelpers_test.go index b74dccfc4..2d12289c6 100644 --- a/helpers/testhelpers_test.go +++ b/helpers/testhelpers_test.go @@ -10,7 +10,7 @@ import ( func newTestPathSpec(fs *hugofs.Fs, v *viper.Viper) *PathSpec { l := langs.NewDefaultLanguage(v) - ps, _ := NewPathSpec(fs, l) + ps, _ := NewPathSpec(fs, l, nil) return ps } diff --git a/helpers/url_test.go b/helpers/url_test.go index a2c945dfe..e049a1a0c 100644 --- a/helpers/url_test.go +++ b/helpers/url_test.go @@ -28,7 +28,7 @@ func TestURLize(t *testing.T) { v := newTestCfg() l := langs.NewDefaultLanguage(v) - p, _ := NewPathSpec(hugofs.NewMem(v), l) + p, _ := NewPathSpec(hugofs.NewMem(v), l, nil) tests := []struct { input string @@ -90,7 +90,7 @@ func doTestAbsURL(t *testing.T, defaultInSubDir, addLanguage, multilingual bool, v.Set("baseURL", test.baseURL) v.Set("contentDir", "content") l := langs.NewLanguage(lang, v) - p, _ := NewPathSpec(hugofs.NewMem(v), l) + p, _ := NewPathSpec(hugofs.NewMem(v), l, nil) output := p.AbsURL(test.input, addLanguage) expected := test.expected @@ -168,7 +168,7 @@ func doTestRelURL(t *testing.T, defaultInSubDir, addLanguage, multilingual bool, v.Set("baseURL", test.baseURL) v.Set("canonifyURLs", test.canonify) l := langs.NewLanguage(lang, v) - p, _ := NewPathSpec(hugofs.NewMem(v), l) + p, _ := NewPathSpec(hugofs.NewMem(v), l, nil) output := p.RelURL(test.input, addLanguage) @@ -256,7 +256,7 @@ func TestURLPrep(t *testing.T) { v := newTestCfg() v.Set("uglyURLs", d.ugly) l := langs.NewDefaultLanguage(v) - p, _ := NewPathSpec(hugofs.NewMem(v), l) + p, _ := NewPathSpec(hugofs.NewMem(v), l, nil) output := p.URLPrep(d.input) if d.output != output { |