Comments (6)
ppeble
commented on July 24, 2024
Thanks for reporting this! I completely see what you are saying.
I am in the middle of rethinking much of this codebase. In the meantime, what do we think of simply running a File.basename(prefix) for the target region? This way in the case of ../../../../../../../../../../../../tmp/profile_pic.jpg it would resolve to profile_pic.jpg, which would fail since it would not be a valid region in the 'holidays' directory. Thoughts?
from holidays.
Intrepidd
commented on July 24, 2024
That's damage control, it's better of course but not optimal, you decide if that's enough for you for a quick fix :)
For the rethinking though, allowed custom regions should be added to an array or something to completely remove loading of code like this.
from holidays.
ppeble
commented on July 24, 2024
It's been forever for this but I think I'm going to do this damage control while I perform a rewrite on another branch. I can't wait until the rewrite is complete before fixing it. 😞
from holidays.
johnnyshields
commented on July 24, 2024
@ptrimble I think your proposed solution of File.basename is adequate.
from holidays.
ppeble
commented on July 24, 2024
I know it's ridiculously, embarrassingly late but with the refactor I can now more easily perform region validation. I have added the fix to my branch, which I plan on merging to a release candidate branch (or something like that) in the near future with the goal of merging my current work into master.
Here is the commit in question: ppeble@af5d103
from holidays.
ppeble
commented on July 24, 2024
This has been merged.
from holidays.
Related Issues (20)
- Release a new version to allow this gem to be used with Ruby 3.0 HOT 4
- Get a list of all holidays possible for a given region
- Manage Belgium parent region HOT 1
- I have an issue with columbus day HOT 1
- Version Bump Request HOT 4
- Korea's new year get next year's new year
- Islamic holidays
- Día de los Muertos is not listed
- How to prevent stacked observed holidays HOT 1
- GB Substitute Days over Christmas and New Year HOT 1
- Liberation Day, Region NL
- Queen Elizabeth II passing Bank Holiday HOT 10
- Loading custom holidays clears all the provided definitions? HOT 1
- Strange behavoir with end_of_month HOT 2
- Feast of San Giusto for Trieste, Italy should be on 3rd November
- Shouldn't July 3, 2026 be "Independence Day (observed)" in the US? HOT 2
- Project updates HOT 10
- Hanukkah does not appear in list of holidays HOT 1
- Black Awareness Day is not listed for Brazil HOT 1
- Carnival 2024 Missing from Brazil Holidays Listing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from holidays.