Module: MarkdownServer::Helpers::PathHelpers
- Defined in:
- lib/markdown_server/helpers/path_helpers.rb
Instance Method Summary collapse
- #encode_path_component(str) ⇒ Object
- #h(text) ⇒ Object
- #root_dir ⇒ Object
- #safe_path(requested) ⇒ Object
Instance Method Details
#encode_path_component(str) ⇒ Object
12 13 14 |
# File 'lib/markdown_server/helpers/path_helpers.rb', line 12 def encode_path_component(str) URI.encode_www_form_component(str).gsub("+", "%20") end |
#h(text) ⇒ Object
8 9 10 |
# File 'lib/markdown_server/helpers/path_helpers.rb', line 8 def h(text) CGI.escapeHTML(text.to_s) end |
#root_dir ⇒ Object
4 5 6 |
# File 'lib/markdown_server/helpers/path_helpers.rb', line 4 def root_dir settings.root_dir end |
#safe_path(requested) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/markdown_server/helpers/path_helpers.rb', line 16 def safe_path(requested) base = File.realpath(root_dir) full = File.join(base, requested) begin real = File.realpath(full) rescue Errno::ENOENT halt 404, erb(:layout) { "<h1>Not Found</h1><p>#{h(requested)}</p>" } end unless real.start_with?(base) halt 403, erb(:layout) { "<h1>Forbidden</h1>" } end relative = real.sub("#{base}/", "") first_segment = relative.split("/").first if EXCLUDED.include?(first_segment) || first_segment&.start_with?(".") halt 403, erb(:layout) { "<h1>Forbidden</h1>" } end real end |