Failed to start send_file in Ruby / Sinatra

Question

Failed to start send_file in Ruby / Sinatra

I use send_file in a Sinatra application:

 get '/update/dl/:upd' do filename ="/uploads/#{params[:upd]}" send_file(filename, :filename => "t.cer", :type => "application/octet-stream") end

The folder /uploads/ not public, it is located in the application directory. When I try to go to localhost:4567/update/dl/some_file in Chrome, it returns me 404, like in Firefox, when viewing the headers - 404. But if I try with Safari, it will download the file. So I think that something is wrong with my code (and Safari, but Apple left it: P). What could be wrong? Thanks!

+4

ruby google-chrome safari sinatra sendfile

pmerino Dec 28 '11 at 18:37

source share

1 answer

sunkencity · Accepted Answer · 2011-12-28T20:04:21+0000

I get it working fine in chrome if I remove the leading slash in the file name so that it is "filename instead of" / filename. 404 comes from a file not found in send_file

 # foo.rb require 'sinatra' get '/update/dl/:upd' do filename ="uploads/#{params[:upd]}" # just send the file if it an accepted file if filename =~ /^[a-zA-Z0-9]*.cer$/ send_file(filename, :filename => "t.cer", :type => "application/octet-stream") end end

However, this is really a big security hole, the user can download everything that has access to the sinatra process, I named my application synatra foo.rb, and this request loads the sinatra script:

  http://localhost:4567/update/dl/..%2Ffoo.rb

Failed to start send_file in Ruby / Sinatra

More articles: