From 39aba2c64ddfb88afcd4888a66026633c4ee00bd Mon Sep 17 00:00:00 2001 From: Florian Thomas Date: Thu, 4 Jan 2018 21:31:01 +0000 Subject: [PATCH 1/2] inform that symlinks are not allowed in safe mode If the file given to `include` / `include_relative` can't be found in safe mode it might be because it is a symlink which are not allowed in safe mode. We should make the user aware of this. This closes #6480. --- lib/jekyll/tags/include.rb | 14 +++++++++++--- test/test_tags.rb | 8 +++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/jekyll/tags/include.rb b/lib/jekyll/tags/include.rb index e7464786454..f26c8b44a20 100644 --- a/lib/jekyll/tags/include.rb +++ b/lib/jekyll/tags/include.rb @@ -115,9 +115,7 @@ def locate_include_file(context, file, safe) path = File.join(dir.to_s, file.to_s) return path if valid_include_file?(path, dir.to_s, safe) end - raise IOError, "Could not locate the included file '#{file}' in any of "\ - "#{includes_dirs}. Ensure it exists in one of those directories and, "\ - "if it is a symlink, does not point outside your site source." + raise IOError, could_not_locate_message(file, includes_dirs, safe) end def render(context) @@ -192,6 +190,16 @@ def realpath_prefixed_with?(path, dir) def read_file(file, context) File.read(file, file_read_opts(context)) end + + def could_not_locate_message(file, includes_dirs, safe) + message = "Could not locate the included file '#{file}' in any of "\ + "#{includes_dirs}. Ensure it exists in one of those directories and" + message + if safe + " is not a symlink as those are not allowed in safe mode." + else + ", if it is a symlink, does not point outside your site source." + end + end end class IncludeRelativeTag < IncludeTag diff --git a/test/test_tags.rb b/test/test_tags.rb index a76f0df138a..5712a9f090b 100644 --- a/test/test_tags.rb +++ b/test/test_tags.rb @@ -912,7 +912,9 @@ def highlight_block_with_opts(options_string) end assert_match( "Could not locate the included file 'tmp/pages-test-does-not-exist' " \ - "in any of [\"#{source_dir}/_includes\"].", + "in any of [\"#{source_dir}/_includes\"]. Ensure it exists in one of " \ + "those directories and is not a symlink as those are not allowed in " \ + "safe mode.", ex.message ) end @@ -1271,8 +1273,8 @@ def highlight_block_with_opts(options_string) }) end assert_match( - "Ensure it exists in one of those directories and, if it is a symlink, does " \ - "not point outside your site source.", + "Ensure it exists in one of those directories and is not a symlink "\ + "as those are not allowed in safe mode.", ex.message ) end From 41094642399cbe1dabb1c675cd7969516d5bb2f9 Mon Sep 17 00:00:00 2001 From: Florian Thomas Date: Sun, 14 Jan 2018 12:45:42 +0000 Subject: [PATCH 2/2] make method private thanks @ashmaroli --- lib/jekyll/tags/include.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/jekyll/tags/include.rb b/lib/jekyll/tags/include.rb index f26c8b44a20..6199251508b 100644 --- a/lib/jekyll/tags/include.rb +++ b/lib/jekyll/tags/include.rb @@ -191,6 +191,8 @@ def read_file(file, context) File.read(file, file_read_opts(context)) end + private + def could_not_locate_message(file, includes_dirs, safe) message = "Could not locate the included file '#{file}' in any of "\ "#{includes_dirs}. Ensure it exists in one of those directories and"