diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-17 14:55:06 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-17 14:55:06 +0000 |
commit | cc24eb85189fe811f4cdd01b5ba070461d5c376a (patch) | |
tree | f9f584f2fdee93f39c2aa9f0999be3f5de753b90 | |
parent | 6fca2beac718e5168dd7c6cebf2a29f94a30c4b0 (diff) |
* lib/cgi.rb (CGI::Cookie): should handle multiple values for a
cookie name. [ruby-talk:156140]
* string.c (rb_str_substr): should propagate taintness even for
empty strings. [ruby-dev:27121]
* string.c (rb_str_aref): should infect result if range argument
is tainted. [ruby-dev:27121]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | io.c | 2 | ||||
-rw-r--r-- | lib/cgi.rb | 7 | ||||
-rw-r--r-- | string.c | 13 |
4 files changed, 27 insertions, 8 deletions
@@ -1,3 +1,8 @@ +Sat Sep 17 23:20:27 2005 Yukihiro Matsumoto <matz@ruby-lang.org> + + * lib/cgi.rb (CGI::Cookie): should handle multiple values for a + cookie name. [ruby-talk:156140] + Sat Sep 17 10:42:13 2005 Hidetoshi NAGAI <nagai@ai.kyutech.ac.jp> * ext/tk/lib/multi-tk.rb: MultiTkIp#eval_string and bg_eval_string @@ -5,6 +10,14 @@ Sat Sep 17 10:42:13 2005 Hidetoshi NAGAI <nagai@ai.kyutech.ac.jp> safe-level (Of course, the given script should be evaluated on slave's safe-level). +Sat Sep 17 09:45:26 2005 Yukihiro Matsumoto <matz@ruby-lang.org> + + * string.c (rb_str_substr): should propagate taintness even for + empty strings. [ruby-dev:27121] + + * string.c (rb_str_aref): should infect result if range argument + is tainted. [ruby-dev:27121] + Sat Sep 17 08:35:39 2005 Kouhei Sutou <kou@cozmixng.org> * lib/rss/maker/base.rb (RSS::Maker::ItemsBase#normalize): fixed @@ -32,7 +32,7 @@ # define NO_LONG_FNAME #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(sun) || defined(_nec_ews) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) || defined(sun) || defined(_nec_ews) # define USE_SETVBUF #endif diff --git a/lib/cgi.rb b/lib/cgi.rb index 7c84f64640..b18a03524c 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -870,15 +870,16 @@ class CGI cookies = Hash.new([]) return cookies unless raw_cookie - raw_cookie.split(/; /).each do |pairs| + raw_cookie.split(/[;,] /).each do |pairs| name, values = pairs.split('=',2) next unless name and values name = CGI::unescape(name) values ||= "" values = values.split('&').collect{|v| CGI::unescape(v) } - unless cookies.has_key?(name) - cookies[name] = Cookie::new({ "name" => name, "value" => values }) + if cookies.has_key?(name) + values = cookies[name].value + values end + cookies[name] = Cookie::new({ "name" => name, "value" => values }) end cookies @@ -605,9 +605,10 @@ rb_str_substr(str, beg, len) if (len < 0) { len = 0; } - if (len == 0) return rb_str_new5(str,0,0); - - if (len > sizeof(struct RString)/2 && + if (len == 0) { + str2 = rb_str_new5(str,0,0); + } + else if (len > sizeof(struct RString)/2 && beg + len == RSTRING(str)->len && !FL_TEST(str, STR_ASSOC)) { str2 = rb_str_new3(rb_str_new4(str)); RSTRING(str2)->ptr += RSTRING(str2)->len - len; @@ -1539,13 +1540,17 @@ rb_str_aref(str, indx) /* check if indx is Range */ { long beg, len; + VALUE tmp; + switch (rb_range_beg_len(indx, &beg, &len, RSTRING(str)->len, 0)) { case Qfalse: break; case Qnil: return Qnil; default: - return rb_str_substr(str, beg, len); + tmp = rb_str_substr(str, beg, len); + OBJ_INFECT(tmp, indx); + return tmp; } } idx = NUM2LONG(indx); |