merge revision(s) 15677:

* lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-03-03 14:36:04 +0000
committer: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-03-03 14:36:04 +0000
commit: 702da30a9c38197edb7e5c6ea77f0d06e1cd35f5 (patch)
tree: 83ffc37d4ac6b1d3a7e0ad29b800bd040bc61edb /ChangeLog
parent: 2024133681cd0098404f21ea62529b1985de31fe (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index c566db386f..c9c5de4d59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Mon Mar  3 23:34:13 2008  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httpservlet/filehandler.rb: should normalize path
+	  separators in path_info to prevent directory traversal attacks
+	  on DOSISH platforms.
+	  reported by Digital Security Research Group [DSECRG-08-026].
+
+	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
+	  not to be published should be checked case-insensitively.
+
 Mon Dec  3 08:13:52 2007  Kouhei Sutou  <kou@cozmixng.org>
 
 	* test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb,
author	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-03-03 14:36:04 +0000
committer	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-03-03 14:36:04 +0000
commit	702da30a9c38197edb7e5c6ea77f0d06e1cd35f5 (patch)
tree	83ffc37d4ac6b1d3a7e0ad29b800bd040bc61edb /ChangeLog
parent	2024133681cd0098404f21ea62529b1985de31fe (diff)