lib/include/class_knjappserver_web.rb in knjappserver-0.0.19 vs lib/include/class_knjappserver_web.rb in knjappserver-0.0.20
- old
+ new
@@ -1,8 +1,12 @@
class Knjappserver
#Imports a .rhtml-file and executes it.
def import(filepath)
+ if filepath.to_s.index("../proc/self") != nil
+ raise Knj::Errors::NoAccess, "Possible attempt to hack the appserver."
+ end
+
_httpsession.eruby.import(filepath)
end
#Redirects to another URL.
def redirect(url, args = {})
@@ -120,8 +124,9 @@
end
end
#Returns the socket-port the appserver is currently running on.
def port
+ raise "Http-server not spawned yet. Call Knjappserver#start to spawn it." if !@httpserv
return @httpserv.server.addr[1]
end
end
\ No newline at end of file