Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix #2684 -- prevent writing cache files outside of the cache folder
Signed-off-by: Chris Warrick <kwpolska@gmail.com>
  • Loading branch information
Kwpolska committed Feb 25, 2017
1 parent ca1ab1b commit 937d93e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGES.txt
Expand Up @@ -18,6 +18,8 @@ Features
Bugfixes
--------

* Prevent writing cache files outside of the cache folder
(Issue #2684)
* Fix mimetype guessing in auto mode (Issue #2645)
* Fix filters.html5lib_xmllike for laters html5lib (Issue #2648)
* Skip the current post in post lists (Issue #2666)
Expand Down
3 changes: 3 additions & 0 deletions nikola/post.py
Expand Up @@ -118,6 +118,9 @@ def __init__(
self.pretty_urls = self.config['PRETTY_URLS']
self.source_path = source_path # posts/blah.txt
self.post_name = os.path.splitext(source_path)[0] # posts/blah
_relpath = os.path.relpath(self.post_name)
if _relpath != self.post_name:
self.post_name = _relpath.replace('..' + os.sep, '_..' + os.sep)
# cache[\/]posts[\/]blah.html
self.base_path = os.path.join(self.config['CACHE_FOLDER'], self.post_name + ".html")
# cache/posts/blah.html
Expand Down

0 comments on commit 937d93e

Please sign in to comment.