- Made prepare_action play nice with other plugins by not short-
circuiting.
- Added tmpl to the ignored extensions.
+ - Fixed security problem if req->path contained '..'.
0.11 2005-11-13 16:25:00
- Removed the code that set the 304 Not Modified header. This caused
use warnings;
use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
use File::stat;
+use File::Spec::Functions qw/catdir no_upwards splitdir/;
use IO::File;
use MIME::Types;
use NEXT;
sub _locate_static_file {
my $c = shift;
- my $path = $c->req->path;
+ my $path = catdir( no_upwards( splitdir( $c->req->path ) ) );
my @ipaths = @{ $c->config->{static}->{include_path} };
my $dpaths;