Permalink
Browse files

Update lib/rack/file.rb

prevent symlink usage to access files outside of the "mounted" directory
  • Loading branch information...
1 parent 66b41c8 commit a9abcc737aaa7eb48a95afe1438873756b78af34 @snyff committed Feb 20, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/rack/file.rb
View
@@ -51,7 +51,7 @@ def _call(env)
@path = F.join(@root, *clean)
available = begin
- F.file?(@path) && F.readable?(@path)
+ F.file?(@path) && F.readable?(@path) && !F.symlink?(@path)
rescue SystemCallError
false
end

0 comments on commit a9abcc7

Please sign in to comment.