From 4b3d99ccbe3adc909e667e2f50856228f9d5e589 Mon Sep 17 00:00:00 2001
From: Patrik Rak <patrik@raxoft.cz>
Date: Tue, 14 Jun 2022 16:39:46 +0200
Subject: [PATCH] Do not leak path when not found.

---
 lib/sinatra/base.rb | 2 +-
 test/static_test.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
index 8777a06f..1e55c5fb 100644
--- a/lib/sinatra/base.rb
+++ b/lib/sinatra/base.rb
@@ -1061,7 +1061,7 @@ module Sinatra
       if @app
         forward
       else
-        raise NotFound, "#{request.request_method} #{request.path_info}"
+        raise NotFound
       end
     end
 
diff --git a/test/static_test.rb b/test/static_test.rb
index 86c9dba3..232cd21c 100644
--- a/test/static_test.rb
+++ b/test/static_test.rb
@@ -81,10 +81,10 @@ class StaticTest < Minitest::Test
     assert not_found?
   end
 
-  it 'path is escaped in 404 error pages' do
+  it 'there is no path is 404 error pages' do
     env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
     _, _, body = @app.call(env)
-    assert_equal(["GET &#x2F;&lt;script&gt;"], body, "Unexpected response content.") 
+    assert_equal(["<h1>Not Found</h1>"], body, "Unexpected response content.")
   end
 
   it 'serves files when .. path traverses within public directory' do