Forum: Ruby while gsub!

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ryan M. (Guest)
on 2007-07-19 04:15
(Received via mailing list)
Is there a *better* way to perform multiple substitutions to a string
than this?

string = '/../../....//........////../../etc/passwd'

while string.gsub!(/\.\.\//,'')
end

it's working as is, but seems odd to me to have an empty loop.. I'm
just playing with the TCPServer class..


#!/usr/bin/ruby
require 'socket'

port   = 80
listen = '0.0.0.0'
header = "HTTP/1.1 200/OK\r\nContent-type: text/html\r\n\r\n"

httpd = TCPServer.new(listen, port)
while session = httpd.accept
  request = session.gets
  address = session.addr[3]
  puts "#{address} #{request}"
  askfile = request.scan(/GET (.*) HTTP/).to_s
  while askfile.gsub!(/\.\.\//,'')
  end
  reqfile = '/var/www' + askfile
  reqfile += 'index.html' if reqfile == '/var/www/'
  if File.exists?(reqfile)
    file = File.new(reqfile, 'r')
    output = file.readlines
    file.close
  else
    output  = '<html><head><title>Not Found</title></head><body>'
    output += "<h2>Unfortunately, \"#{askfile}\" does not exist on
this server..</h2>"
    output += '<p>perhaps you need more fortune:</p>'
    output += "<hr /><p>#{`/usr/games/fortune`}</p><hr />"
    output += '</body></html>'
  end
  session.print header
  session.print output
  session.close
end
Marcel Molina Jr. (Guest)
on 2007-07-19 04:18
(Received via mailing list)
On Thu, Jul 19, 2007 at 09:14:59AM +0900, removed_email_address@domain.invalid 
wrote:
> Is there a *better* way to perform multiple substitutions to a string
> than this?
>
> string = '/../../....//........////../../etc/passwd'
>
> while string.gsub!(/\.\.\//,'')
> end

irb(main):001:>> string = '/../../....//........////../../etc/passwd'
=> "/../../....//........////../../etc/passwd"
irb(main):002:0> File.expand_path(string)
=> "/etc/passwd"

marcel
Ryan M. (Guest)
on 2007-07-19 20:42
(Received via mailing list)
On Jul 18, 5:18 pm, "Marcel Molina Jr." <removed_email_address@domain.invalid> 
wrote:
> => "/../../....//........////../../etc/passwd"
> irb(main):002:0> File.expand_path(string)
> => "/etc/passwd"
>
> marcel
> --
> Marcel Molina Jr. <removed_email_address@domain.invalid>

that's great! thank you
This topic is locked and can not be replied to.