Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
rubygem-actionpack-3_2
CVE-2014-7829.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-7829.patch of Package rubygem-actionpack-3_2
diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb index 7f11170..70632f2 100644 --- a/actionpack/lib/action_dispatch/middleware/static.rb +++ b/actionpack/lib/action_dispatch/middleware/static.rb @@ -16,7 +16,7 @@ module ActionDispatch paths = "#{full_path}#{ext}" matches = Dir[paths] - match = matches.detect { |m| File.file?(m) } + match = matches.detect { |m| File.file?(m) && File.readable?(m) } if match match.sub!(@compiled_root, '') ::Rack::Utils.escape(match) @@ -40,7 +40,7 @@ module ActionDispatch def escape_glob_chars(path) path.force_encoding('binary') if path.respond_to? :force_encoding - path.gsub(/[*?{}\[\]]/, "\\\\\\&") + path.gsub(/[*?{}\[\]\\]/, "\\\\\\&") end private
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
