sbsm 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/History.txt +4 -0
  2. data/lib/sbsm/request.rb +10 -10
  3. data/lib/version.rb +1 -1
  4. metadata +36 -60
data/History.txt CHANGED
@@ -1,3 +1,7 @@
1
+ === 1.2.2 / 24.10.2012
2
+
3
+ * Fixed tainted path for File#expand_path
4
+
1
5
  === 1.2.1 / 27.09.2012
2
6
 
3
7
  * Fixed cgi loading problem on Production server
data/lib/sbsm/request.rb CHANGED
@@ -21,7 +21,7 @@
21
21
  # ywesee - intellectual capital connected, Winterthurerstrasse 52, CH-8006 Zürich, Switzerland
22
22
  # hwyss@ywesee.com
23
23
  #
24
- # SBSM::Request -- sbsm -- 27.09.2012 -- yasaka@ywesee.com
24
+ # SBSM::Request -- sbsm -- 24.10.2012 -- yasaka@ywesee.com
25
25
  # SBSM::Request -- sbsm -- 24.01.2012 -- mhatakeyama@ywesee.com
26
26
  # SBSM::Request -- sbsm -- hwyss@ywesee.com
27
27
 
@@ -51,11 +51,12 @@ module SBSM
51
51
  crawler_pattern = /archiver|slurp|bot|crawler|jeeves|spider|\.{6}/i
52
52
  !!crawler_pattern.match(@cgi.user_agent)
53
53
  end
54
- def passthru(path, disposition='attachment')
55
- @passthru = path
54
+ def passthru(path, disposition='attachment')
55
+ # the variable @passthru is set by a trusted source
56
+ @passthru = path.untaint
56
57
  @disposition = disposition
57
- ''
58
- end
58
+ ''
59
+ end
59
60
  def process
60
61
  begin
61
62
  @cgi.params.store('default_flavor', ENV['DEFAULT_FLAVOR'])
@@ -167,11 +168,10 @@ module SBSM
167
168
  cookie = generate_cookie(cookie_input)
168
169
  @request.headers_out.add('Set-Cookie', cookie.to_s)
169
170
  end
170
- # the variable @passthru is set by a trusted source
171
- basename = File.basename(@passthru)
172
- fullpath = File.expand_path(@passthru,
173
- @request.server.document_root)
174
- fullpath.untaint
171
+ basename = File.basename(@passthru)
172
+ fullpath = File.expand_path(
173
+ @passthru,
174
+ @request.server.document_root.untaint)
175
175
  subreq = @request.lookup_file(fullpath)
176
176
  @request.content_type = subreq.content_type
177
177
  @request.headers_out.add('Content-Disposition',
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- VERSION = '1.2.1'
1
+ VERSION = '1.2.2'
metadata CHANGED
@@ -1,65 +1,49 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: sbsm
3
- version: !ruby/object:Gem::Version
4
- hash: 29
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.2.2
5
5
  prerelease:
6
- segments:
7
- - 1
8
- - 2
9
- - 1
10
- version: 1.2.1
11
6
  platform: ruby
12
- authors:
7
+ authors:
13
8
  - Masaomi Hatakeyama, Zeno R.R. Davatz
14
9
  autorequire:
15
10
  bindir: bin
16
11
  cert_chain: []
17
-
18
- date: 2012-09-27 00:00:00 Z
19
- dependencies:
20
- - !ruby/object:Gem::Dependency
12
+ date: 2012-10-24 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
21
15
  name: rdoc
22
- prerelease: false
23
- requirement: &id001 !ruby/object:Gem::Requirement
16
+ requirement: &24885960 !ruby/object:Gem::Requirement
24
17
  none: false
25
- requirements:
18
+ requirements:
26
19
  - - ~>
27
- - !ruby/object:Gem::Version
28
- hash: 19
29
- segments:
30
- - 3
31
- - 10
32
- version: "3.10"
20
+ - !ruby/object:Gem::Version
21
+ version: '3.10'
33
22
  type: :development
34
- version_requirements: *id001
35
- - !ruby/object:Gem::Dependency
36
- name: hoe
37
23
  prerelease: false
38
- requirement: &id002 !ruby/object:Gem::Requirement
24
+ version_requirements: *24885960
25
+ - !ruby/object:Gem::Dependency
26
+ name: hoe
27
+ requirement: &24885420 !ruby/object:Gem::Requirement
39
28
  none: false
40
- requirements:
29
+ requirements:
41
30
  - - ~>
42
- - !ruby/object:Gem::Version
43
- hash: 25
44
- segments:
45
- - 2
46
- - 13
47
- version: "2.13"
31
+ - !ruby/object:Gem::Version
32
+ version: '2.13'
48
33
  type: :development
49
- version_requirements: *id002
34
+ prerelease: false
35
+ version_requirements: *24885420
50
36
  description: Application framework for state based session management
51
- email:
37
+ email:
52
38
  - mhatakeyama@ywesee.com, zdavatz@ywesee.com
53
39
  executables: []
54
-
55
40
  extensions: []
56
-
57
- extra_rdoc_files:
41
+ extra_rdoc_files:
58
42
  - History.txt
59
43
  - LICENCE.txt
60
44
  - README.txt
61
45
  - usage-en.txt
62
- files:
46
+ files:
63
47
  - History.txt
64
48
  - LICENCE.txt
65
49
  - README.txt
@@ -111,39 +95,31 @@ files:
111
95
  - .gemtest
112
96
  homepage: http://scm.ywesee.com/?p=sbsm/.git;a=summary
113
97
  licenses: []
114
-
115
98
  post_install_message:
116
- rdoc_options:
99
+ rdoc_options:
117
100
  - --main
118
101
  - README.txt
119
- require_paths:
102
+ require_paths:
120
103
  - lib
121
- required_ruby_version: !ruby/object:Gem::Requirement
104
+ required_ruby_version: !ruby/object:Gem::Requirement
122
105
  none: false
123
- requirements:
124
- - - ">="
125
- - !ruby/object:Gem::Version
126
- hash: 3
127
- segments:
128
- - 0
129
- version: "0"
130
- required_rubygems_version: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - ! '>='
108
+ - !ruby/object:Gem::Version
109
+ version: '0'
110
+ required_rubygems_version: !ruby/object:Gem::Requirement
131
111
  none: false
132
- requirements:
133
- - - ">="
134
- - !ruby/object:Gem::Version
135
- hash: 3
136
- segments:
137
- - 0
138
- version: "0"
112
+ requirements:
113
+ - - ! '>='
114
+ - !ruby/object:Gem::Version
115
+ version: '0'
139
116
  requirements: []
140
-
141
117
  rubyforge_project: sbsm
142
118
  rubygems_version: 1.8.15
143
119
  signing_key:
144
120
  specification_version: 3
145
121
  summary: Application framework for state based session management
146
- test_files:
122
+ test_files:
147
123
  - test/test_drbserver.rb
148
124
  - test/test_index.rb
149
125
  - test/test_lookandfeel.rb