kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* lib/webrick/httpservlet/filehandler.rb: should normalize path

Browse source 
name in path_info to prevent script disclosure vulnerability on
  DOSISH filesystems. (fix: CVE-2008-1891)
  Note: NTFS/FAT filesystem should not be published by the platforms
  other than Windows. Pathname interpretation (including short
  filename) is less than perfect.

* lib/webrick/httpservlet/abstract.rb
  (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
  should escape the value of Location: header. 

* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
  command line arguments.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2008-05-18 13:33:57 +00:00
parent e650556b65
commit 9645f5983f
7 changed files with 152 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/webrick/httpservlet/cgi_runner.rb
View file

@ -39,7 +39,9 @@ dir = File::dirname(ENV["SCRIPT_FILENAME"])
Dir::chdir dir
if interpreter = ARGV[0]
exec(interpreter, ENV["SCRIPT_FILENAME"])
argv = ARGV.dup
argv << ENV["SCRIPT_FILENAME"]
exec(*argv)
# NOTREACHED
end
exec ENV["SCRIPT_FILENAME"]