actionpack 4.0.10 → 4.0.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 14ff02d0101e627fea394975258dfbd19b66ec61
-  data.tar.gz: 308e5c32cf545be636eaca9c65c665ac937e3f79
+  metadata.gz: a8ad3b1bdb98fa865651bc6e2949405151e855cf
+  data.tar.gz: 99b0804b51477f6f0a243bb3df8ede5b14740149
 SHA512:
-  metadata.gz: 70ad42024ea4d6e594a76e981fcf04a99a10b9f39fe3c06e81d3fd47b11c5f9490d59058a79ac84168b2e5d98dc5aaf6b96677acc9ad1f3b7e56b72f6fa0bbd9
-  data.tar.gz: cf1595e7e3b5a9082e8697a7b0b3f2a159498d643a8c536ebe78884b32a8196cbabcd57fe8d06c93aee8674fbb9207796151192a71616fa027dd87d66df5e2e7
+  metadata.gz: 32f460f6cc690796cc64183fdd363a6f468dfcf121e7bba07e182d5f395b4e75cb2da4b55de98591ad20a6e8bf39f25c62bb4c7f72e2e036af81377bafe52f53
+  data.tar.gz: 978c48587c63a2a03782135e08d40e106d5b7bd3fa2f012d4d74bab17aa992f047280d25f42437c1822ca55ff1f1746b6d2ab50ad9923d5232384340486fdc28

data/lib/action_dispatch/middleware/static.rb

@@ -14,7 +14,8 @@ module ActionDispatch
       path = unescape_path(path)
       return false unless path.valid_encoding?
 
-      full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(path))
+      full_path = path.empty? ? @root : File.join(@root,
+        clean_path_info(escape_glob_chars(path)))
       paths = "#{full_path}#{ext}"
 
       matches = Dir[paths]
@@ -43,6 +44,25 @@ module ActionDispatch
     def escape_glob_chars(path)
       path.gsub(/[*?{}\[\]]/, "\\\\\\&")
     end
+
+    private
+
+    PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
+
+    def clean_path_info(path_info)
+      parts = path_info.split PATH_SEPS
+
+      clean = []
+
+      parts.each do |part|
+        next if part.empty? || part == '.'
+        part == '..' ? clean.pop : clean << part
+      end
+
+      clean.unshift '/' if parts.empty? || parts.first.empty?
+
+      ::File.join(*clean)
+    end
   end
 
   class Static

data/lib/action_pack/version.rb

@@ -1,7 +1,7 @@
 module ActionPack
   # Returns the version of the currently loaded ActionPack as a Gem::Version
   def self.version
-    Gem::Version.new "4.0.10"
+    Gem::Version.new "4.0.11"
   end
 
   module VERSION #:nodoc:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 4.0.10
+  version: 4.0.11
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-11 00:00:00.000000000 Z
+date: 2014-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -386,4 +386,3 @@ signing_key:
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []
-has_rdoc: