class Rack::Protection::PathTraversal

Thus GET /foo/%2e%2e%2fbar becomes GET /bar.
Unescapes ‘/’ and ‘.’, expands path_info.
More infos
en.wikipedia.org/wiki/Directory_traversal<br>Supported browsers
all
Prevented attack

Directory traversal
#

def call(env) 

def call(env)
  path_was         = env["PATH_INFO"]
  env["PATH_INFO"] = cleanup path_was
  app.call env
ensure
  env["PATH_INFO"] = path_was
end

def cleanup(path) 

def cleanup(path)
  return cleanup("/" << path)[1..-1] unless path[0] == ?/
  escaped = ::File.expand_path path.gsub('%2e', '.').gsub('%2f', '/')
  escaped << '/' if escaped[-1] != ?/ and path =~ /\/\.{0,2}$/
  escaped.gsub /\/\/+/, '/'
end