[ruby-cvs:70081] usa:r62987 (ruby_2_3): merge revision(s) 62968:

usa at ruby-lang.org usa at ruby-lang.org
Wed Mar 28 18:33:21 JST 2018


usa	2018-03-28 18:33:21 +0900 (Wed, 28 Mar 2018)

  New Revision: 62987

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62987

  Log:
    merge revision(s) 62968:
    
    webrick: prevent response splitting and header injection
    
    Original patch by tenderlove (with minor style adjustments).
    
    * lib/webrick/httpresponse.rb (send_header): call check_header
      (check_header): raise on embedded CRLF in header value
    * test/webrick/test_httpresponse.rb
      (test_prevent_response_splitting_headers): new test
    * (test_prevent_response_splitting_cookie_headers): ditto

  Modified directories:
    branches/ruby_2_3/
  Modified files:
    branches/ruby_2_3/ChangeLog
    branches/ruby_2_3/lib/webrick/httpresponse.rb
    branches/ruby_2_3/test/webrick/test_httpresponse.rb
    branches/ruby_2_3/version.h


More information about the ruby-cvs mailing list