[macruby-changes] [5002] MacRuby/trunk/lib/webrick/accesslog.rb
source_changes at macosforge.org
source_changes at macosforge.org
Wed Dec 8 20:37:07 PST 2010
Revision: 5002
http://trac.macosforge.org/projects/ruby/changeset/5002
Author: watson1978 at gmail.com
Date: 2010-12-08 20:37:03 -0800 (Wed, 08 Dec 2010)
Log Message:
-----------
Webrick accesslog needs escape. Merged from CRuby 1.9 r26267 and r26281.
see https://github.com/ruby/ruby/commit/73cd7b6697849b563a0154907b8a61c43e4ba209, https://github.com/ruby/ruby/commit/6dcd551a4b74f82102f1ce0689b0ef9e12b03f9d
Revision Links:
--------------
http://trac.macosforge.org/projects/ruby/changeset/26267
http://trac.macosforge.org/projects/ruby/changeset/26281
Modified Paths:
--------------
MacRuby/trunk/lib/webrick/accesslog.rb
Modified: MacRuby/trunk/lib/webrick/accesslog.rb
===================================================================
--- MacRuby/trunk/lib/webrick/accesslog.rb 2010-12-09 03:26:05 UTC (rev 5001)
+++ MacRuby/trunk/lib/webrick/accesslog.rb 2010-12-09 04:37:03 UTC (rev 5002)
@@ -53,15 +53,23 @@
when ?e, ?i, ?n, ?o
raise AccessLogError,
"parameter is required for \"#{spec}\"" unless param
- params[spec][param] || "-"
+ (param = params[spec][param]) ? escape(param) : "-"
when ?t
params[spec].strftime(param || CLF_TIME_FORMAT)
when ?%
"%"
else
- params[spec]
+ escape(params[spec].to_s)
end
}
end
+
+ def escape(data)
+ if data.tainted?
+ data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
+ else
+ data
+ end
+ end
end
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20101208/a17f7ff1/attachment.html>
More information about the macruby-changes
mailing list