test/static_test.rb in sinatra-sinatra-0.9.1 vs test/static_test.rb in sinatra-sinatra-0.9.1.1

@@ -60,6 +60,21 @@
 
   it '404s when a file is not found' do
     get "/foobarbaz.txt"
     assert not_found?
   end
+
+  it 'serves files when .. path traverses within public directory' do
+    get "/data/../#{File.basename(__FILE__)}"
+    assert ok?
+    assert_equal File.read(__FILE__), body
+  end
+
+  it '404s when .. path traverses outside of public directory' do
+    mock_app {
+      set :static, true
+      set :public, File.dirname(__FILE__) + '/data'
+    }
+    get "/../#{File.basename(__FILE__)}"
+    assert not_found?
+  end
 end