git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31759 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
akr 2011-05-27 23:45:12 +00:00
Родитель 9efb5a9d6a
Коммит aede5b3911
1 изменённых файлов: 1 добавлений и 1 удалений

Просмотреть файл

@ -234,7 +234,7 @@ module OpenURI
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521
# https to http redirect is also forbidden intentionally.
# It avoids sending secure cookie or referer by non-secure HTTP protocol.
# (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)