summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>1998-07-17 00:53:50 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>1998-07-17 00:53:50 +0000
commit20e305950e9fb53e1b1cb338f9b04b1be43fd7bb (patch)
tree754daef2510303834280c46b75777f650766e540 /lib
parentc30c3bffe472ee999fc722f63dd1c1984db1d1ce (diff)
substr() taint
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/v1_1r@269 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r--lib/cgi-lib.rb6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/cgi-lib.rb b/lib/cgi-lib.rb
index c6c1caa..7033f0f 100644
--- a/lib/cgi-lib.rb
+++ b/lib/cgi-lib.rb
@@ -53,18 +53,16 @@ class CGI < SimpleDelegator
when "GET"
# exception messages should be printed to stdout.
STDERR.reopen(STDOUT)
-
ENV['QUERY_STRING'] or ""
when "POST"
# exception messages should be printed to stdout.
STDERR.reopen(STDOUT)
-
- input.read ENV['CONTENT_LENGTH'].to_i
+ input.read Integer(ENV['CONTENT_LENGTH'])
else
read_from_cmdline
end.split(/&/).each do |x|
key, val = x.split(/=/,2).collect{|x|unescape(x)}
- if @inputs.include?('key')
+ if @inputs.include?(key)
@inputs[key] += "\0" + (val or "")
else
@inputs[key] = (val or "")