* lib/webrick/httpservlet/filehandler.rb: should normalize path

name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2008-05-18 13:33:24 +00:00 · 2008-05-18 13:33:24 +00:00 · 8ee3267d26
commit 8ee3267d26
parent a0e236f606
7 changed files with 152 additions and 33 deletions
--- a/test/webrick/test_cgi.rb
+++ b/test/webrick/test_cgi.rb
@ -1,20 +1,13 @@
 require "webrick"
 require File.join(File.dirname(__FILE__), "utils.rb")
 require "test/unit"
-begin
-  loadpath = $:.dup
-  $:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))])
-  require 'envutil'
-ensure
-  $:.replace(loadpath)
-end

 class TestWEBrickCGI < Test::Unit::TestCase
  def test_cgi
    accepted = started = stopped = 0
    requested0 = requested1 = 0
    config = {
-      :CGIInterpreter => EnvUtil.rubybin,
+      :CGIInterpreter => TestWEBrick::RubyBin,
      :DocumentRoot => File.dirname(__FILE__),
      :DirectoryIndex => ["webrick.cgi"],
      :RequestHandler => Proc.new{|req, res|