diff options
| author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-22 01:08:00 +0000 |
|---|---|---|
| committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-22 01:08:00 +0000 |
| commit | 1ad355bd53653161e705e7d919b3ad1ea793a3f5 (patch) | |
| tree | edb1aa2c3dbf5399256bdc12a94b60c38a43ec4b /ext/socket | |
| parent | 1989371d10bccc2a1e6e9b31bd17992899870372 (diff) | |
webrick/httpservlet/*handler: use File.open
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/socket')
0 files changed, 0 insertions, 0 deletions