So it is possible to inject URLs like:
/mathjax/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../etc/passwd
or on heroku apps:
/mathjax/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../apps/Gemfile
Please consider that params[:uri] and params[:ext] could be subject to path traversal since both are included in the 'filename' variable.
If there is anything I can help you with, please feel free to ask.
I've noticed that the function 'def giveOutStaticFile' does not properly sanitize the 'uri' variable:
So it is possible to inject URLs like:
/mathjax/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../etc/passwd
or on heroku apps:/mathjax/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../apps/Gemfile
Please consider that params[:uri] and params[:ext] could be subject to path traversal since both are included in the 'filename' variable.
If there is anything I can help you with, please feel free to ask.