Skip to content
  • 卜部昌平's avatar
    702da30a
    merge revision(s) 15677: · 702da30a
    卜部昌平 authored 
    	* lib/webrick/httpservlet/filehandler.rb: should normalize path
	  separators in path_info to prevent directory traversal attacks
	  on DOSISH platforms.
	  reported by Digital Security Research Group [DSECRG-08-026].
	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
	  not to be published should be checked case-insensitively.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
    702da30a
    merge revision(s) 15677:
    卜部昌平 authored 
    	* lib/webrick/httpservlet/filehandler.rb: should normalize path
	  separators in path_info to prevent directory traversal attacks
	  on DOSISH platforms.
	  reported by Digital Security Research Group [DSECRG-08-026].
	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
	  not to be published should be checked case-insensitively.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e