kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
ruby--ruby/lib/webrick/httpservlet/abstract.rb
gotoyuzo 8ee3267d26 * lib/webrick/httpservlet/filehandler.rb: should normalize path 
name in path_info to prevent script disclosure vulnerability on
  DOSISH filesystems. (fix: CVE-2008-1891)
  Note: NTFS/FAT filesystem should not be published by the platforms
  other than Windows. Pathname interpretation (including short
  filename) is less than perfect.

* lib/webrick/httpservlet/abstract.rb
  (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
  should escape the value of Location: header.

* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
  command line arguments.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-05-18 13:33:24 +00:00

71 lines
1.8 KiB
Ruby
Raw Blame History

#
# httpservlet.rb -- HTTPServlet Module
#
# Author: IPR -- Internet Programming with Ruby -- writers
# Copyright (c) 2000 TAKAHASHI Masayoshi, GOTOU Yuuzou
# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
# reserved.
#
# $IPR: abstract.rb,v 1.24 2003/07/11 11:16:46 gotoyuzo Exp $
require 'thread'
require 'webrick/htmlutils'
require 'webrick/httputils'
require 'webrick/httpstatus'
module WEBrick
module HTTPServlet
class HTTPServletError < StandardError; end
class AbstractServlet
def self.get_instance(config, *options)
self.new(config, *options)
end
def initialize(server, *options)
@server = @config = server
@logger = @server[:Logger]
@options = options
end
def service(req, res)
method_name = "do_" + req.request_method.gsub(/-/, "_")
if respond_to?(method_name)
__send__(method_name, req, res)
else
raise HTTPStatus::MethodNotAllowed,
"unsupported method `#{req.request_method}'."
end
end
def do_GET(req, res)
raise HTTPStatus::NotFound, "not found."
end
def do_HEAD(req, res)
do_GET(req, res)
end
def do_OPTIONS(req, res)
m = self.methods.grep(/^do_[A-Z]+$/)
m.collect!{|i| i.sub(/do_/, "") }
m.sort!
res["allow"] = m.join(",")
end
private
def redirect_to_directory_uri(req, res)
if req.path[-1] != ?/
location = WEBrick::HTTPUtils.escape_path(req.path + "/")
if req.query_string && req.query_string.size > 0
location << "?" << req.query_string
end
res.set_redirect(HTTPStatus::MovedPermanently, location)
end
end
end
end
end
View git blame Copy permalink