diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 04:54:58 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 04:54:58 +0000 |
commit | 2dee659be78ced6ba4996b2c3d53ad371912bbc9 (patch) | |
tree | d408d1e0dcd29d1f8af3704dc607353397101f98 /lib/net | |
parent | 2d0062bcf5081fadbda999ffe45468782fda7fa2 (diff) |
merge revision(s) 61359: [Backport #14208]
raise error if value contains CR/LF in iniheader of initialize_http_header
like r59693, initialize_http_header also should raise error. [Bug #14208]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@62939 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/net')
-rw-r--r-- | lib/net/http/header.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb index 50580658d0..fd81b44a74 100644 --- a/lib/net/http/header.rb +++ b/lib/net/http/header.rb @@ -15,7 +15,11 @@ module Net::HTTPHeader return unless initheader initheader.each do |key, value| warn "net/http: warning: duplicated HTTP header: #{key}" if key?(key) and $VERBOSE - @header[key.downcase] = [value.strip] + value = value.strip # raise error for invalid byte sequences + if value.count("\r\n") > 0 + raise ArgumentError, 'header field value cannot include CR/LF' + end + @header[key.downcase] = [value] end end @@ -71,9 +75,9 @@ module Net::HTTPHeader append_field_value(ary, val) @header[key.downcase] = ary else - val = val.to_s - if /[\r\n]/n =~ val.b - raise ArgumentError, 'header field value cannnot include CR/LF' + val = val.to_s # for compatibility use to_s instead of to_str + if val.b.count("\r\n") > 0 + raise ArgumentError, 'header field value cannnot include CR/LF' end @header[key.downcase] = [val] end |