diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2016-05-09 19:33:42 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2016-05-09 19:33:42 -0300 |
| commit | 22e4f3f8999e3cac63500b5689975d3a147c679c (patch) | |
| tree | fc57bc8ce5f61f07ec388f3507feef219cb8a6f0 | |
| parent | f338bb5b50314870f8ba3bb79207c6ace2e9e61e (diff) | |
| parent | 31bc9f27c8c689a19d0013ad92e088b80642ce64 (diff) | |
| download | rails-22e4f3f8999e3cac63500b5689975d3a147c679c.tar.gz rails-22e4f3f8999e3cac63500b5689975d3a147c679c.tar.bz2 rails-22e4f3f8999e3cac63500b5689975d3a147c679c.zip | |
Merge pull request #24936 from jkowens/path_check
use Rack::Utils.valid_path? to check path
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/static.rb | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb index 41c220236a..2c5721dc22 100644 --- a/actionpack/lib/action_dispatch/middleware/static.rb +++ b/actionpack/lib/action_dispatch/middleware/static.rb @@ -27,8 +27,8 @@ module ActionDispatch # in the server's `public/` directory (see Static#call). def match?(path) path = ::Rack::Utils.unescape_path path - return false unless valid_path?(path) - path = Rack::Utils.clean_path_info path + return false unless ::Rack::Utils.valid_path? path + path = ::Rack::Utils.clean_path_info path paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"] @@ -94,10 +94,6 @@ module ActionDispatch false end end - - def valid_path?(path) - path.valid_encoding? && !path.include?("\0") - end end # This middleware will attempt to return the contents of a file's body from |