diff options
-rw-r--r-- | extras/autoindex.rb | 9 | ||||
-rw-r--r-- | extras/try_gzip_static.rb | 17 |
2 files changed, 17 insertions, 9 deletions
diff --git a/extras/autoindex.rb b/extras/autoindex.rb index b868a5c..9ce6c61 100644 --- a/extras/autoindex.rb +++ b/extras/autoindex.rb @@ -112,15 +112,18 @@ class Autoindex rescue Errno::ENOENT, Errno::ENOTDIR # from Dir.open r(404) rescue => e - r(500, e.message, env) + r(500, e, env) ensure dir.close if dir end def r(code, msg = nil, env = nil) - if env && logger = env["rack.logger"] + if env && exc && logger = env["rack.logger"] + msg = exc.message + msg = msg.dump if /[[:cntrl:]]/ =~ msg # prevent code injection logger.warn("#{env['REQUEST_METHOD']} #{env['PATH_INFO']} " \ - "#{code} #{msg.inspect}") + "#{code} #{msg}") + exc.backtrace.each { |line| logger.warn(line) } end if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(code) diff --git a/extras/try_gzip_static.rb b/extras/try_gzip_static.rb index 5e6a4e7..b65725a 100644 --- a/extras/try_gzip_static.rb +++ b/extras/try_gzip_static.rb @@ -96,7 +96,7 @@ class TryGzipStatic rescue Errno::EACCES r(403) rescue => e - r(500, e.message, env) + r(500, e, env) end end @@ -127,7 +127,7 @@ class TryGzipStatic rescue Errno::ENOENT, Errno::EACCES head_no_gz(res, env, path, st) rescue => e - r(500, e.message, env) + r(500, e, env) end end else # 416, 304 @@ -189,13 +189,18 @@ class TryGzipStatic rescue Errno::EACCES # could get here from a race r(403) rescue => e - r(500, e.message, env) + r(500, e, env) end - def r(code, msg = nil, env = nil) - if env && logger = env["rack.logger"] + def r(code, exc = nil, env = nil) + if env && exc && logger = env["rack.logger"] + msg = exc.message if exc.respond_to?(:message) + msg = msg.dump if /[[:cntrl:]]/ =~ msg # prevent code injection logger.warn("#{env['REQUEST_METHOD']} #{env['PATH_INFO']} " \ - "#{code} #{msg.inspect}") + "#{code} #{msg}") + if exc.respond_to?(:backtrace) + exc.backtrace.each { |line| logger.warn(line) } + end end if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(code) |