@@ -14,24 +14,18 @@ def initialize(app, public_dir=FileUtils.pwd, php_exe='php-cgi', htaccess_enable
1414 @htaccess_enabled = htaccess_enabled
1515 end
1616
17- # Override so that calls to the directory go to index.php
18- def call ( env )
19- path = env [ 'PATH_INFO' ]
20- path = "/" if path == ""
21- path = ::File . join path , 'index.php' if
22- path =~ /\/ $/ || ::File . directory? ( full_path ( path ) )
23- env [ 'PATH_INFO' ] = path
24-
25- super env
26- end
27-
2817 # Override to check for php extension. Still checks if
2918 # file is in public path and it is a file like superclass.
3019 def valid? ( path )
31- fp = full_path path
32- return false unless fp =~ /\. php/ # Must have php extension somewhere
33- sp = path_parts ( fp ) [ 0 ]
34- sp . start_with? ( ::File . expand_path @public_dir ) && ::File . file? ( sp )
20+ sp = path_parts ( full_path path ) [ 0 ]
21+
22+ # Must have a php extension or be a directory
23+ return false unless
24+ ( ::File . file? ( sp ) && sp =~ /\. php$/ ) ||
25+ ::File . directory? ( sp )
26+
27+ # Must be in public directory for security
28+ sp . start_with? ::File . expand_path ( @public_dir )
3529 end
3630
3731 # Monkeys with the arguments so that it actually runs PHP's cgi
@@ -43,6 +37,7 @@ def run(env, path)
4337 config . collect! { |kv | [ '-d' , kv ] }
4438
4539 script , info = *path_parts ( path )
40+ script = ::File . join script , 'index.php' if ::File . directory? script
4641 env [ 'SCRIPT_FILENAME' ] = script
4742 env [ 'SCRIPT_NAME' ] = strip_public script
4843 env [ 'PATH_INFO' ] = info
@@ -62,6 +57,7 @@ def strip_public(path)
6257 # path_info part. Returns an array. The first element is the
6358 # script. The second element is the path info.
6459 def path_parts ( path )
60+ return [ path , nil ] unless path =~ /.php/
6561 script , info = *path . split ( '.php' , 2 )
6662 script += '.php'
6763 [ script , info ]
0 commit comments