mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-09-01 22:42:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Block symlink dir traversal for /static

Browse Source 
This is in line with how it behaved before, but it was lifted a little for the project mount for Hugo Modules,
but that could create hard-to-detect loops.
This commit is contained in:
Bjørn Erik Pedersen
2019-07-25 00:12:40 +02:00
parent 87a07282a2
commit e5f2299741
24 changed files with 320 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hugofs/fileinfo.go
View File

@@ -180,9 +180,20 @@ type FileMetaInfo interface {
type fileInfoMeta struct {
os.FileInfo
m FileMeta
}
// Name returns the file's name. Note that we follow symlinks,
// if supported by the file system, and the Name given here will be the
// name of the symlink, which is what Hugo needs in all situations.
func (fi *fileInfoMeta) Name() string {
if name := fi.m.Name(); name != "" {
return name
}
return fi.FileInfo.Name()
}
func (fi *fileInfoMeta) Meta() FileMeta {
return fi.m
}
@@ -295,3 +306,11 @@ func normalizeFilename(filename string) string {
}
return filename
}
func fileInfosToNames(fis []os.FileInfo) []string {
names := make([]string, len(fis))
for i, d := range fis {
names[i] = d.Name()
}
return names
}