extras/try_gzip_static: require readability on HEAD requests

Files may exist and be stat-able, but not readable. Return a 403 response for non-readable files.
author: Eric Wong <e@80x24.org> 2015-08-14 21:18:20 +0000
committer: Eric Wong <e@80x24.org> 2015-08-14 21:21:48 +0000
commit: 584819a270c8d25f2bc2a40ed508844949bd2eee (patch)
tree: e003c5c730a302b0d1f861466602ba7373139e19 /extras
parent: 47bd67cf08b6041e1868b69e1a54593c22a5a0a3 (diff)
download: yahns-584819a270c8d25f2bc2a40ed508844949bd2eee.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/extras/try_gzip_static.rb b/extras/try_gzip_static.rb
index d562957..4279e65 100644
--- a/extras/try_gzip_static.rb
+++ b/extras/try_gzip_static.rb
@@ -92,7 +92,9 @@ class TryGzipStatic
      path = fspath(env) or return r(403)
      begin
        st = File.stat(path)
-      st.file? ? [ path, st ] : r(404)
+      return r(404) unless st.file?
+      return r(403) unless st.readable?
+      [ path, st ]
      rescue Errno::ENOENT, Errno::ENOTDIR
        r(404)
      rescue Errno::EACCES
author	Eric Wong <e@80x24.org>	2015-08-14 21:18:20 +0000
committer	Eric Wong <e@80x24.org>	2015-08-14 21:21:48 +0000
commit	584819a270c8d25f2bc2a40ed508844949bd2eee (patch)
tree	e003c5c730a302b0d1f861466602ba7373139e19 /extras
parent	47bd67cf08b6041e1868b69e1a54593c22a5a0a3 (diff)
download	yahns-584819a270c8d25f2bc2a40ed508844949bd2eee.tar.gz