mirrors/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-04-27 22:21:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Block symlink dir traversal for /static

Browse source 
This is in line with how it behaved before, but it was lifted a little for the project mount for Hugo Modules,
but that could create hard-to-detect loops.
This commit is contained in:
Bjørn Erik Pedersen 2019-07-25 00:12:40 +02:00
parent 87a07282a2
commit e5f2299741
24 changed files with 320 additions and 130 deletions
Download patch file Download diff file Expand all files Collapse all files

6
helpers/path_test.go
View file

@ -60,7 +60,7 @@ func TestMakePath(t *testing.T) {
v.Set("removePathAccents", test.removeAccents)
l := langs.NewDefaultLanguage(v)
p, err := NewPathSpec(hugofs.NewMem(v), l)
p, err := NewPathSpec(hugofs.NewMem(v), l, nil)
require.NoError(t, err)
output := p.MakePath(test.input)
@ -73,7 +73,7 @@ func TestMakePath(t *testing.T) {
func TestMakePathSanitized(t *testing.T) {
v := newTestCfg()
p, _ := NewPathSpec(hugofs.NewMem(v), v)
p, _ := NewPathSpec(hugofs.NewMem(v), v, nil)
tests := []struct {
input string
@ -101,7 +101,7 @@ func TestMakePathSanitizedDisablePathToLower(t *testing.T) {
v.Set("disablePathToLower", true)
l := langs.NewDefaultLanguage(v)
p, _ := NewPathSpec(hugofs.NewMem(v), l)
p, _ := NewPathSpec(hugofs.NewMem(v), l, nil)
tests := []struct {
input string