webrick: audit and fix Kernel#open misuse
Updated by normalperson (Eric Wong) about 4 years ago
I don't think there's actual bugs in webrick because of Kernel#open.
The following series tightens down wrong/nonsensical behavior,
and makes future code auditing easier by favoring File.open
instead of Kernel#open.
The only remaining instance of Kernel#open in webrick is in
load_mime_types of webrick/httputils; where I think "|command"
can be beneficial (if the command is used at all).
Updated by Anonymous about 4 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r61397.
webrick: httpauth requires regular files
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
- lib/webrick/httpauth/htdigest.rb: use File.open
- lib/webrick/httpauth/htgroup.rb: ditto
- lib/webrick/httpauth/htpasswd.rb: ditto [Misc #14216]