diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 04:54:58 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 04:54:58 +0000 |
commit | 2dee659be78ced6ba4996b2c3d53ad371912bbc9 (patch) | |
tree | d408d1e0dcd29d1f8af3704dc607353397101f98 | |
parent | 2d0062bcf5081fadbda999ffe45468782fda7fa2 (diff) |
merge revision(s) 61359: [Backport #14208]
raise error if value contains CR/LF in iniheader of initialize_http_header
like r59693, initialize_http_header also should raise error. [Bug #14208]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@62939 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | lib/net/http/header.rb | 12 | ||||
-rw-r--r-- | test/net/http/test_httpheader.rb | 15 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 24 insertions, 5 deletions
diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb index 50580658d0..fd81b44a74 100644 --- a/lib/net/http/header.rb +++ b/lib/net/http/header.rb @@ -15,7 +15,11 @@ module Net::HTTPHeader return unless initheader initheader.each do |key, value| warn "net/http: warning: duplicated HTTP header: #{key}" if key?(key) and $VERBOSE - @header[key.downcase] = [value.strip] + value = value.strip # raise error for invalid byte sequences + if value.count("\r\n") > 0 + raise ArgumentError, 'header field value cannot include CR/LF' + end + @header[key.downcase] = [value] end end @@ -71,9 +75,9 @@ module Net::HTTPHeader append_field_value(ary, val) @header[key.downcase] = ary else - val = val.to_s - if /[\r\n]/n =~ val.b - raise ArgumentError, 'header field value cannnot include CR/LF' + val = val.to_s # for compatibility use to_s instead of to_str + if val.b.count("\r\n") > 0 + raise ArgumentError, 'header field value cannnot include CR/LF' end @header[key.downcase] = [val] end diff --git a/test/net/http/test_httpheader.rb b/test/net/http/test_httpheader.rb index 85fd3a3fec..9a05abb975 100644 --- a/test/net/http/test_httpheader.rb +++ b/test/net/http/test_httpheader.rb @@ -16,6 +16,21 @@ class HTTPHeaderTest < Test::Unit::TestCase @c = C.new end + def test_initialize + @c.initialize_http_header("foo"=>"abc") + assert_equal "abc", @c["foo"] + @c.initialize_http_header("foo"=>"abc", "bar"=>"xyz") + assert_equal "xyz", @c["bar"] + @c.initialize_http_header([["foo", "abc"]]) + assert_equal "abc", @c["foo"] + @c.initialize_http_header([["foo", "abc"], ["bar","xyz"]]) + assert_equal "xyz", @c["bar"] + assert_raise(NoMethodError){ @c.initialize_http_header("foo"=>[]) } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\nb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\rb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\xff") } + end + def test_size assert_equal 0, @c.size @c['a'] = 'a' @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.7" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 435 +#define RUBY_PATCHLEVEL 436 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 |