rack-protection 1.5.3 → 1.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/protection/path_traversal.rb +4 -1
- data/lib/rack/protection/version.rb +1 -1
- data/rack-protection.gemspec +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 71f8780cd91d2ec881c8622094bde958d462c694
|
|
4
|
+
data.tar.gz: 803060435de3c98a1b45c07b48e60a4eefda8a54
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9b88c68b897647193d934418a72f370df60058efb59a9d96e3421efb5989e7d76379a048293c3b9abea043fb4a89cf83b5f4d6972b81233143c6d23b6dfad190
|
|
7
|
+
data.tar.gz: 92343bb6e7ffcdf6ffa35ccc3d324ca3a18d751ae10cad03c7baa6a5f8b5cacca9a4e3424a5effd1235fbc2f0783a9cef3ad218054e8d270bd1c6be6cd7e660c
|
|
@@ -24,14 +24,17 @@ module Rack
|
|
|
24
24
|
encoding = path.encoding
|
|
25
25
|
dot = '.'.encode(encoding)
|
|
26
26
|
slash = '/'.encode(encoding)
|
|
27
|
+
backslash = '\\'.encode(encoding)
|
|
27
28
|
else
|
|
28
29
|
# Ruby 1.8
|
|
29
30
|
dot = '.'
|
|
30
31
|
slash = '/'
|
|
32
|
+
backslash = '\\'
|
|
31
33
|
end
|
|
32
34
|
|
|
33
35
|
parts = []
|
|
34
|
-
unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash)
|
|
36
|
+
unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i, backslash)
|
|
37
|
+
unescaped = unescaped.gsub(backslash, slash)
|
|
35
38
|
|
|
36
39
|
unescaped.split(slash).each do |part|
|
|
37
40
|
next if part.empty? or part == dot
|
data/rack-protection.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-protection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.5.
|
|
4
|
+
version: 1.5.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Konstantin Haase
|
|
@@ -35,7 +35,7 @@ authors:
|
|
|
35
35
|
autorequire:
|
|
36
36
|
bindir: bin
|
|
37
37
|
cert_chain: []
|
|
38
|
-
date:
|
|
38
|
+
date: 2018-02-19 00:00:00.000000000 Z
|
|
39
39
|
dependencies:
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: rack
|
|
@@ -168,9 +168,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
168
168
|
version: '0'
|
|
169
169
|
requirements: []
|
|
170
170
|
rubyforge_project:
|
|
171
|
-
rubygems_version: 2.
|
|
171
|
+
rubygems_version: 2.6.8
|
|
172
172
|
signing_key:
|
|
173
173
|
specification_version: 4
|
|
174
174
|
summary: You should use protection!
|
|
175
175
|
test_files: []
|
|
176
|
-
has_rdoc:
|