diff options
| author | Anthony Fok <foka@debian.org> | 2015-09-13 06:36:08 -0600 |
|---|---|---|
| committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2015-09-13 18:08:42 +0200 |
| commit | e71bef79e504f8a016652380ad4c0ca89a2b8898 (patch) | |
| tree | bec7ec563ccd360f4f343304f1bc100805ddd5e9 /hugolib | |
| parent | db85299c0039fd13fd18067236e6f3b27e167fb7 (diff) | |
Validate aliases to prevent directory traversal etc.
Add validation before creating aliases:
* Prevent creating aliases outside webroot (public/ dir)
* Skip empty "" alias
* Skip "/" → "/index.html", which gets overwritten anyway
* Refuse to create Windows-invalid filenames on Windows;
warn on other platforms
* In case of invalid aliases, after skipping them,
return `err = nil` to prevent the error passing up
all the way to `hugolib.Render()` and causing Hugo to abort.
* Update alias tests.
Fixes #701: Add support for alias with whitespace
Fixes #1418: Add validation for alias
Diffstat (limited to 'hugolib')
| -rw-r--r-- | hugolib/site.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/hugolib/site.go b/hugolib/site.go index 3ac00d0d7..4cf31e4ab 100644 --- a/hugolib/site.go +++ b/hugolib/site.go @@ -242,6 +242,7 @@ func (s *Site) Build() (err error) { return } if err = s.Render(); err != nil { + // Better reporting when the template is missing (commit 2bbecc7b) jww.ERROR.Printf("Error rendering site: %s\nAvailable templates:\n", err) for _, template := range s.Tmpl.Templates() { jww.ERROR.Printf("\t%s\n", template.Name()) @@ -1566,7 +1567,7 @@ func (s *Site) WriteDestPage(path string, reader io.Reader) (err error) { } func (s *Site) WriteDestAlias(path string, permalink template.HTML) (err error) { - jww.DEBUG.Println("alias created at:", path) + jww.DEBUG.Println("creating alias:", path) return s.AliasTarget().Publish(path, permalink) } |