kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* lib/webrick/httpservlet/filehandler.rb: should normalize path

Browse source 
name in path_info to prevent script disclosure vulnerability on
  DOSISH filesystems. (fix: CVE-2008-1891)
  Note: NTFS/FAT filesystem should not be published by the platforms
  other than Windows. Pathname interpretation (including short
  filename) is less than perfect.

* lib/webrick/httpservlet/abstract.rb
  (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
  should escape the value of Location: header.

* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
  command line arguments.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2008-05-18 13:33:24 +00:00
parent a0e236f606
commit 8ee3267d26
7 changed files with 152 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/webrick/httpservlet/abstract.rb
View file

@ -58,7 +58,7 @@ module WEBrick
def redirect_to_directory_uri(req, res)
if req.path[-1] != ?/
location = req.path + "/"
location = WEBrick::HTTPUtils.escape_path(req.path + "/")
if req.query_string && req.query_string.size > 0
location << "?" << req.query_string
end