Handle null byte when serving static files (#1574)
Handle null byte when serving requests for paths with null bytes.
This commit is contained in:
parent
1f29a6d3e3
commit
3cc2394a12
|
@ -1059,7 +1059,10 @@ module Sinatra
|
|||
# a matching file is found, returns nil otherwise.
|
||||
def static!(options = {})
|
||||
return if (public_dir = settings.public_folder).nil?
|
||||
path = File.expand_path("#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}" )
|
||||
path = "#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}"
|
||||
return unless valid_path?(path)
|
||||
|
||||
path = File.expand_path(path)
|
||||
return unless File.file?(path)
|
||||
|
||||
env['sinatra.static_file'] = path
|
||||
|
|
|
@ -59,6 +59,11 @@ class StaticTest < Minitest::Test
|
|||
assert not_found?
|
||||
end
|
||||
|
||||
it 'passes to the next handler when the path contains null bytes' do
|
||||
get "/foo%00"
|
||||
assert not_found?
|
||||
end
|
||||
|
||||
it 'passes to the next handler when the static option is disabled' do
|
||||
@app.set :static, false
|
||||
get "/#{File.basename(__FILE__)}"
|
||||
|
|
Loading…
Reference in New Issue