diff options
| author | E. Westbrook <github@westbrook.io> | 2018-08-21 09:07:42 -0600 |
|---|---|---|
| committer | E. Westbrook <github@westbrook.io> | 2018-08-21 09:07:42 -0600 |
| commit | c570a32c219c957fd405ed018f2500f06952c043 (patch) | |
| tree | 0b477575f2a63946a49f04296c91e246da7d2ec9 /src | |
| parent | c905b5d44f8cdfbc8110a9a7d1d62c08b5703ae3 (diff) | |
| download | luasocket-c570a32c219c957fd405ed018f2500f06952c043.tar.gz luasocket-c570a32c219c957fd405ed018f2500f06952c043.tar.bz2 luasocket-c570a32c219c957fd405ed018f2500f06952c043.zip | |
url.lua:remove_dot_components(): limit beginning-of-string double-dot corner case to prevent triple-dot activation and authority collision
Diffstat (limited to 'src')
| -rw-r--r-- | src/url.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/url.lua b/src/url.lua index a354ab5..0d88adb 100644 --- a/src/url.lua +++ b/src/url.lua | |||
| @@ -94,7 +94,7 @@ local function remove_dot_components(path) | |||
| 94 | path = path:gsub('[^/]+/%.%./*$', '') | 94 | path = path:gsub('[^/]+/%.%./*$', '') |
| 95 | path = path:gsub('/%.%.$', '/') | 95 | path = path:gsub('/%.%.$', '/') |
| 96 | path = path:gsub('/%.$', '/') | 96 | path = path:gsub('/%.$', '/') |
| 97 | path = path:gsub('^/%.%.', '') | 97 | path = path:gsub('^/%.%./', '/') |
| 98 | return path | 98 | return path |
| 99 | end | 99 | end |
| 100 | 100 | ||