[ruby-cvs:70096] nagachika:r63002 (ruby_2_4): merge revision(s) 62968:

nagachika at ruby-lang.org nagachika at ruby-lang.org
Wed Mar 28 20:49:00 JST 2018


nagachika	2018-03-28 20:49:00 +0900 (Wed, 28 Mar 2018)

  New Revision: 63002

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=63002

  Log:
    merge revision(s) 62968:
    
    webrick: prevent response splitting and header injection
    
    Original patch by tenderlove (with minor style adjustments).
    
    * lib/webrick/httpresponse.rb (send_header): call check_header
      (check_header): raise on embedded CRLF in header value
    * test/webrick/test_httpresponse.rb
      (test_prevent_response_splitting_headers): new test
    * (test_prevent_response_splitting_cookie_headers): ditto

  Modified directories:
    branches/ruby_2_4/
  Modified files:
    branches/ruby_2_4/lib/webrick/httpresponse.rb
    branches/ruby_2_4/test/webrick/test_httpresponse.rb
    branches/ruby_2_4/version.h


More information about the ruby-cvs mailing list