Ruby/Sinatra send_file not working Ruby/Sinatra send_file not working google-chrome google-chrome

Ruby/Sinatra send_file not working


ruby google-chrome safari sinatra sendfile

I get it to work fine in chrome if I remove the initial slash in filename so it's "filename instead of "/filename. The 404 comes from a file not found error in send_file

# foo.rbrequire 'sinatra'get '/update/dl/:upd' do    filename ="uploads/#{params[:upd]}"    # just send the file if it's an accepted file    if filename =~ /^[a-zA-Z0-9]*.cer$/      send_file(filename, :filename => "t.cer", :type => "application/octet-stream")    endend

However, there's really a big security hole in this, a user can download anything that the sinatra process has access too, I named my sinatra app foo.rb and this request downloads the sinatra script:

 http://localhost:4567/update/dl/..%2Ffoo.rb

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last