Fix script name escaping in Rack::Directory

Closes rack#415 and replaces it, which came with no tests and an insecure implementation.
Gibheer · Aug 26, 2012 · 7c36a88 · 7c36a88
1 parent 40cb556
commit 7c36a88
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/lib/rack/directory.rb b/lib/rack/directory.rb
@@ -80,7 +80,7 @@ def list_directory
       @files = [['../','Parent Directory','','','']]
       glob = F.join(@path, '*')
 
-      url_head = ([@script_name] + @path_info.split('/')).map do |part|
+      url_head = (@script_name.split('/') + @path_info.split('/')).map do |part|
         Rack::Utils.escape part
       end
 

diff --git a/test/spec_directory.rb b/test/spec_directory.rb
@@ -67,4 +67,22 @@
     res = mr.get("/cgi/test%2bdirectory/test%2bfile")
     res.should.be.ok
   end
+
+  should "correctly escape script name" do
+    app2 = Rack::Builder.new do
+      map '/script-path' do
+        run app
+      end
+    end
+
+    mr = Rack::MockRequest.new(Rack::Lint.new(app2))
+
+    res = mr.get("/script-path/cgi/test%2bdirectory")
+
+    res.should.be.ok
+    res.body.should =~ %r[/script-path/cgi/test%2Bdirectory/test%2Bfile]
+
+    res = mr.get("/script-path/cgi/test%2bdirectory/test%2bfile")
+    res.should.be.ok
+  end
 end