Project

General

Profile

« Previous | Next » 

Revision 9645f598

Added by gotoyuzo (GOTOU Yuuzou) almost 16 years ago

  • lib/webrick/httpservlet/filehandler.rb: should normalize path
    name in path_info to prevent script disclosure vulnerability on
    DOSISH filesystems. (fix: CVE-2008-1891)
    Note: NTFS/FAT filesystem should not be published by the platforms
    other than Windows. Pathname interpretation (including short
    filename) is less than perfect.

  • lib/webrick/httpservlet/abstract.rb
    (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
    should escape the value of Location: header.

  • lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
    command line arguments.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e