Skip to content

Commit

Permalink
Fixes #101: Add escape for CVE-2017-12097
Browse files Browse the repository at this point in the history
  • Loading branch information
@breckenedge
breckenedge committed Mar 6, 2018
1 parent 2c55f1f commit 6bcb10e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/delayed_job_web/application/app.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def per_page

def url_path(*path_parts)
url = [ path_prefix, path_parts ].join("/").squeeze('/')
url += "?queues=#{@queues.join(",")}" unless @queues.empty?
url += "?queues=#{CGI.escape(@queues.join(","))}" unless @queues.empty?
url
end

Expand Down

0 comments on commit 6bcb10e

Please sign in to comment.