diff options
| author | Samy Pessé <samypesse@gmail.com> | 2015-09-15 11:09:08 +0200 |
|---|---|---|
| committer | Samy Pessé <samypesse@gmail.com> | 2015-09-15 11:09:08 +0200 |
| commit | baf10e9b159b64c30ce650c83eb437675434e3e2 (patch) | |
| tree | 583fc00922e6ca52fea87947af0b4d5703aabf7d /lib/book.js | |
| parent | 463a947df1e5c8c862c555a5b0ae675e356a0d5c (diff) | |
| download | gitbook-baf10e9b159b64c30ce650c83eb437675434e3e2.zip gitbook-baf10e9b159b64c30ce650c83eb437675434e3e2.tar.gz gitbook-baf10e9b159b64c30ce650c83eb437675434e3e2.tar.bz2 | |
Improve book.resolve to ensure file is in the book
Adapt tests to plugin-highlight
Diffstat (limited to 'lib/book.js')
| -rw-r--r-- | lib/book.js | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/lib/book.js b/lib/book.js index b306c51..980e505 100644 --- a/lib/book.js +++ b/lib/book.js @@ -630,21 +630,27 @@ Book.prototype.findFile = function(filename) { // Check if a file exists in the book Book.prototype.fileExists = function(filename) { return fs.exists( - path.join(this.root, filename) + this.resolve(filename) ); }; +// Check if a file path is inside the book +Book.prototype.fileIsInBook = function(filename) { + filename = path.normalize(filename); + return (filename.substr(0, this.root.length) === this.root); +}; + // Read a file Book.prototype.readFile = function(filename) { return fs.readFile( - path.join(this.root, filename), + this.resolve(filename), { encoding: "utf8" } ); }; // Return stat for a file Book.prototype.statFile = function(filename) { - return fs.stat(path.join(this.root, filename)); + return fs.stat(this.resolve(filename)); }; // List all files in the book @@ -702,9 +708,34 @@ Book.prototype.isEntryPoint = function(fp) { return fp == this.readmeFile; }; -// Resolve a path in book -Book.prototype.resolve = function(p) { - return path.resolve(this.root, p); +// Alias to book.config.get +Book.prototype.getConfig = function(key, def) { + return this.config.get(key, def); +}; + +// Resolve a path in the book source +// Enforce that the output path in the root folder +Book.prototype.resolve = function() { + var input = _.chain(arguments) + .toArray() + .reduce(function(current, p) { + // Handle path relative to book root ('/README.md') + if (p[0] == '/' || p[0] == '\\') return p.slice(1); + + return path.join(current, p); + }) + .value(); + + + var result = path.resolve(this.root, input); + + if (!this.fileIsInBook(result)) { + err = new Error("EACCESS: '" + result + "' not in '" + this.root + "'"); + err.code = "EACCESS"; + throw err; + } + + return result }; // Normalize a path to .html and convert README -> index |