diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-27 23:45:12 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-27 23:45:12 +0000 |
commit | aede5b391193a2493594e4fcd49ffd685fbe41ca (patch) | |
tree | c09371efd077d628151be0b1d7cbdf16fc9c8e62 /lib/open-uri.rb | |
parent | 9efb5a9d6a14d140b5b2e958e84974da02a07324 (diff) |
update comment.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31759 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/open-uri.rb')
-rw-r--r-- | lib/open-uri.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/open-uri.rb b/lib/open-uri.rb index c8393fa437..4de5c43462 100644 --- a/lib/open-uri.rb +++ b/lib/open-uri.rb @@ -234,7 +234,7 @@ module OpenURI def OpenURI.redirectable?(uri1, uri2) # :nodoc: # This test is intended to forbid a redirection from http://... to - # file:///etc/passwd. + # file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521 # https to http redirect is also forbidden intentionally. # It avoids sending secure cookie or referer by non-secure HTTP protocol. # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3) |