diff options
author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-13 00:38:08 +0000 |
---|---|---|
committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-13 00:38:08 +0000 |
commit | aac91cb762e20519aca6190345641d27e5991a75 (patch) | |
tree | aaf897febe15357a99c5c500a5888ee824549f68 /lib | |
parent | 47f1d84215893e32fb536c084cd03542f91bd884 (diff) |
webrick: compile RE correctly for beginning and end match
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61197 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/webrick/httpserver.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/webrick/httpserver.rb b/lib/webrick/httpserver.rb index b27f2311bd..e46b3bd1ad 100644 --- a/lib/webrick/httpserver.rb +++ b/lib/webrick/httpserver.rb @@ -267,12 +267,12 @@ module WEBrick k.sort! k.reverse! k.collect!{|path| Regexp.escape(path) } - @scanner = Regexp.new("^(" + k.join("|") +")(?=/|$)") + @scanner = Regexp.new("\\A(" + k.join("|") +")(?=/|\\z)") end def normalize(dir) ret = dir ? dir.dup : "" - ret.sub!(%r|/+$|, "") + ret.sub!(%r|/+\z|, "") ret end end |