lib/capcode/render/static.rb in Capcode-0.8.1 vs lib/capcode/render/static.rb in Capcode-0.8.2
- old
+ new
@@ -1,9 +1,9 @@
module Capcode
module Helpers
def render_static( f, _ )
- if Capcode.static.nil?
- return [404, {}, ""]
+ if Capcode.static.nil? or f.include? '..'
+ return [403, {}, '403 - Invalid path']
end
redirect File.join( Capcode.static, f )
end
end
end
\ No newline at end of file