[ruby-cvs:70115] usa:r63022 (ruby_2_2): merge revision(s) 62968:

usa at ruby-lang.org usa at ruby-lang.org
Wed Mar 28 23:50:27 JST 2018


usa	2018-03-28 23:50:27 +0900 (Wed, 28 Mar 2018)

  New Revision: 63022

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=63022

  Log:
    merge revision(s) 62968:
    
    webrick: prevent response splitting and header injection
    
    Original patch by tenderlove (with minor style adjustments).
    
    * lib/webrick/httpresponse.rb (send_header): call check_header
      (check_header): raise on embedded CRLF in header value
    * test/webrick/test_httpresponse.rb
      (test_prevent_response_splitting_headers): new test
    * (test_prevent_response_splitting_cookie_headers): ditto

  Modified directories:
    branches/ruby_2_2/
  Modified files:
    branches/ruby_2_2/ChangeLog
    branches/ruby_2_2/lib/webrick/httpresponse.rb
    branches/ruby_2_2/test/webrick/test_httpresponse.rb
    branches/ruby_2_2/version.h


More information about the ruby-cvs mailing list