mathjax-rails was giveOutStaticFile checked for security vs downloading arbitrary files?

was giveOutStaticFile checked for security vs downloading arbitrary files?

Open nruth opened this issue 10 years ago • 1 comments

in the rails api entry for send_file:

Be careful to sanitize the path parameter if it is coming from a web page. send_file(params[:path]) allows a malicious user to download any file on your server.

Oct 12 '14 20:10 nruth

No, it is not. After checking it out I came across the problem: Issue: https://github.com/pmq20/mathjax-rails/issues/26 (I've fixed it in a PR: https://github.com/pmq20/mathjax-rails/pull/25)

Jun 27 '17 19:06 olivervbk

mathjax-rails mathjax-rails copied to clipboard

was giveOutStaticFile checked for security vs downloading arbitrary files?

mathjax-rails
mathjax-rails copied to clipboard