Permalink
Browse files

Fix path normalisation in Dancer::FileUtils

This solves a potential directory traversal issue allowing static files to be
served from a level above the public/ dir, which could be dangerous.

Thanks to Vladimir Lettiev aka crux for reporting this regression.
  • Loading branch information...
1 parent 49ca988 commit 75a47c0acee68bd4aef7bb1fa69d4175e63d15f6 @bigpresh bigpresh committed Jul 26, 2011
Showing with 1 addition and 0 deletions.
  1. +1 −0 lib/Dancer/FileUtils.pm
@@ -103,6 +103,7 @@ sub normalize_path {
$path =~ s{/\./}{/}g;
$path =~ s{$seqregex}{}g;
+ $path =~ s{$seqregex}{};
return $path;
}

0 comments on commit 75a47c0

Please sign in to comment.