ruby.git - Ruby GIT repository

diff options

author	gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-05-18 13:33:24 +0000
committer	gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-05-18 13:33:24 +0000
commit	7c9261e4de3a6ab6f20789544c0978103ec544a4 (patch)
tree	ab207c998e2a68cf76acf734851bc00aa14d7d46 /encoding.c
parent	81ba64bd417da0de8a4e22352e9d536d76419c98 (diff)
download	ruby-7c9261e4de3a6ab6f20789544c0978103ec544a4.tar.gz ruby-7c9261e4de3a6ab6f20789544c0978103ec544a4.tar.xz ruby-7c9261e4de3a6ab6f20789544c0978103ec544a4.zip

* lib/webrick/httpservlet/filehandler.rb: should normalize path

name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Diffstat (limited to 'encoding.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: