Ruby/Sinatra send_file not working
I get it to work fine in chrome if I remove the initial slash in filename so it's "filename instead of "/filename. The 404 comes from a file not found error in send_file
# foo.rbrequire 'sinatra'get '/update/dl/:upd' do filename ="uploads/#{params[:upd]}" # just send the file if it's an accepted file if filename =~ /^[a-zA-Z0-9]*.cer$/ send_file(filename, :filename => "t.cer", :type => "application/octet-stream") endend
However, there's really a big security hole in this, a user can download anything that the sinatra process has access too, I named my sinatra app foo.rb and this request downloads the sinatra script:
http://localhost:4567/update/dl/..%2Ffoo.rb