Displaying 2 results from an estimated 2 matches for "extended_root".
Did you mean:
extended_ret
2006 Aug 10
5
Major security vulnerability in the latest Rails 1.1.5
...==================================================
--- actionpack/lib/action_controller/routing.rb (revision 4745)
+++ actionpack/lib/action_controller/routing.rb (working copy)
@@ -270,10 +270,11 @@
protected
def safe_load_paths #:nodoc:
if defined?(RAILS_ROOT)
+ extended_root = Regexp.escape(File.expand_path(RAILS_ROOT))
$LOAD_PATH.select do |base|
base = File.expand_path(base)
extended_root = File.expand_path(RAILS_ROOT)
- base.match(/\A#{Regexp.escape(extended_root)}\/*#{file_kinds(:lib)
* ''|''}/) |...
2006 Aug 10
28
On the total nondisclosure of the 8/9/06 security vulnerability
Dear Rails team,
The handling of the recent vulnerability in Rails has proven somewhat
problematic for us. We have recently adopted Rails as our web platform
of choice; previously, we used J2EE. We love Rails. We hate J2EE. We
don''t want to go back. It took a lot of effort and convincing to get the
management teams of our various projects to sign off on the use of
Rails. The