Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inform that symlinks are not allowed in safe mode #6670

Merged
merged 2 commits into from Jan 14, 2018
Merged

inform that symlinks are not allowed in safe mode #6670

merged 2 commits into from Jan 14, 2018

Conversation

Crunch09
Copy link
Member

@Crunch09 Crunch09 commented Jan 4, 2018
edited

If the file given to include / include_relative can't be found in safe mode it might be because it is a symlink which are not allowed in safe mode. We should make the user aware of this.

This closes #6480.

There was a note added to the symlink check two years ago which says that the symlinks could now be allowed in safe mode. Can someone confirm this as i'm not familiar with the security implications (especially for github pages)? Maybe @parkr or @envygeeks as he has written that note?

/cc @jekyll/build

@Crunch09
inform that symlinks are not allowed in safe mode
39aba2c 
If the file given to `include` / `include_relative` can't be
found in safe mode it might be because it is a symlink which are
not allowed in safe mode. We should make the user aware of this.

This closes jekyll#6480.
@Crunch09 Crunch09 assigned Crunch09 and unassigned parkr Jan 4, 2018
ashmaroli
ashmaroli reviewed Jan 14, 2018
View reviewed changes
lib/jekyll/tags/include.rb Outdated
@@ -192,6 +190,16 @@ def realpath_prefixed_with?(path, dir)
def read_file(file, context)
File.read(file, file_read_opts(context))
end

def could_not_locate_message(file, includes_dirs, safe)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, this method should be marked as private to denote its "internal" role..

ashmaroli
ashmaroli approved these changes Jan 14, 2018
View reviewed changes
Copy link
Member

@ashmaroli ashmaroli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@parkr
Copy link
Member

parkr commented Jan 14, 2018

@jekyllbot: merge +bug

@jekyllbot jekyllbot merged commit 082e062 into jekyll:master Jan 14, 2018
jekyllbot added a commit that referenced this pull request Jan 14, 2018
@jekyllbot
Update history to reflect merge of #6670 [ci skip]
9cc6e2a
@jekyll jekyll locked and limited conversation to collaborators Jul 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@parkr parkr parkr approved these changes

@ashmaroli ashmaroli ashmaroli approved these changes

@ayastreb ayastreb Awaiting requested review from ayastreb

@mattr- mattr- Awaiting requested review from mattr-

Assignees

@Crunch09 Crunch09

Labels
fix frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

relative include with symlink
4 participants
@Crunch09 @parkr @ashmaroli @jekyllbot