In current implementation, PathTraversal#cleanup method changes encoding of env['PATH_INFO'] to US-ASCII (script default encoding) from ASCII-8BIT on Ruby 1.9.x. (Ruby 2.0+ is safe)
Because US-ASCII is not 8bit clean, that behavior breaks some modules (such as http_router ) when we access URLs with non-latin characters.
So I wrote the patch encoding in Ruby 1.9+ aware.
Also dayflower@7875ec5 commit is attached to this pull-request, in which escape chars in captals (eg. %2E) avoidance is fixed.
In current implementation, PathTraversal#cleanup method changes encoding of
env['PATH_INFO']
toUS-ASCII
(script default encoding) fromASCII-8BIT
on Ruby 1.9.x. (Ruby 2.0+ is safe) BecauseUS-ASCII
is not 8bit clean, that behavior breaks some modules (such as http_router ) when we access URLs with non-latin characters.So I wrote the patch encoding in Ruby 1.9+ aware.
Also dayflower@7875ec5 commit is attached to this pull-request, in which escape chars in captals (eg.
%2E
) avoidance is fixed.