Changeset 932
- Timestamp:
- 12/29/07 00:56:08 (8 months ago)
- Files:
-
- trunk/lib/mongrel/handlers.rb (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/lib/mongrel/handlers.rb
r893 r932 133 133 req_path = File.join(@path, req_path) if @path 134 134 req_path = File.expand_path req_path 135 136 if File.exist? req_path 135 136 # do not remove the check for @path at the beginning, it's what prevents 137 # the serving of arbitrary files (and good programmer Rule #1 Says: If 138 # you don't understand something, it's not because I'm stupid, it's 139 # because you are). 140 if req_path.index(@path) == 0 and File.exist? req_path 137 141 # It exists and it's in the right location 138 142 if File.directory? req_path … … 154 158 end 155 159 else 156 # does not exist or isn't in the right spot 160 # does not exist or isn't in the right spot or isn't valid because not start with @path 157 161 return nil 158 162 end
