hugo/hugolib
Anthony Fok e71bef79e5 Validate aliases to prevent directory traversal etc.
Add validation before creating aliases:

 * Prevent creating aliases outside webroot (public/ dir)
 * Skip empty "" alias
 * Skip "/" → "/index.html", which gets overwritten anyway
 * Refuse to create Windows-invalid filenames on Windows;
   warn on other platforms
 * In case of invalid aliases, after skipping them,
   return `err = nil` to prevent the error passing up
   all the way to `hugolib.Render()` and causing Hugo to abort.
 * Update alias tests.

Fixes #701: Add support for alias with whitespace
Fixes #1418: Add validation for alias
2015-09-13 18:08:42 +02:00
..
author.go author: fix doc 2015-03-07 00:10:00 +01:00
benchmark_test.go
datafiles_test.go Do not fail on unknown files in /data 2015-04-22 18:35:56 +02:00
handler_base.go hugolib: apply some Hugolint rules 2015-03-07 00:13:06 +01:00
handler_file.go Adding default handler & tests Fixes #147 2015-05-20 18:55:24 -04:00
handler_meta.go Adding default handler & tests Fixes #147 2015-05-20 18:55:24 -04:00
handler_page.go Remove superfluous p-tags around shortcodes 2015-06-21 22:51:12 +02:00
handler_test.go Adding default handler & tests Fixes #147 2015-05-20 18:55:24 -04:00
hugo.go Refactor Hugo version 2015-03-18 12:23:13 +01:00
media.go hugolib: apply some more Golint rules 2015-03-07 12:53:20 +01:00
menu.go Remove deprecated fields and methods for v0.15 2015-07-30 13:33:38 +02:00
menu_test.go fix TestHomeNodeMenu test 2015-07-14 21:31:47 +02:00
node.go Remove deprecated fields and methods for v0.15 2015-07-30 13:33:38 +02:00
page.go WordCount Summary support UTF-8 string 2015-09-12 15:41:17 +02:00
page_permalink_test.go Support Fish and Chips section 2015-05-28 23:05:17 +02:00
page_taxonomy_test.go hugolib: make Page implement the ReaderFrom interface 2015-04-03 21:41:24 +02:00
page_test.go Correct check of published boolean 2015-08-31 05:26:46 +02:00
page_time_integration_test.go
pageCache.go Move apply before cache put 2015-07-24 00:28:21 +02:00
pageCache_test.go Fix data races in sorting and Reverse 2015-07-23 12:43:57 +02:00
pageGroup.go Fix GroupBy function issues 2014-11-13 22:48:58 -05:00
pageGroup_test.go Fix various Windows-issues 2014-12-09 09:43:15 -05:00
pageSort.go Replace strings.Compare 2015-07-25 17:38:13 +02:00
pageSort_test.go Fix sort test and title sort 2015-07-25 17:22:46 +02:00
pagesPrevNext.go Correct initialisms as suggested by golint 2015-03-11 21:55:00 +01:00
pagesPrevNext_test.go Adding Prev/Next functionality to all lists of pages (sections, taxonomies, etc) 2014-11-27 23:15:25 -05:00
pagination.go Remove deprecated fields and methods for v0.15 2015-07-30 13:33:38 +02:00
pagination_test.go Remove deprecated fields and methods for v0.15 2015-07-30 13:33:38 +02:00
path_separators_test.go Update test logs for uniformity and consistency 2015-05-08 22:27:00 -04:00
path_separators_windows_test.go Update test logs for uniformity and consistency 2015-05-08 22:27:00 -04:00
permalinks.go Fix UTF8 permalink 2015-05-17 14:54:59 +02:00
permalinks_test.go Change permalink validation and substitution. 2014-11-02 00:43:01 -04:00
planner.go New targets & new renderers and write methods [WIP] 2014-11-04 00:39:37 -05:00
redis.cn.md [Docs] Copyediting 2015-01-28 18:02:40 -07:00
rss_test.go Stop Viper from leaking across many of the tests (now tests pass regardless of order tested) 2015-05-20 02:21:21 -04:00
scratch.go Add map support to scratch 2015-08-02 17:23:36 +02:00
scratch_test.go Add map support to scratch 2015-08-02 17:23:36 +02:00
shortcode.go Avoid panic in shortcode param handling 2015-08-07 20:08:23 +02:00
shortcode_test.go Avoid panic in shortcode param handling 2015-08-07 20:08:23 +02:00
shortcodeparser.go shortcodeparser: fix panic on slash following opening shortcode comment 2015-04-30 15:59:07 +02:00
shortcodeparser_test.go Apply gofmt -s 2015-03-05 23:57:38 +01:00
site.go Validate aliases to prevent directory traversal etc. 2015-09-13 18:08:42 +02:00
site_show_plan_test.go Stop Viper from leaking across many of the tests (now tests pass regardless of order tested) 2015-05-20 02:21:21 -04:00
site_test.go Complete the Url-to-URL transition in tests 2015-09-13 05:21:24 -06:00
site_url_test.go Stop Viper from leaking across many of the tests (now tests pass regardless of order tested) 2015-05-20 02:21:21 -04:00
siteinfo_test.go Stop Viper from leaking across many of the tests (now tests pass regardless of order tested) 2015-05-20 02:21:21 -04:00
siteJSONEncode_test.go Silence chatty JSON test 2015-06-06 20:57:13 +02:00
sitemap.go
sitemap_test.go Stop Viper from leaking across many of the tests (now tests pass regardless of order tested) 2015-05-20 02:21:21 -04:00
summary.go Big refactor of how source files are used. Also added default destination extension option. 2014-10-16 20:20:09 -04:00
taxonomy.go Add config option "disablePathToLower" 2015-09-01 15:26:02 +02:00
taxonomy_test.go