actionpack 4.0.10 → 4.0.11
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/action_dispatch/middleware/static.rb +21 -1
- data/lib/action_pack/version.rb +1 -1
- metadata +6 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a8ad3b1bdb98fa865651bc6e2949405151e855cf
|
|
4
|
+
data.tar.gz: 99b0804b51477f6f0a243bb3df8ede5b14740149
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 32f460f6cc690796cc64183fdd363a6f468dfcf121e7bba07e182d5f395b4e75cb2da4b55de98591ad20a6e8bf39f25c62bb4c7f72e2e036af81377bafe52f53
|
|
7
|
+
data.tar.gz: 978c48587c63a2a03782135e08d40e106d5b7bd3fa2f012d4d74bab17aa992f047280d25f42437c1822ca55ff1f1746b6d2ab50ad9923d5232384340486fdc28
|
|
@@ -14,7 +14,8 @@ module ActionDispatch
|
|
|
14
14
|
path = unescape_path(path)
|
|
15
15
|
return false unless path.valid_encoding?
|
|
16
16
|
|
|
17
|
-
full_path = path.empty? ? @root : File.join(@root,
|
|
17
|
+
full_path = path.empty? ? @root : File.join(@root,
|
|
18
|
+
clean_path_info(escape_glob_chars(path)))
|
|
18
19
|
paths = "#{full_path}#{ext}"
|
|
19
20
|
|
|
20
21
|
matches = Dir[paths]
|
|
@@ -43,6 +44,25 @@ module ActionDispatch
|
|
|
43
44
|
def escape_glob_chars(path)
|
|
44
45
|
path.gsub(/[*?{}\[\]]/, "\\\\\\&")
|
|
45
46
|
end
|
|
47
|
+
|
|
48
|
+
private
|
|
49
|
+
|
|
50
|
+
PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
|
|
51
|
+
|
|
52
|
+
def clean_path_info(path_info)
|
|
53
|
+
parts = path_info.split PATH_SEPS
|
|
54
|
+
|
|
55
|
+
clean = []
|
|
56
|
+
|
|
57
|
+
parts.each do |part|
|
|
58
|
+
next if part.empty? || part == '.'
|
|
59
|
+
part == '..' ? clean.pop : clean << part
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
clean.unshift '/' if parts.empty? || parts.first.empty?
|
|
63
|
+
|
|
64
|
+
::File.join(*clean)
|
|
65
|
+
end
|
|
46
66
|
end
|
|
47
67
|
|
|
48
68
|
class Static
|
data/lib/action_pack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-10-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 4.0.
|
|
19
|
+
version: 4.0.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 4.0.
|
|
26
|
+
version: 4.0.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: builder
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - '='
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 4.0.
|
|
89
|
+
version: 4.0.11
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - '='
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 4.0.
|
|
96
|
+
version: 4.0.11
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: tzinfo
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -386,4 +386,3 @@ signing_key:
|
|
|
386
386
|
specification_version: 4
|
|
387
387
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
|
388
388
|
test_files: []
|
|
389
|
-
has_rdoc:
|