Unable to use mongolab strings and cannot delete

bobthecow / genghis

The single-file MongoDB admin app

http://genghisapp.com

MIT License

1.45k stars 166 forks source link

Unable to use mongolab strings and cannot delete #148

Closed cyberwombat closed 10 years ago

cyberwombat commented 10 years ago

I wanted to manage a MongoLab db so I added the server string which looks like this:

 nodejitsu_user:7asdbaeras8dqw4bqwads@8ashs9668-a0.mongolab.com:59668/mydb

But then I do that and then click on it I get a 404 server not found. I also cannot delete it - I click delete and confirm and disappears until I reload the page.

Using ruby version 2.3.8

bobthecow commented 10 years ago

I might have just figured this issue out. Do you have rack-protection gem v1.5.1 installed? If so, do you mind removing it, installing v1.5.0, and trying that?

gem uninstall rack-protection -a
gem install rack-protection -v 1.5.0

cyberwombat commented 10 years ago

That did the trick

bobthecow commented 10 years ago

If you're curious, the problem is that rack-protection mistakenly thinks the appropriate way to prevent directory traversal is to decode every encoded slash in the path :-/

I'll get a release out momentarily with a workaround.

cyberwombat commented 10 years ago

Ah - cool - well no huge hurry for me as the only thing I use ruby for is this app :)

bobthecow commented 10 years ago

And released!