Security Advisories (3)

CPANSA-Plack-2015-0202 (2015-02-02)

Fixed a possible directory traversal with Plack::App::File on Win32.

CPANSA-Plack-2014-0801 (2014-08-01)

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files

https://github.com/plack/Plack/pull/446

CPANSA-Plack-2013-0131 (2013-01-31)

Fixed directory traversal bug in Plack::App::File on win32 environments

NAME

Plack::Middleware::LighttpdScriptNameFix - fixes wrong SCRIPT_NAME and PATH_INFO that lighttpd sets

SYNOPSIS

# in your app.psgi
use Plack::Builder;

builder {
  enable "LighttpdScriptNameFix";
  $app;
};

# Or from the command line
plackup -s FCGI -e 'enable "LighttpdScriptNameFix"' /path/to/app.psgi

DESCRIPTION

This middleware fixes wrong SCRIPT_NAME and PATH_INFO set by lighttpd when you mount your app under the root path ("/"). If you use lighttpd 1.4.23 or later you can instead enable fix-root-scriptname flag inside fastcgi.server instead of using this middleware.

AUTHORS

tadam

Tatsuhiko Miyagawa

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

AUTHORS

SEE ALSO

Module Install Instructions

Keyboard Shortcuts