From e5f229974166402f51e4ee0695ffb4d1e09fa174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Erik=20Pedersen?= Date: Thu, 25 Jul 2019 00:12:40 +0200 Subject: Block symlink dir traversal for /static This is in line with how it behaved before, but it was lifted a little for the project mount for Hugo Modules, but that could create hard-to-detect loops. --- deps/deps.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'deps') diff --git a/deps/deps.go b/deps/deps.go index 8ef015ac9..aaed900e5 100644 --- a/deps/deps.go +++ b/deps/deps.go @@ -207,7 +207,7 @@ func New(cfg DepsCfg) (*Deps, error) { cfg.OutputFormats = output.DefaultFormats } - ps, err := helpers.NewPathSpec(fs, cfg.Language) + ps, err := helpers.NewPathSpec(fs, cfg.Language, logger) if err != nil { return nil, errors.Wrap(err, "create PathSpec") @@ -272,7 +272,7 @@ func (d Deps) ForLanguage(cfg DepsCfg, onCreated func(d *Deps) error) (*Deps, er l := cfg.Language var err error - d.PathSpec, err = helpers.NewPathSpecWithBaseBaseFsProvided(d.Fs, l, d.BaseFs) + d.PathSpec, err = helpers.NewPathSpecWithBaseBaseFsProvided(d.Fs, l, d.Log, d.BaseFs) if err != nil { return nil, err } -- cgit v1.2.3