mongrel_secure_download-redux 0.0.1.198 → 0.0.2.199

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/README +1 -1
  2. data/Rakefile +1 -1
  3. data/lib/mongrel_secure_download-redux/init.rb +4 -4
  4. metadata +5 -5
data/README CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  == VERSION
4
4
 
5
- This documentation refers to mongrel_secure_download-redux version 0.0.1
5
+ This documentation refers to mongrel_secure_download-redux version 0.0.2
6
6
 
7
7
 
8
8
  == DESCRIPTION
data/Rakefile CHANGED
@@ -7,7 +7,7 @@ begin
7
7
  },
8
8
 
9
9
  :gem => {
10
- :version => '0.0.1',
10
+ :version => '0.0.2',
11
11
  :summary => 'Re-implementation of the Mongrel Secure Download Plugin',
12
12
  :files => FileList['lib/**/*.rb'].to_a,
13
13
  :extra_files => FileList['[A-Z]*', 'resources/*'].to_a,
data/lib/mongrel_secure_download-redux/init.rb CHANGED
@@ -12,14 +12,14 @@ class SecureDownloadRedux < GemPlugin::Plugin '/handlers'
12
12
 
13
13
  URL_RE = %r{\A(?:ht|f)tps?://}io
14
14
 
15
- attr_reader :response, :secret, :prefix, :path, :timestamp, :token
15
+ attr_reader :response, :secret, :base, :path, :timestamp, :token
16
16
 
17
17
  def process(request, response)
18
18
  query = Mongrel::HttpRequest.query_parse(request.params['QUERY_STRING'])
19
19
 
20
20
  @response = response
21
21
  @secret = @options[:secret]
22
- @prefix = @options[:prefix] || '.'
22
+ @base = @options[:base] || '.'
23
23
  @path = query['path']
24
24
  @timestamp = query['timestamp']
25
25
  @token = query['token']
@@ -81,10 +81,10 @@ class SecureDownloadRedux < GemPlugin::Plugin '/handlers'
81
81
  alias_method :send_url, :send_url_redirect2
82
82
 
83
83
  def send_file
84
- path = File.expand_path(File.join(prefix, @path))
84
+ path = File.expand_path(File.join(base, @path))
85
85
 
86
86
  # Prevent double-dot vulnerability!
87
- return unless path =~ %r{\A#{Regexp.escape(File.expand_path(prefix))}}
87
+ return unless path =~ %r{\A#{Regexp.escape(File.expand_path(base))}}
88
88
 
89
89
  file = File.stat(path)
90
90
  size = file.size
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mongrel_secure_download-redux
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1.198
4
+ version: 0.0.2.199
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jens Wille
@@ -42,22 +42,22 @@ extra_rdoc_files:
42
42
  files:
43
43
  - lib/mongrel_secure_download-redux/init.rb
44
44
  - COPYING
45
- - README
46
45
  - Rakefile
46
+ - README
47
47
  - resources/defaults.yaml
48
48
  has_rdoc: true
49
49
  homepage: http://prometheus.rubyforge.org/mongrel_secure_download-redux
50
50
  post_install_message:
51
51
  rdoc_options:
52
- - --title
53
- - mongrel_secure_download-redux Application documentation
52
+ - --all
54
53
  - --main
55
54
  - README
56
55
  - --line-numbers
57
- - --all
58
56
  - --inline-source
59
57
  - --charset
60
58
  - UTF-8
59
+ - --title
60
+ - mongrel_secure_download-redux Application documentation
61
61
  require_paths:
62
62
  - lib
63
63
  required_ruby_version: !ruby/object:Gem::Requirement