Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/ruby/22.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ruby 获取Sinatra处理程序中的实际编码url,splat已断开_Ruby_Sinatra_Rack_Urlencode - Fatal编程技术网
Fatal编程技术网
  • ruby/
  • Ruby 获取Sinatra处理程序中的实际编码url,splat已断开

Ruby 获取Sinatra处理程序中的实际编码url,splat已断开

ruby

Ruby 获取Sinatra处理程序中的实际编码url,splat已断开,ruby,sinatra,rack,urlencode,Ruby,Sinatra,Rack,Urlencode,如何获取传递给Sinatra中处理程序的实际编码URL 我有一个类似的url-注意,后面有一个编码的双斜杠 http://someplace.com/thing/blah/%2F%2Fxxx.png get '/thing/*/*' do begin # would like this to work but it does not. Sinatra 1.4.4, ruby 2.0.0 first = CGI.unescape(params[:splat

如何获取传递给Sinatra中处理程序的实际编码URL

我有一个类似的url-注意,后面有一个编码的双斜杠

  http://someplace.com/thing/blah/%2F%2Fxxx.png

  get '/thing/*/*' do
    begin
      # would like this to work but it does not. Sinatra 1.4.4, ruby 2.0.0
      first = CGI.unescape(params[:splat][0])
      path = CGI.unescape(params[:splat][1])
      # path does NOT have a double // (%2F%2F), 
      # it has all of them ripped off by some rack code, I think

      # TRY get actual URL and parse by myself...
      the_url = request.url # this is already urldecoded and is missing the double //
      the_query_path = request.env["rack.request.query_string"]; # blank for me?
谢谢

好吧,我知道,那份报告是6个月前我写的。正如您所见,他们在splat上添加了保护,以阻止攻击者攻击您的文件系统

在应用程序配置部分:

    set :protection, :except => :path_traversal
现在你失去了保护。。。在我的例子中,路径与ruby服务器不在同一台机器上

知道如何获取服务器被击中的实际url仍然很方便,可能是机架环境的问题