actionpack 4.1.6 → 4.1.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/action_dispatch/middleware/static.rb +21 -1
  3. data/lib/action_pack/gem_version.rb +1 -1
  4. metadata +8 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 04726cdfcfd1fb36690500885e2ebff4e66544e9
4
- data.tar.gz: f1f9c4ec80131945b50fc4e91e304a9de84f4a90
3
+ metadata.gz: fd553597f482cd30ac29dec61f759fbfc0dc1005
4
+ data.tar.gz: 1a22032cc1c4b44051182dff1fba4762885f83f0
5
5
  SHA512:
6
- metadata.gz: 17021ccd46d009738ab47c9cf8cabbcd339667b5953a76f21bc6cf0c37b969ed35c4604dcc8f0423bf3b265e6d591b39332be9c6f1223b5190c91b619828970f
7
- data.tar.gz: 77d3d2faf953419e5d9c66096d0297bf887aa1da2630f690e553c95df68e6dbecebc6aff37db1ea139d83419b0510d5ba27c512d72e1887100dd50f9bb928822
6
+ metadata.gz: cf3fba7f2188f04480178dfc0e9e1a6265da868dfd7f11d35ec0b024155c9ce4f8bdccda3dfae58b96de23f3ff7de118ecda483b37301814c9711e268cf9dde8
7
+ data.tar.gz: 6deca2a2a3f989a1b2e385a09ba2d616e0e0d43e2cf9b1cb3d4ee91dfccc426b1a08b696f9e285ab489cca6d7d752e5a8cda15b39612ab86b88847b7b6eb7ac5
data/lib/action_dispatch/middleware/static.rb CHANGED
@@ -14,7 +14,8 @@ module ActionDispatch
14
14
  path = unescape_path(path)
15
15
  return false unless path.valid_encoding?
16
16
 
17
- full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(path))
17
+ full_path = path.empty? ? @root : File.join(@root,
18
+ clean_path_info(escape_glob_chars(path)))
18
19
  paths = "#{full_path}#{ext}"
19
20
 
20
21
  matches = Dir[paths]
@@ -43,6 +44,25 @@ module ActionDispatch
43
44
  def escape_glob_chars(path)
44
45
  path.gsub(/[*?{}\[\]]/, "\\\\\\&")
45
46
  end
47
+
48
+ private
49
+
50
+ PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
51
+
52
+ def clean_path_info(path_info)
53
+ parts = path_info.split PATH_SEPS
54
+
55
+ clean = []
56
+
57
+ parts.each do |part|
58
+ next if part.empty? || part == '.'
59
+ part == '..' ? clean.pop : clean << part
60
+ end
61
+
62
+ clean.unshift '/' if parts.empty? || parts.first.empty?
63
+
64
+ ::File.join(*clean)
65
+ end
46
66
  end
47
67
 
48
68
  class Static
data/lib/action_pack/gem_version.rb CHANGED
@@ -7,7 +7,7 @@ module ActionPack
7
7
  module VERSION
8
8
  MAJOR = 4
9
9
  MINOR = 1
10
- TINY = 6
10
+ TINY = 7
11
11
  PRE = nil
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.6
4
+ version: 4.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-11 00:00:00.000000000 Z
11
+ date: 2014-10-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.1.6
19
+ version: 4.1.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.1.6
26
+ version: 4.1.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 4.1.6
61
+ version: 4.1.7
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 4.1.6
68
+ version: 4.1.7
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: activemodel
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - '='
74
74
  - !ruby/object:Gem::Version
75
- version: 4.1.6
75
+ version: 4.1.7
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - '='
81
81
  - !ruby/object:Gem::Version
82
- version: 4.1.6
82
+ version: 4.1.7
83
83
  description: Web apps on Rails. Simple, battle-tested conventions for building and
84
84
  testing MVC web applications. Works with any Rack-compatible server.
85
85
  email: david@loudthinking.com
@@ -263,4 +263,3 @@ signing_key:
263
263
  specification_version: 4
264
264
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
265
265
  test_files: []
266
- has_rdoc: