LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix: Path traversal at SwaggerController (#6205)

Browse Source
This commit is contained in:
ooooooo_q
2023-01-13 03:14:21 +09:00
committed by GitHub
parent 9bbadc2388
commit 9e4a5d028c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/swagger_controller.rb
View File

@@ -11,8 +11,8 @@ class SwaggerController < ApplicationController
def derived_path def derived_path
params[:path] ||= 'index.html' params[:path] ||= 'index.html'
path = params[:path] path = Rack::Utils.clean_path_info(params[:path])
path << ".#{params[:format]}" unless path.ends_with?(params[:format].to_s) path << ".#{Rack::Utils.clean_path_info(params[:format])}" unless path.ends_with?(params[:format].to_s)
path path
end end
end end