Static::Simple, added path security fix

diff --git a/Changes b/Changes
index 67d7098..9fc2c71 100644 (file)
--- a/Changes
+++ b/Changes
@@ -4,6 +4,7 @@ Revision history for Perl extension Catalyst::Plugin::Static::Simple
         - Made prepare_action play nice with other plugins by not short-
           circuiting.
         - Added tmpl to the ignored extensions.
+        - Fixed security problem if req->path contained '..'.
 
 0.11    2005-11-13 16:25:00
         - Removed the code that set the 304 Not Modified header.  This caused

diff --git a/lib/Catalyst/Plugin/Static/Simple.pm b/lib/Catalyst/Plugin/Static/Simple.pm
index 3a5f654..827c272 100644 (file)
--- a/lib/Catalyst/Plugin/Static/Simple.pm
+++ b/lib/Catalyst/Plugin/Static/Simple.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
 use File::stat;
+use File::Spec::Functions qw/catdir no_upwards splitdir/;
 use IO::File;
 use MIME::Types;
 use NEXT;
@@ -110,7 +111,7 @@ sub setup {
 sub _locate_static_file {
     my $c = shift;
     
-    my $path = $c->req->path;
+    my $path = catdir( no_upwards( splitdir( $c->req->path ) ) );
     
     my @ipaths = @{ $c->config->{static}->{include_path} };
     my $dpaths;