[ruby-cvs:70081] usa:r62987 (ruby_2_3): merge revision(s) 62968:
usa at ruby-lang.org
usa at ruby-lang.org
Wed Mar 28 18:33:21 JST 2018
usa 2018-03-28 18:33:21 +0900 (Wed, 28 Mar 2018)
New Revision: 62987
https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62987
Log:
merge revision(s) 62968:
webrick: prevent response splitting and header injection
Original patch by tenderlove (with minor style adjustments).
* lib/webrick/httpresponse.rb (send_header): call check_header
(check_header): raise on embedded CRLF in header value
* test/webrick/test_httpresponse.rb
(test_prevent_response_splitting_headers): new test
* (test_prevent_response_splitting_cookie_headers): ditto
Modified directories:
branches/ruby_2_3/
Modified files:
branches/ruby_2_3/ChangeLog
branches/ruby_2_3/lib/webrick/httpresponse.rb
branches/ruby_2_3/test/webrick/test_httpresponse.rb
branches/ruby_2_3/version.h
More information about the ruby-cvs
mailing list