summaryrefslogtreecommitdiff
path: root/test/webrick/test_filehandler.rb
AgeCommit message (Collapse)Author
2008-05-20* lib/webrick/httpservlet/filehandler.rb: should normalize pathgotoyuzo
name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-03-03merge revision(s) 15677:shyouhei
* lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-18This commit was manufactured by cvs2svn to create branch 'ruby_1_8'.(no author)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7783 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 16:23:00 +0000