projects / catagits/Catalyst-Plugin-Static-Simple.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw
Static::Simple, added path security fix
[catagits/Catalyst-Plugin-Static-Simple.git] / lib / Catalyst / Plugin / Static / Simple.pm
diff --git a/lib/Catalyst/Plugin/Static/Simple.pm b/lib/Catalyst/Plugin/Static/Simple.pm
index 3a5f654..827c272 100644 (file)
--- a/lib/Catalyst/Plugin/Static/Simple.pm
+++ b/lib/Catalyst/Plugin/Static/Simple.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
 use File::stat;
+use File::Spec::Functions qw/catdir no_upwards splitdir/;
 use IO::File;
 use MIME::Types;
 use NEXT;
@@ -110,7 +111,7 @@ sub setup {
 sub _locate_static_file {
     my $c = shift;
     
-    my $path = $c->req->path;
+    my $path = catdir( no_upwards( splitdir( $c->req->path ) ) );
     
     my @ipaths = @{ $c->config->{static}->{include_path} };
     my $dpaths;
Unnamed repository; edit this file 'description' to name the repository.