kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Do not leak path when not found.

This commit is contained in:
Patrik Rak 2022-06-14 16:39:46 +02:00
parent 029e27dfb6
commit 4b3d99ccbe
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/sinatra/base.rb
View File

@ -1061,7 +1061,7 @@ module Sinatra
if @app
forward
else
raise NotFound, "#{request.request_method} #{request.path_info}"
raise NotFound
end
end

4
test/static_test.rb
View File

@ -81,10 +81,10 @@ class StaticTest < Minitest::Test
assert not_found?
end
it 'path is escaped in 404 error pages' do
it 'there is no path is 404 error pages' do
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
_, _, body = @app.call(env)
assert_equal(["GET &#x2F;&lt;script&gt;"], body, "Unexpected response content.")
assert_equal(["<h1>Not Found</h1>"], body, "Unexpected response content.")
end
it 'serves files when .. path traverses within public directory' do