Merge branch 'master' of https://github.com/jekyll/jekyll-sass-converter

parkr · parkr · commit 02dc12582176 · 2016-11-14T13:19:07.000-08:00
* 'master' of https://github.com/jekyll/jekyll-sass-converter: Update history to reflect merge of #55 [ci skip] Ok fine, Jekyll 2. Clean up our test matrix. Get our scripts in order. SCSS converter: expand @config["source"] to be "safer".
diff --git a/.travis.yml b/.travis.yml
@@ -3,19 +3,14 @@ language: ruby
 rvm:
 - 2.2.4
 - 2.1.8
-- ruby-head
 matrix:
-  allow_failures:
-    - rvm: ruby-head
   include:
-    - rvm: 1.9.3
-      env: JEKYLL_VERSION=2.5
-    - rvm: 2.3.0
-      env: JEKYLL_VERSION=3.1
+    - rvm: 2.3.1
+      env: JEKYLL_VERSION=3.3
 env:
   matrix:
     - JEKYLL_VERSION=2.5
-    - JEKYLL_VERSION=3.1
+    - JEKYLL_VERSION=3.3
 branches:
   only:
     - master
diff --git a/History.markdown b/History.markdown
@@ -7,6 +7,10 @@
 
   * Allow load_paths in safe mode with sanitization (#50)
 
+### Bug Fixes
+
+  * SCSS converter: expand @config["source"] to be "safer". (#55)
+
 ## 1.4.0 / 2015-12-25
 
 ### Minor Enhancements
diff --git a/lib/jekyll/converters/scss.rb b/lib/jekyll/converters/scss.rb
@@ -71,25 +71,25 @@ def user_sass_load_paths
       end
 
       def sass_dir_relative_to_site_source
-        Jekyll.sanitized_path(@config["source"], sass_dir)
+        Jekyll.sanitized_path(site_source, sass_dir)
       end
 
       def sass_load_paths
         paths = user_sass_load_paths + [sass_dir_relative_to_site_source]
 
         if safe?
           # Sanitize paths to prevent any attack vectors (.e.g. `/**/*`)
-          paths.map! { |path| Jekyll.sanitized_path(@config["source"], path) }
+          paths.map! { |path| Jekyll.sanitized_path(site_source, path) }
         end
 
         # Expand file globs (e.g. `node_modules/*/node_modules` )
-        Dir.chdir(@config["source"]) do
+        Dir.chdir(site_source) do
           paths = paths.map { |path| Dir.glob(path) }.flatten.uniq
 
           paths.map! do |path|
             if safe?
               # Sanitize again in case globbing was able to do something crazy.
-              Jekyll.sanitized_path(@config["source"], path)
+              Jekyll.sanitized_path(site_source, path)
             else
               File.expand_path(path)
             end
@@ -122,6 +122,11 @@ def convert(content)
       rescue ::Sass::SyntaxError => e
         raise SyntaxError.new("#{e.to_s} on line #{e.sass_line}")
       end
+
+      private
+      def site_source
+        @site_source ||= File.expand_path(@config["source"]).freeze
+      end
     end
   end
 end
diff --git a/script/spec b/script/spec
@@ -0,0 +1 @@
+test
diff --git a/script/test b/script/test
@@ -0,0 +1,2 @@
+#!/bin/bash
+bundle exec rspec $@

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/bash`
	`2`	`+bundle exec rspec $@`