Changeset 927
- Timestamp:
- 12/28/07 21:55:04 (8 months ago)
- Files:
-
- branches/stable_1-1/lib/mongrel/handlers.rb (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/stable_1-1/lib/mongrel/handlers.rb
r826 r927 133 133 req_path = File.join(@path, req_path) if @path 134 134 req_path = File.expand_path req_path 135 136 if File.exist? req_path 135 136 # do not remove the check for @path at the beginning, it's what prevents 137 # the serving of arbitrary files (and good programmer Rule #1 Says: If 138 # you don't understand something, it's not because I'm stupid, it's 139 # because you are). 140 if req_path.index(@path) == 0 and File.exist? req_path 137 141 # It exists and it's in the right location 138 142 if File.directory? req_path … … 154 158 end 155 159 else 156 # does not exist or isn't in the right spot 160 # does not exist or isn't in the right spot or isn't valid because not start with @path 157 161 return nil 158 162 end
