Flowdock
method

prevent_directory_traversal

Importance_0
prevent_directory_traversal(req, res) private

No documentation

This method has no description. You can help the Ruby community by adding new notes.

Hide source
# File lib/webrick/httpservlet/filehandler.rb, line 211
      def prevent_directory_traversal(req, res)
        # Preventing directory traversal on Windows platforms;
        # Backslashes (0x5c) in path_info are not interpreted as special
        # character in URI notation. So the value of path_info should be
        # normalize before accessing to the filesystem.

        if trailing_pathsep?(req.path_info)
          # File.expand_path removes the trailing path separator.
          # Adding a character is a workaround to save it.
          #  File.expand_path("/aaa/")        #=> "/aaa"
          #  File.expand_path("/aaa/" + "x")  #=> "/aaa/x"
          expanded = File.expand_path(req.path_info + "x")
          expanded.chop!  # remove trailing "x"
        else
          expanded = File.expand_path(req.path_info)
        end
        req.path_info = expanded
      end
Register or log in to add new notes.