Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leave aliases unsanitized, allowing whitespace etc. #1417

Closed
wants to merge 1 commit into from
Closed

Leave aliases unsanitized, allowing whitespace etc. #1417

wants to merge 1 commit into from

Conversation

anthonyfok
Copy link
Member

so that user-created aliases like these:

aliases = [ "/wiki/Some Page/", "/wiki/Some+Page/" ]

would work as expected.

Fixes #701: Add support for alias with whitespace

@anthonyfok
Leave aliases unsanitized, allowing whitespace etc.
2db3576 
so that user-created aliases like these:

    aliases = [ "/wiki/Some Page/", "/wiki/Some+Page/" ]

would work as expected.

Fixes #701: Add support for alias with whitespace
@anthonyfok anthonyfok mentioned this pull request Sep 10, 2015
Closed
@anthonyfok
Copy link
Member Author

This Pull Request, at least in this current early form, is more for facilitating discussions and testing for Issue #701 than for committing into master. Even though this patch does not cause Issue #1418, I think we need some more checks of an alias path to prevent any potential security hole.

@marekr
Copy link

marekr commented Sep 11, 2015

What would happen on Windows if you try to create an alias with an question mark in its path which is fine on Linux but not on Windows. Would golang or hugo barf cleanly?

@anthonyfok
Copy link
Member Author

Even if you could add a question mark ? to a filename, a webserver would treat whatever comes after ? as query string and would not be able to find the static filename that you created.

In cases like this, some kind of rewrite rule is needed for the web server anyway. For example, something like this worked for me (Apache 2.4):

RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteCond %{QUERY_STRING} !=""
RewriteRule ^(.*)$ $1\%3F%{QUERY_STRING} [L]

Or, for this to work on Windows platform, it would be easier to just change the ? to an _ (underscore), for example, as provided by the answer in http://stackoverflow.com/questions/4033546/apache-allow-filenames-with

(I simply changed _ to \%3F to see if it works, and it does in Linux.)

For curiosity sake, what platform are you using? And what kind of aliases with query string that you want to create?

@marekr
Copy link

marekr commented Sep 12, 2015

I don't want aliases with query strings, I'm simply just pointing out the Windows platform may have funny behavior if the bad characters aren't identified and a direct error message thrown to the user.

I myself use Windows for testing but the final server runs Linux but it doesn't use apache. The current behavior of HTML file generation is actually really convenient for redirects rather than rules because of that.

@anthonyfok
Copy link
Member Author

Thanks for your advice, @marekr.

I have just made pull request #1427, which supersedes this one, with added validation.

@anthonyfok anthonyfok closed this Sep 13, 2015
@anthonyfok anthonyfok deleted the allow-whitespace-in-aliases branch September 14, 2015 05:18
bep added a commit that referenced this pull request Apr 20, 2021
@bep
Squashed 'docs/' changes from 9cece6640..fb551cc75
07b8d94 
fb551cc75 Update index.md
7af894857 Update index.md
d235753ea Hugo 0.82.1
e03e72deb Merge branch 'temp0821'
e62648961 Merge branch 'release-0.82.1'
e1ab0f6eb releaser: Add release notes to /docs for release of 0.82.1
5d354c38d Replaced ``` code blocks with Code Toggler
c9d065c20 Remove duplicate YAML keys (#1420)
8ae31e701 Add webp image encoding support
848f2af26 Update internal.md (#1407)
c103a86a4 Fix `ref` shortcode example output (#1409)
9f8ba56dc Remove leading dot from where function KEY (#1419)
363251a51 Improve presentation of template lookup order (#1382)
b73da986d Improve description of Page Resources (#1381)
4e0bb96d5 Rework robots.txt page (#1405)
edf893e6f Update migrations.md (#1412)
450f1580b Add link to `site` function doc (#1417)
cfffa6e6f Added one extension to the list (#1414)
05f1665a0 Update theme
5de0b1c6a Update theme
250e20552 Add hugo.IsExtended
dea5e1fd7 Fix typo on merge function page (#1408)
1bbed2cf3 Update configuration.md
be0b64a46 Omit ISO
cbb5b8367 Fix `dateFormat` documentation
698f15466 Regenerate the docshelper
f9a8a7cb6 Update multilingual.md
a22dc6267 Fix grammar (#1398)
eb98b0997 Fix pretty URL example (#1397)
f4c4153dc Mention date var complementation in post scheduling (#1396)
17fae284c Fix resources.ExecuteAsTemplate argument order (#1394)
97e2c2abb Use code-toggle shortcode in `multilingual.md` (#1388)
3a84929bb Harmonize capitalization (#1393)
17f15daa6 fix file naming used in example (#1392)
5d97b6a18 Add slice syntax to sections permalinks config
00665b97b Improve description of `site.md`
edcf5e3fc Fix example in `merge.md`
f275ab778 Update postprocess.md
9593e3991 Fix file name
59bd9656f Update postprocess.md
1172fb6d0 Update to theNewDynamic repository (#1263)
f5b5c1d2c Update Hugo container image
4f2e92f2a Adapt anchorize.md to Goldmark
98aa19073 Directly link to `highlight` shortcode (#1384)
4c75c2422 Fix header level
f15c06f23 markdownify: add note about render-hooks and .RenderString (#1281)
69c82eb68 Remove Blackfriday reference from shortcode desc (#1380)
36de478df Update description of ignoreFiles config setting (#1377)
6337699d8 Remove "Authors" page from documentation (#1371)
35e73ca90 fix indent in example (#1372)
d3f01f19a Remove opening body tag from header example (#1376)
341a5a7d8 Update index.md
c9bfdbee6 Release 0.82.0
119644949 releaser: Add release notes to /docs for release of 0.82.0
32efaed78 docs: Regenerate docs helper
dea5449a2 docs: Regen CLI docs
eeab18fce Merge commit '81689af79901f0cdaff765cda6322dd4a9a7ccb3'
d508a1259 Attributes for code fences should be placed after the lang indicator only
c80905cef deps: Update to esbuild v0.9.0
95350eb79 Add support for Google Analytics v4
02d36f9bc Allow markdown attribute lists to be used in title render hooks
7df220a64 Merge commit '9d31f650da964a52f05fc27b7fb99cf3e09778cf'
d80bf61b7 Fixes #7698.

git-subtree-dir: docs
git-subtree-split: fb551cc750faa83a1493b0e0d0898cd98ab74465
@github-actions
Copy link

github-actions bot commented Mar 1, 2022

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 1, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for alias with whitespace
2 participants
@anthonyfok @marekr