* lib/webrick/httpservlet/filehandler.rb

(prevent_directory_traversal): apply filesystem encoding to path only during calling File.expand_path. [ruby-dev:41423] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2010-06-17 16:26:00 +00:00 · 2010-06-17 16:26:00 +00:00 · ab408009fc
commit ab408009fc
parent 2db572514c
2 changed files with 12 additions and 2 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Fri Jun 18 01:22:55 2010  Yusuke Endoh  <mame@tsg.ne.jp>
+
+	* lib/webrick/httpservlet/filehandler.rb
+	  (prevent_directory_traversal): apply filesystem encoding to path
+	  only during calling File.expand_path.  [ruby-dev:41423]
+
 Thu Jun 17 23:20:14 2010  Yusuke Endoh  <mame@tsg.ne.jp>

 	* load.c (rb_load_internal): remove call to rb_realpath_internal
--- a/lib/webrick/httpservlet/filehandler.rb
+++ b/lib/webrick/httpservlet/filehandler.rb
@ -214,16 +214,20 @@ module WEBrick
        # character in URI notation. So the value of path_info should be
        # normalize before accessing to the filesystem.

+        # dirty hack for filesystem encoding; in nature, File.expand_path
+        # should not be used for path normalization.  [Bug #3345]
+        path = req.path_info.dup.force_encoding(Encoding.find("filesystem"))
        if trailing_pathsep?(req.path_info)
          # File.expand_path removes the trailing path separator.
          # Adding a character is a workaround to save it.
          #  File.expand_path("/aaa/")        #=> "/aaa"
          #  File.expand_path("/aaa/" + "x")  #=> "/aaa/x"
-          expanded = File.expand_path(req.path_info + "x")
+          expanded = File.expand_path(path + "x")
          expanded.chop!  # remove trailing "x"
        else
-          expanded = File.expand_path(req.path_info)
+          expanded = File.expand_path(path)
        end
+        expanded.force_encoding(req.path_info.encoding)
        req.path_info = expanded
      end