wiki.ohea.xyz/gollum
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Guard against malicious file names

Browse Source
This commit is contained in:
Dawa Ometto
2020-12-01 22:21:54 +01:00
parent 3f7fd21d4a
commit 137728cdab
5 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/gollum/views/overview.rb
+2 -2
View File
@@ -25,9 +25,9 @@ module Precious
title = crumb.basename
if title == path.basename
breadcrumb << %{<li class="breadcrumb-item" aria-current="page">#{title}</li>}
breadcrumb << %{<li class="breadcrumb-item" aria-current="page">#{CGI.escape(title.to_s)}</li>}
else
breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{title}</a></li>}
breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{CGI.escape(title.to_s)}</a></li>}
end
end
breadcrumb << %{</ol></nav>}
lib/gollum/views/page.rb
+1 -1
View File
@@ -32,7 +32,7 @@ module Precious
path.descend do |crumb|
element = "#{crumb.basename}"
next if element == @page.title
breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{element}</a></li>}
breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{CGI.escape(element.to_s)}</a></li>}
end
breadcrumb << %{</ol></nav>}
breadcrumb.join("\n")