Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Avoid SCRIPT_NAME escaping in Rack::Directory #415

Closed
wants to merge 1 commit into from

2 participants

@ghost

When it serve /, it works just well, cause SCRIPT_NAME is empty and there are nothing to escape.

However, when serving /some-url, the generated links will look like "%2Fsome-url/some-path".

slivu Update lib/rack/directory.rb
Avoid SCRIPT_NAME escaping.

When it serve /, it works just well, cause SCRIPT_NAME is empty and there are nothing to escape.

However, when serving /some-url, the generated links will look like "%2Fsome-url/some-path".
15a1738
@travisbot

This pull request passes (merged 15a1738 into ab67e70).

@raggi raggi closed this pull request from a commit
@raggi raggi Fix script name escaping in Rack::Directory
Closes #415 and replaces it, which came with no tests and an insecure
implementation.
7c36a88
@raggi raggi closed this in 7c36a88
@raggi raggi referenced this pull request from a commit
@raggi raggi Fix script name escaping in Rack::Directory
Closes #415 and replaces it, which came with no tests and an insecure
implementation.
ceeccb1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 30, 2012
  1. Update lib/rack/directory.rb

    slivu authored
    Avoid SCRIPT_NAME escaping.
    
    When it serve /, it works just well, cause SCRIPT_NAME is empty and there are nothing to escape.
    
    However, when serving /some-url, the generated links will look like "%2Fsome-url/some-path".
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/rack/directory.rb
View
2  lib/rack/directory.rb
@@ -80,7 +80,7 @@ def list_directory
@files = [['../','Parent Directory','','','']]
glob = F.join(@path, '*')
- url_head = ([@script_name] + @path_info.split('/')).map do |part|
+ url_head = [@script_name] + @path_info.split('/').map do |part|
Rack::Utils.escape part
end
Something went wrong with that request. Please try again.