Security: ensure that the file system cache is not world-writable
This commit is contained in:
parent
4ae46b32d8
commit
46a456b3ad
1 changed files with 1 additions and 0 deletions
|
@ -472,6 +472,7 @@ module ActionController #:nodoc:
|
|||
end
|
||||
|
||||
def write(name, value, options = nil) #:nodoc:
|
||||
File.umask(0006)
|
||||
ensure_cache_path(File.dirname(real_file_path(name)))
|
||||
File.open(real_file_path(name), "wb+") { |f| f.write(value) }
|
||||
rescue => e
|
||||
|
|
Loading…
Reference in a new issue