Misc #14216
closedUpdated by normalperson (Eric Wong) about 7 years ago
normalperson@yhbt.net wrote:
I don't think there's actual bugs in webrick because of Kernel#open.
The following series tightens down wrong/nonsensical behavior,
and makes future code auditing easier by favoring File.open
instead of Kernel#open.
The only remaining instance of Kernel#open in webrick is in
load_mime_types of webrick/httputils; where I think "|command"
can be beneficial (if the command is used at all).
https://80x24.org/spew/20171221115507.27500-2-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-3-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-4-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-5-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-6-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-7-e@80x24.org/raw
Updated by Anonymous about 7 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r61397.
webrick: httpauth requires regular files
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
- lib/webrick/httpauth/htdigest.rb: use File.open
- lib/webrick/httpauth/htgroup.rb: ditto
- lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]