Sha256: b3ea4db68bbfa32f2e6abf7231d913aec6b03cdf6d3dc14493a56175b268a9bf

Contents?: true

Size: 989 Bytes

Versions: 55

Compression:

Stored size: 989 Bytes

Contents

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Directory traversal
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Directory_traversal
    #
    # Unescapes '/' and '.', expands +path_info+.
    # Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
    class PathTraversal < Base
      def call(env)
        path_was         = env["PATH_INFO"]
        env["PATH_INFO"] = cleanup path_was if path_was
        app.call env
      ensure
        env["PATH_INFO"] = path_was
      end

      def cleanup(path)
        parts     = []
        unescaped = path.gsub('%2e', '.').gsub('%2f', '/')

        unescaped.split('/').each do |part|
          next if part.empty? or part == '.'
          part == '..' ? parts.pop : parts << part
        end

        cleaned = '/' << parts.join('/')
        cleaned << '/' if parts.any? and unescaped =~ /\/\.{0,2}$/
        cleaned
      end
    end
  end
end

Version data entries

55 entries across 55 versions & 4 rubygems

Version Path
classiccms-0.7.5 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.7.4 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.7.3 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.7.2 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.7.1 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.7.0 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.9 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.8 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.7 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.6 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.5 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.4 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.3 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.2 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.1 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.6.0 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.5.17 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.5.16 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.5.15 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb
classiccms-0.5.14 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/path_traversal.rb