ruby-cvs:22920
From: shyouhei ruby-lang.org
Date: Mon, 3 Mar 2008 23:37:53 +0900 (JST)
Subject: [ruby-cvs:22920] Ruby:r15680 (ruby_1_8_5): merge revision(s) 15677:
shyouhei 2008-03-03 23:37:52 +0900 (Mon, 03 Mar 2008)
New Revision: 15680
Modified files:
branches/ruby_1_8_5/ChangeLog
branches/ruby_1_8_5/lib/webrick/httpservlet/filehandler.rb
branches/ruby_1_8_5/test/webrick/test_filehandler.rb
branches/ruby_1_8_5/version.h
Log:
merge revision(s) 15677:
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/test/webrick/test_filehandler.rb?r1=15680&r2=15679&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/version.h?r1=15680&r2=15679&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/lib/webrick/httpservlet/filehandler.rb?r1=15680&r2=15679&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/ChangeLog?r1=15680&r2=15679&diff_format=u