jekyll 1.5.0 → 1.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of jekyll might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b8c189cd18215658c44d8d3deb0e8e7f901e5706
4
- data.tar.gz: e0744f3e95527b0bc9cf8686d40205d2b8a088c6
3
+ metadata.gz: 7774f515b69590f22a19d6d02f549f16176acfdc
4
+ data.tar.gz: a43d5a1e9ebd75da9f4d8445d6c738593ea11c9d
5
5
  SHA512:
6
- metadata.gz: 63ad197d84528333ac9f09d5012ffc566b1567745d8085dccc4fbcb8d2bf10a4719dc4685161202fac7cf6f0bf7f66ea417e82ee9d8d2ff653fb7a2b40194069
7
- data.tar.gz: 471a3dfac658531a67c19409e446112f0261fd011aca00616394c4eca662658385a4f0515c740000380870d97a6ba664397b718a004355580be64edd7d04613d
6
+ metadata.gz: 70cc97ba0736a056ceef606efec097fd966b4dc414780e643bd8f72f5881a276f74824e3faadd9fac0c02e96008662048935693a776386cfcf1112fcd4e336ae
7
+ data.tar.gz: a9f7b7f9a267a81f8de02195e1dad705f1452dd0639ffb623872d6602cf2fdab3b3130a0a72c41f30e86baece917ffa9fd6447f05e7a75e2d1bad0d49a49d295
@@ -10,6 +10,12 @@
10
10
 
11
11
  ### Site Enhancements
12
12
 
13
+ ## 1.5.1 / 2014-03-27
14
+
15
+ ### Bug Fixes
16
+
17
+ * Only strip the drive name if it begins the string (#2176)
18
+
13
19
  ## 1.5.0 / 2014-03-24
14
20
 
15
21
  ### Minor Enhancements
@@ -4,9 +4,9 @@ Gem::Specification.new do |s|
4
4
  s.rubygems_version = '1.3.5'
5
5
 
6
6
  s.name = 'jekyll'
7
- s.version = '1.5.0'
7
+ s.version = '1.5.1'
8
8
  s.license = 'MIT'
9
- s.date = '2014-03-24'
9
+ s.date = '2014-03-28'
10
10
  s.rubyforge_project = 'jekyll'
11
11
 
12
12
  s.summary = "A simple, blog aware, static site generator."
@@ -163,6 +163,7 @@ Gem::Specification.new do |s|
163
163
  site/_posts/2013-12-16-jekyll-1-4-2-released.markdown
164
164
  site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
165
165
  site/_posts/2014-03-24-jekyll-1-5-0-released.markdown
166
+ site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
166
167
  site/css/gridism.css
167
168
  site/css/normalize.css
168
169
  site/css/pygments.css
@@ -292,6 +293,7 @@ Gem::Specification.new do |s|
292
293
  test/test_new_command.rb
293
294
  test/test_page.rb
294
295
  test/test_pager.rb
296
+ test/test_path_sanitization.rb
295
297
  test/test_post.rb
296
298
  test/test_rdiscount.rb
297
299
  test/test_redcarpet.rb
@@ -63,7 +63,7 @@ require_all 'jekyll/tags'
63
63
  SafeYAML::OPTIONS[:suppress_warnings] = true
64
64
 
65
65
  module Jekyll
66
- VERSION = '1.5.0'
66
+ VERSION = '1.5.1'
67
67
 
68
68
  # Public: Generate a Jekyll configuration Hash by merging the default
69
69
  # options with anything in _config.yml, and adding the given options on top.
@@ -103,7 +103,7 @@ module Jekyll
103
103
  # Returns a pure and clean path
104
104
  def self.sanitized_path(base_directory, questionable_path)
105
105
  clean_path = File.expand_path(questionable_path, "/")
106
- clean_path.gsub!(/\w\:\//, '/')
106
+ clean_path.gsub!(/\A\w\:\//, '/')
107
107
  unless clean_path.start_with?(base_directory)
108
108
  File.join(base_directory, clean_path)
109
109
  else
@@ -0,0 +1,26 @@
1
+ ---
2
+ layout: news_item
3
+ title: 'Jekyll 1.5.1 Released'
4
+ date: 2014-03-27 22:43:48 -0400
5
+ author: parkr
6
+ version: 1.5.1
7
+ categories: [release]
8
+ ---
9
+
10
+ The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our
11
+ `Jekyll.sanitized_path` code:
12
+
13
+ {% highlight ruby %}
14
+ > sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
15
+ => "/tmp/foobar/jail/../../../etc/passwd"
16
+ {% endhighlight %}
17
+
18
+ Well, we can't have that! In 1.5.1, you'll instead see:
19
+
20
+ {% highlight ruby %}
21
+ > sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
22
+ => "/tmp/foobar/jail/etc/passwd"
23
+ {% endhighlight %}
24
+
25
+ Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for
26
+ the masses. Thanks, Greg!
@@ -0,0 +1,18 @@
1
+ require 'helper'
2
+
3
+ class TestPathSanitization < Test::Unit::TestCase
4
+ context "on Windows with absolute source" do
5
+ setup do
6
+ @source = "C:/Users/xmr/Desktop/mpc-hc.org"
7
+ @dest = "./_site/"
8
+ stub(Dir).pwd { "C:/Users/xmr/Desktop/mpc-hc.org" }
9
+ end
10
+ should "strip drive name from path" do
11
+ assert_equal "C:/Users/xmr/Desktop/mpc-hc.org/_site", Jekyll.sanitized_path(@source, @dest)
12
+ end
13
+
14
+ should "strip just the initial drive name" do
15
+ assert_equal "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd", Jekyll.sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
16
+ end
17
+ end
18
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jekyll
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Preston-Werner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-24 00:00:00.000000000 Z
11
+ date: 2014-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: liquid
@@ -493,6 +493,7 @@ files:
493
493
  - site/_posts/2013-12-16-jekyll-1-4-2-released.markdown
494
494
  - site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
495
495
  - site/_posts/2014-03-24-jekyll-1-5-0-released.markdown
496
+ - site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
496
497
  - site/css/gridism.css
497
498
  - site/css/normalize.css
498
499
  - site/css/pygments.css
@@ -619,6 +620,7 @@ files:
619
620
  - test/test_new_command.rb
620
621
  - test/test_page.rb
621
622
  - test/test_pager.rb
623
+ - test/test_path_sanitization.rb
622
624
  - test/test_post.rb
623
625
  - test/test_rdiscount.rb
624
626
  - test/test_redcarpet.rb
@@ -665,6 +667,7 @@ test_files:
665
667
  - test/test_new_command.rb
666
668
  - test/test_page.rb
667
669
  - test/test_pager.rb
670
+ - test/test_path_sanitization.rb
668
671
  - test/test_post.rb
669
672
  - test/test_rdiscount.rb
670
673
  - test/test_redcarpet.rb