Tom Andersen
Reputation: 7200
Get actual encoded url in Sinatra handler, splat broken
How do I get the actual encoded URL that was passed to my handler in Sinatra?
I have a url like - note there is / followed by a double slash that's encoded..
http://someplace.com/thing/blah/%2F%2Fxxx.png
get '/thing/*/*' do
begin
# would like this to work but it does not. Sinatra 1.4.4, ruby 2.0.0
first = CGI.unescape(params[:splat][0])
path = CGI.unescape(params[:splat][1])
# path does NOT have a double // (%2F%2F),
# it has all of them ripped off by some rack code, I think
# TRY get actual URL and parse by myself...
the_url = request.url # this is already urldecoded and is missing the double //
the_query_path = request.env["rack.request.query_string"]; # blank for me?
Thanks
Upvotes: 0
Views: 717
Answers (1)
Tom Andersen
Reputation: 7200
https://github.com/sinatra/sinatra/issues/808
Ok - I know - that report was from me 6 months ago. As you can see they added protection on splats to stop attackers from getting at your file system.
in the app config section:
set :protection, :except => :path_traversal
Now you lose that protection... In my case the paths are not on the same machine as the ruby server.
It would still be handy to know how to get the actual url that the server was hit with, likely some rack environment thing.
Upvotes: 1
Related Questions
- How to have url not encoded in rails
- URI encode not encoding URLs (turning latter parts of https:// into encoded characters)
- Ruby - URL encoding
- Ruby - how to encode URL without re-encoding already encoded characters
- An Encoded forward slash is being handled as if it was un-encoded - Sinatra
- Ruby 1.9.3 add unsafe characters to URI.escape
- Reading url parameters in ruby/sinatra drops special characters?
- URL Encoding in ruby
- Dealing with escaped characters in url
- Sinatra / Rack fails with non-ascii characters in url