kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Do not leak path when not found.

Browse source
This commit is contained in:
Patrik Rak 2022-06-14 16:39:46 +02:00
parent 029e27dfb6
commit 4b3d99ccbe
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/sinatra/base.rb
View file

@ -1061,7 +1061,7 @@ module Sinatra
if @app
forward
else
raise NotFound, "#{request.request_method} #{request.path_info}"
raise NotFound
end
end

4
test/static_test.rb
View file

@ -81,10 +81,10 @@ class StaticTest < Minitest::Test
assert not_found?
end
it 'path is escaped in 404 error pages' do
it 'there is no path is 404 error pages' do
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
_, _, body = @app.call(env)
assert_equal(["GET &#x2F;&lt;script&gt;"], body, "Unexpected response content.")
assert_equal(["<h1>Not Found</h1>"], body, "Unexpected response content.")
end
it 'serves files when .. path traverses within public directory' do