diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-03-03 14:32:03 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-03-03 14:32:03 +0000 |
commit | d3557aa349e447d4672fd07bdf61c16235b4a6bf (patch) | |
tree | b4b16512437361ebb710ff7d8d243d66c84a099d /lib/importenv.rb | |
parent | 58ee1e54b0fe87a7e2e9bf2731c4383e29876cf7 (diff) |
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@15677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/importenv.rb')
0 files changed, 0 insertions, 0 deletions