diff --git a/lib/jekyll/entry_filter.rb b/lib/jekyll/entry_filter.rb index 019133195d3..000e4cff79b 100644 --- a/lib/jekyll/entry_filter.rb +++ b/lib/jekyll/entry_filter.rb @@ -31,9 +31,12 @@ def relative_to_source(entry) def filter(entries) entries.reject do |e| - unless included?(e) - special?(e) || backup?(e) || excluded?(e) || symlink?(e) - end + # Reject this entry if it is a symlink. + next true if symlink?(e) + # Do not reject this entry if it is included. + next false if included?(e) + # Reject this entry if it is special, a backup file, or excluded. + special?(e) || backup?(e) || excluded?(e) end end diff --git a/test/source/symlink-test/symlinked-file-outside-source b/test/source/symlink-test/symlinked-file-outside-source new file mode 120000 index 00000000000..3594e94c04d --- /dev/null +++ b/test/source/symlink-test/symlinked-file-outside-source @@ -0,0 +1 @@ +/etc/passwd \ No newline at end of file diff --git a/test/test_entry_filter.rb b/test/test_entry_filter.rb index c9025092318..f41eed4f188 100644 --- a/test/test_entry_filter.rb +++ b/test/test_entry_filter.rb @@ -5,7 +5,7 @@ class TestEntryFilter < JekyllUnitTest context "Filtering entries" do setup do - @site = Site.new(site_configuration) + @site = fixture_site end should "filter entries" do @@ -87,7 +87,7 @@ class TestEntryFilter < JekyllUnitTest # no support for symlinks on Windows skip_if_windows "Jekyll does not currently support symlinks on Windows." - site = Site.new(site_configuration("safe" => true)) + site = fixture_site("safe" => true) site.reader.read_directories("symlink-test") assert_equal %w(main.scss symlinked-file).length, site.pages.length @@ -99,11 +99,21 @@ class TestEntryFilter < JekyllUnitTest # no support for symlinks on Windows skip_if_windows "Jekyll does not currently support symlinks on Windows." - site = Site.new(site_configuration) + @site.reader.read_directories("symlink-test") + refute_equal [], @site.pages + refute_equal [], @site.static_files + end + + should "include only safe symlinks in safe mode even when included" do + # no support for symlinks on Windows + skip_if_windows "Jekyll does not currently support symlinks on Windows." + site = fixture_site("safe" => true, "include" => ["symlinked-file-outside-source"]) site.reader.read_directories("symlink-test") - refute_equal [], site.pages - refute_equal [], site.static_files + + # rubocop:disable Performance/FixedSize + assert_equal %w(main.scss symlinked-file).length, site.pages.length + refute_includes site.static_files.map(&:name), "symlinked-file-outside-source" end end diff --git a/test/test_layout_reader.rb b/test/test_layout_reader.rb index 96d2045a148..cade8d44f14 100644 --- a/test/test_layout_reader.rb +++ b/test/test_layout_reader.rb @@ -31,5 +31,51 @@ class TestLayoutReader < JekyllUnitTest assert_equal LayoutReader.new(@site).layout_directory, source_dir("blah/_layouts") end end + + context "when a layout is a symlink" do + setup do + FileUtils.ln_sf("/etc/passwd", source_dir("_layouts", "symlink.html")) + @site = fixture_site({ + "safe" => true, + "include" => ["symlink.html"], + }) + end + + teardown do + FileUtils.rm(source_dir("_layouts", "symlink.html")) + end + + should "only read the layouts which are in the site" do + skip_if_windows "Jekyll does not currently support symlinks on Windows." + + layouts = LayoutReader.new(@site).read + + refute layouts.key?("symlink"), "Should not read the symlinked layout" + end + end + + context "with a theme" do + setup do + FileUtils.ln_sf("/etc/passwd", theme_dir("_layouts", "theme-symlink.html")) + @site = fixture_site({ + "include" => ["theme-symlink.html"], + "theme" => "test-theme", + "safe" => true, + }) + end + + teardown do + FileUtils.rm(theme_dir("_layouts", "theme-symlink.html")) + end + + should "not read a symlink'd theme" do + skip_if_windows "Jekyll does not currently support symlinks on Windows." + + layouts = LayoutReader.new(@site).read + + refute layouts.key?("theme-symlink"), \ + "Should not read symlinked layout from theme" + end + end end end