diff options
| author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2021-12-16 17:12:13 +0300 |
|---|---|---|
| committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2021-12-17 11:50:28 +0300 |
| commit | 44954497bcb2d6d589b9340a43323663061c7b42 (patch) | |
| tree | 0d0d06b11e462ccff1a908c2b1c4dfd039b82787 /tpl/transform | |
| parent | 22ef5da20d1685dfe6aff3bd9364c9b1f1d0d8f8 (diff) | |
Always use content to resolve content type in resources.GetRemote
This is a security hardening measure; don't trust the URL extension or any `Content-Type`/`Content-Disposition` header on its own, always look at the file content using Go's `http.DetectContentType`.
This commit also adds ttf and otf media type definitions to Hugo.
Fixes #9302
Fixes #9301
Diffstat (limited to 'tpl/transform')
| -rw-r--r-- | tpl/transform/unmarshal.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tpl/transform/unmarshal.go b/tpl/transform/unmarshal.go index aa84ca1f8..c59269577 100644 --- a/tpl/transform/unmarshal.go +++ b/tpl/transform/unmarshal.go @@ -95,6 +95,10 @@ func (ns *Namespace) Unmarshal(args ...interface{}) (interface{}, error) { return nil, errors.Errorf("type %T not supported", data) } + if dataStr == "" { + return nil, errors.New("no data to transform") + } + key := helpers.MD5String(dataStr) return ns.cache.GetOrCreate(key, func() (interface{}, error) { |