kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Merge pull request #1379 from orangetw/master

Browse source 
enhanced path validation in Windows
This commit is contained in:
namusyaka 2018-02-11 15:49:21 +09:00 committed by GitHub
commit 6bcc6c3499
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
rack-protection/lib/rack/protection/path_traversal.rb
View file

@ -24,14 +24,17 @@ module Rack
encoding = path.encoding encoding = path.encoding
dot = '.'.encode(encoding) dot = '.'.encode(encoding)
slash = '/'.encode(encoding) slash = '/'.encode(encoding)
backslash = '\\'.encode(encoding)
else else
# Ruby 1.8 # Ruby 1.8
dot = '.' dot = '.'
slash = '/' slash = '/'
backslash = '\\'
end end
parts = [] parts = []
unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash) unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i, backslash)
unescaped = unescaped.gsub(backslash, slash)
unescaped.split(slash).each do |part| unescaped.split(slash).each do |part|
next if part.empty? or part == dot next if part.empty? or part == dot