Merge branch 'rs-help-path-traversal' into 'master'

Fix path traversal in HelpController Closes #2543 See merge request !1922

Merge branch 'rs-help-path-traversal' into 'master'
Fix path traversal in HelpController Closes #2543 See merge request !1922
91fa82d1 · Douwe Maan · 20491498 · a42c548a · 91fa82d1
Commit 91fa82d1 authored Aug 18, 2015 by Douwe Maan
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

app/controllers/help_controller.rb app/controllers/help_controller.rb +4 -2

No files found.
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -10,7 +10,8 @@ class HelpController < ApplicationController
    respond_to do |format|
      format.any(:markdown, :md, :html) do
-        path = Rails.root.join('doc', @category, "#{@file}.md")
+        # Note: We are purposefully NOT using `Rails.root.join`
+        path = File.join(Rails.root, 'doc', @category, "#{@file}.md")
        if File.exist?(path)
          @markdown = File.read(path)
@@ -24,7 +25,8 @@ class HelpController < ApplicationController
      # Allow access to images in the doc folder
      format.any(:png, :gif, :jpeg) do
-        path = Rails.root.join('doc', @category, "#{@file}.#{params[:format]}")
+        # Note: We are purposefully NOT using `Rails.root.join`
+        path = File.join(Rails.root, 'doc', @category, "#{@file}.#{params[:format]}")
        if File.exist?(path)
          send_file(path, disposition: 'inline')