afeld
commented
10 years ago Sorry, build is failing due to https://github.com/afeld/magickly/issues/31.
Closed jakemauer closed 10 years ago
afeld
commented
10 years ago Sorry, build is failing due to https://github.com/afeld/magickly/issues/31.
The current version of Magickly uses Httparty 0.8.3 which is vulnerable to this CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1802
I've updated it to use 0.13.0 but that introduced an error in spec/requests/magickly_app_spec.rb:114 where the get would request "src/http%3A%2F%2Fwww.foo.com%2Fimagemagick.png/resize/100x" but app.rb would receive "src/http%3A/www.foo.com/imagemagick.png/resize/100x".
Adding
set :protection, :except => :path_traversalfixes this issue. The solution came from here: https://github.com/sinatra/sinatra/issues/808Let me know if I need to do anything else. Thank you for your work on this gem!