Mitigated directory traversal in ServeHandler

This commit is contained in:
Yessiest 2023-09-09 00:07:06 +04:00
parent 9ba3bddc96
commit 8894a9a55f
2 changed files with 15 additions and 2 deletions

View File

@ -13,9 +13,9 @@ app = Hyde::Server.new do
postprocess do |request, response| postprocess do |request, response|
puts "Request: #{request}, response: #{response}" puts "Request: #{request}, response: #{response}"
end end
index ["index"] index ["index.html"]
root "#{ENV['PWD']}/assets" root "#{ENV['PWD']}/assets"
serve "*.(html|css|js)" serve "/**/*.(html|css|js)"
get "/wormhole/:test/*" do |suffix, test: nil| get "/wormhole/:test/*" do |suffix, test: nil|
<<~RESPONSE <<~RESPONSE
You tried accessing #{suffix} at named param #{test} You tried accessing #{suffix} at named param #{test}

View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<title> Cleverly done, mr. freeman </title>
</head>
<body>
<h1>Cleverly done, mr. freeman</h1>
<hr/>
<p>But you are not supposed to be here</p>
<p><b>Get back where you belong.</b></p>
</body>
</html>