Merge branch 'release/2.3.10'

CHANGELOG.markdown

@@ -1,3 +1,11 @@
+## v2.3.10
+
+ * [Fix #145][i145], [#148][i148] — work around rack-protection's misguided path decoding.
+
+[i145]: https://github.com/bobthecow/genghis/issues/145
+[i148]: https://github.com/bobthecow/genghis/issues/148
+
+
 ## v2.3.9
 
  * [Fix #135][i135] — error when entering a `new Date()` value in a document.

VERSION

@@ -1 +1 @@
-2.3.9
+2.3.10

spec/requests/api_spec.rb

@@ -462,19 +462,16 @@
 
         describe 'GET /servers/:server/databases/:db/collections/:coll' do
           before :all do
-            # TODO: fix path chunks with encoded slashes in them
-            # so this test can work under rack-protect v1.5.1+
-            # @db.create_collection 'foo bar.baz/qux\\quux…'
-            @db.create_collection 'foo bar.baz:qux\\quux…'
+            @db.create_collection 'foo bar.baz/qux\\quux…'
           end
 
           it 'returns collection info' do
-            res = @api.get '/servers/localhost/databases/__genghis_spec_test__/collections/foo%20bar.baz:qux%5Cquux%E2%80%A6'
+            res = @api.get '/servers/localhost/databases/__genghis_spec_test__/collections/foo%20bar.baz%2Fqux%5Cquux%E2%80%A6'
 
             res.status.should eq 200
             res.body.should match_json_expression \
-              id:      'foo bar.baz:qux\\quux…',
-              name:    'foo bar.baz:qux\\quux…',
+              id:      'foo bar.baz/qux\\quux…',
+              name:    'foo bar.baz/qux\\quux…',
               count:   0,
               indexes: Array,
               stats:   Hash

src/rb/genghis/server.rb

@@ -10,6 +10,9 @@ class Server < Sinatra::Base
     # default to 'production' because yeah
     set :environment, :production
 
+    # work around path param slash encoding issues.
+    set :protection, :except => :path_traversal
+
     enable :inline_templates
 
     helpers Sinatra::Streaming