diff options
| author | pavel <pavel.rosicky@easy.cz> | 2020-03-13 18:55:55 +0100 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-04-22 11:51:36 +0900 |
| commit | 27569383693a04907b50ec9170f9ebf164d01d0f (patch) | |
| tree | d1985fec1d0370267eb17f8d02a09f9a74aedae8 | |
| parent | 53d153e42c90f48ac35316b9fd69b8819aa4e7d3 (diff) | |
[ruby/cgi] handle invalid encoding
https://github.com/ruby/cgi/commit/2b1c2e21a4
| -rw-r--r-- | lib/cgi/util.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index aab8b000cb..69a252b5e3 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -49,9 +49,12 @@ module CGI::Util table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}] string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table) string.encode!(origenc) if origenc - return string + string + else + string = string.b + string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) + string.force_encoding(enc) end - string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end begin @@ -90,7 +93,8 @@ module CGI::Util when Encoding::ISO_8859_1; 256 else 128 end - string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do + string = string.b + string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do match = $1.dup case match when 'apos' then "'" @@ -116,6 +120,7 @@ module CGI::Util "&#{match};" end end + string.force_encoding enc end # Synonym for CGI.escapeHTML(str) |