зеркало из https://github.com/github/ruby.git
* lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
* lib/webrick/cookie.rb (parse): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
Родитель
f0137ba8cd
Коммит
5f33c6b0f5
|
@ -1,3 +1,9 @@
|
|||
Tue Sep 27 12:07:17 2016 NARUSE, Yui <naruse@ruby-lang.org>
|
||||
|
||||
* lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
|
||||
|
||||
* lib/webrick/cookie.rb (parse): ditto.
|
||||
|
||||
Mon Sep 26 21:37:21 2016 Akinori MUSHA <knu@iDaemons.org>
|
||||
|
||||
* man/erb.1, man/irb.1, man/ri.1, man/ruby.1: Remove Ns before
|
||||
|
|
8
NEWS
8
NEWS
|
@ -119,6 +119,10 @@ with all sufficient information, see the ChangeLog file or Redmine
|
|||
|
||||
=== Stdlib updates (outstanding ones only)
|
||||
|
||||
* CGI
|
||||
|
||||
* Don't allow , as a separator [Bug #12791]
|
||||
|
||||
* CSV
|
||||
|
||||
* Add a liberal_parsing option. [Feature #11839]
|
||||
|
@ -139,6 +143,10 @@ with all sufficient information, see the ChangeLog file or Redmine
|
|||
|
||||
* Add an into option. [Feature #11191]
|
||||
|
||||
* WEBrick
|
||||
|
||||
* Don't allow , as a separator [Bug #12791]
|
||||
|
||||
=== Compatibility issues (excluding feature bug fixes)
|
||||
|
||||
* Array#sum and Enumerable#sum are implemented. [Feature #12217]
|
||||
|
|
|
@ -162,7 +162,7 @@ class CGI
|
|||
cookies = Hash.new([])
|
||||
return cookies unless raw_cookie
|
||||
|
||||
raw_cookie.split(/[;,]\s?/).each do |pairs|
|
||||
raw_cookie.split(/;\s?/).each do |pairs|
|
||||
name, values = pairs.split('=',2)
|
||||
next unless name and values
|
||||
name = CGI.unescape(name)
|
||||
|
|
|
@ -113,7 +113,7 @@ module WEBrick
|
|||
ret = []
|
||||
cookie = nil
|
||||
ver = 0
|
||||
str.split(/[;,]\s+/).each{|x|
|
||||
str.split(/;\s+/).each{|x|
|
||||
key, val = x.split(/=/,2)
|
||||
val = val ? HTTPUtils::dequote(val) : ""
|
||||
case key
|
||||
|
|
|
@ -88,9 +88,12 @@ class CGICookieTest < Test::Unit::TestCase
|
|||
assert_equal(name, cookie.name)
|
||||
assert_equal(value, cookie.value)
|
||||
end
|
||||
## ',' separator
|
||||
cookie_str = 'name1=val1&val2, name2=val2&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93,_session_id=12345'
|
||||
## don't allow ',' separator
|
||||
cookie_str = 'name1=val1&val2, name2=val2'
|
||||
cookies = CGI::Cookie.parse(cookie_str)
|
||||
list = [
|
||||
['name1', ['val1', 'val2, name2=val2']],
|
||||
]
|
||||
list.each do |name, value|
|
||||
cookie = cookies[name]
|
||||
assert_equal(name, cookie.name)
|
||||
|
|
|
@ -49,11 +49,20 @@ class TestWEBrickCookie < Test::Unit::TestCase
|
|||
|
||||
data = "hoge=moge; __div__session=9865ecfd514be7f7"
|
||||
cookies = WEBrick::Cookie.parse(data)
|
||||
assert_equal(2, cookies.size)
|
||||
assert_equal(0, cookies[0].version)
|
||||
assert_equal("hoge", cookies[0].name)
|
||||
assert_equal("moge", cookies[0].value)
|
||||
assert_equal("__div__session", cookies[1].name)
|
||||
assert_equal("9865ecfd514be7f7", cookies[1].value)
|
||||
|
||||
# don't allow ,-separator
|
||||
data = "hoge=moge, __div__session=9865ecfd514be7f7"
|
||||
cookies = WEBrick::Cookie.parse(data)
|
||||
assert_equal(1, cookies.size)
|
||||
assert_equal(0, cookies[0].version)
|
||||
assert_equal("hoge", cookies[0].name)
|
||||
assert_equal("moge, __div__session=9865ecfd514be7f7", cookies[0].value)
|
||||
end
|
||||
|
||||
def test_parse_no_whitespace
|
||||
|
|
Загрузка…
Ссылка в новой задаче