diff options
author | Eric Wong <e@80x24.org> | 2013-11-11 03:31:33 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2013-11-12 07:08:34 +0000 |
commit | 1d33205a7500f08c49e247af688877b0cc22cdfe (patch) | |
tree | 86768902cbeaaf7a8f8bbeb97d94940df7283aa5 /extras | |
parent | 340d96e9d389b96c1d709e58b8ac08d8faee935b (diff) | |
download | yahns-1d33205a7500f08c49e247af688877b0cc22cdfe.tar.gz |
Some attackers may try /path/to/file/foo where /path/to/file is actually a valid path to a regular file. Of course, requests like this work on dynamic websites, but not static file mappings because Unix directories and files cannot be the same thing.
Diffstat (limited to 'extras')
-rw-r--r-- | extras/try_gzip_static.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/extras/try_gzip_static.rb b/extras/try_gzip_static.rb index efe47f9..5e6a4e7 100644 --- a/extras/try_gzip_static.rb +++ b/extras/try_gzip_static.rb @@ -91,7 +91,7 @@ class TryGzipStatic begin st = File.stat(path) st.file? ? [ path, st ] : r(404) - rescue Errno::ENOENT + rescue Errno::ENOENT, Errno::ENOTDIR r(404) rescue Errno::EACCES r(403) |