diff options
author | zedshaw <zedshaw@19e92222-5c0b-0410-8929-a290d50e31e9> | 2006-05-20 22:47:34 +0000 |
---|---|---|
committer | zedshaw <zedshaw@19e92222-5c0b-0410-8929-a290d50e31e9> | 2006-05-20 22:47:34 +0000 |
commit | 1f2ada2d7bd3fa5cf3e4c458108f8eab2bcba16c (patch) | |
tree | e3a91e54958aa5bdbaafcfcba52f07f05940d43a /lib/mongrel/handlers.rb | |
parent | 729f3e7c8a29ecc52e191c704403e6e3931452c0 (diff) | |
download | unicorn-1f2ada2d7bd3fa5cf3e4c458108f8eab2bcba16c.tar.gz |
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@200 19e92222-5c0b-0410-8929-a290d50e31e9
Diffstat (limited to 'lib/mongrel/handlers.rb')
-rw-r--r-- | lib/mongrel/handlers.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/mongrel/handlers.rb b/lib/mongrel/handlers.rb index 681056f..d1de076 100644 --- a/lib/mongrel/handlers.rb +++ b/lib/mongrel/handlers.rb @@ -95,7 +95,8 @@ module Mongrel # Checks if the given path can be served and returns the full path (or nil if not). def can_serve(path_info) - req_path = File.expand_path(File.join(@path,path_info), @path) + # TODO: investigate freezing the path_info to prevent double escaping + req_path = File.expand_path(File.join(@path,HttpRequest.unescape(path_info)), @path) if req_path.index(@path) == 0 and File.exist? req_path # it exists and it's in the right location @@ -129,6 +130,7 @@ module Mongrel # object to send the results on. def send_dir_listing(base, dir, response) # take off any trailing / so the links come out right + base = HttpRequest.unescape(base) base.chop! if base[-1] == "/"[-1] if @listing_allowed @@ -136,6 +138,7 @@ module Mongrel head[Const::CONTENT_TYPE] = "text/html" out << "<html><head><title>Directory Listing</title></head><body>" Dir.entries(dir).each do |child| + child = HttpRequest.unescape(child) next if child == "." if child == ".." |