projects
/
catagits/Catalyst-Plugin-Static-Simple.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
Fix security vulnerability, when serving static files with dots in the names
[catagits/Catalyst-Plugin-Static-Simple.git]
/
lib
/
Catalyst
/
Plugin
/
Static
/
Simple.pm
diff --git
a/lib/Catalyst/Plugin/Static/Simple.pm
b/lib/Catalyst/Plugin/Static/Simple.pm
index
7aca818
..
e8cb1d2
100755
(executable)
--- a/
lib/Catalyst/Plugin/Static/Simple.pm
+++ b/
lib/Catalyst/Plugin/Static/Simple.pm
@@
-64,7
+64,7
@@
before prepare_action => sub {
}
# Does the path have an extension?
- if ( $path =~ /.*\.(\S{1,})$/xms ) {
+ if ( $path =~ /\.([^\/\\]+)$/m ) {
# and does it exist?
$c->_locate_static_file( $path );
}