Fix security vulnerability, when serving static files with dots in the names

[catagits/Catalyst-Plugin-Static-Simple.git] / lib / Catalyst / Plugin / Static / Simple.pm

diff --git a/lib/Catalyst/Plugin/Static/Simple.pm b/lib/Catalyst/Plugin/Static/Simple.pm
index 7aca818..e8cb1d2 100755 (executable)
--- a/lib/Catalyst/Plugin/Static/Simple.pm
+++ b/lib/Catalyst/Plugin/Static/Simple.pm
@@ -64,7 +64,7 @@ before prepare_action => sub {
     }
 
     # Does the path have an extension?
-    if ( $path =~ /.*\.(\S{1,})$/xms ) {
+    if ( $path =~ /\.([^\/\\]+)$/m ) {
         # and does it exist?
         $c->_locate_static_file( $path );
     }