kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #24936 from jkowens/path_check

Browse source 
use Rack::Utils.valid_path? to check path
This commit is contained in:
Santiago Pastorino 2016-05-09 19:33:42 -03:00
commit 22e4f3f899
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
actionpack/lib/action_dispatch/middleware/static.rb
View file

@ -27,8 +27,8 @@ module ActionDispatch
# in the server's `public/` directory (see Static#call).
def match?(path)
path = ::Rack::Utils.unescape_path path
return false unless valid_path?(path)
path = Rack::Utils.clean_path_info path
return false unless ::Rack::Utils.valid_path? path
path = ::Rack::Utils.clean_path_info path
paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
@ -94,10 +94,6 @@ module ActionDispatch
false
end
end
def valid_path?(path)
path.valid_encoding? && !path.include?("\0")
end
end
# This middleware will attempt to return the contents of a file's body from