diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-14 13:36:50 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-14 13:36:50 +0000 |
| commit | ccbe964c1f5ecb54a21473bd27f255ee12120fdf (patch) | |
| tree | cf9d33240e7ac2874f713d946e01d18b260917e8 /ChangeLog | |
| parent | 1beda2970b1c17daf34c15a1ee1c551b29080bdd (diff) | |
merge revision(s) 61197: [Backport #14184]
webrick: compile RE correctly for beginning and end match
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61241 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -1,3 +1,19 @@ +Thu Dec 14 22:35:19 2017 Eric Wong <normalperson@yhbt.net> + + webrick: compile RE correctly for beginning and end match + + Using ^ and $ in regexps means we can accidentally get fooled + by "%0a" in HTTP request paths being decoded to newline + characters. Use \A and \z to match beginning and end-of-string + respectively, instead. + + Thanks to mame and hsbt for reporting. + + * lib/webrick/httpserver.rb (MountTable#compile): + use \A and \z instead of ^ and $ + * lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $ + * test/webrick/test_httpserver.rb (test_cntrl_in_path): new test + Thu Dec 14 22:29:04 2017 Eric Wong <normalperson@yhbt.net> webrick: do not hang acceptor on slow TLS connections |