diff options
-rw-r--r-- | lib/net/http/header.rb | 10 | ||||
-rw-r--r-- | test/net/http/test_httpheader.rb | 15 |
2 files changed, 22 insertions, 3 deletions
diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb index 5c543e769d..96d898c89f 100644 --- a/lib/net/http/header.rb +++ b/lib/net/http/header.rb @@ -18,7 +18,11 @@ module Net::HTTPHeader if value.nil? warn "net/http: nil HTTP header: #{key}", uplevel: 1 if $VERBOSE else - @header[key.downcase] = [value.strip] + value = value.strip # raise error for invalid byte sequences + if value.count("\r\n") > 0 + raise ArgumentError, 'header field value cannot include CR/LF' + end + @header[key.downcase] = [value] end end end @@ -75,8 +79,8 @@ module Net::HTTPHeader append_field_value(ary, val) @header[key.downcase] = ary else - val = val.to_s - if /[\r\n]/n.match?(val.b) + val = val.to_s # for compatibility use to_s instead of to_str + if val.b.count("\r\n") > 0 raise ArgumentError, 'header field value cannot include CR/LF' end @header[key.downcase] = [val] diff --git a/test/net/http/test_httpheader.rb b/test/net/http/test_httpheader.rb index c9b8b3c406..f8778522eb 100644 --- a/test/net/http/test_httpheader.rb +++ b/test/net/http/test_httpheader.rb @@ -16,6 +16,21 @@ class HTTPHeaderTest < Test::Unit::TestCase @c = C.new end + def test_initialize + @c.initialize_http_header("foo"=>"abc") + assert_equal "abc", @c["foo"] + @c.initialize_http_header("foo"=>"abc", "bar"=>"xyz") + assert_equal "xyz", @c["bar"] + @c.initialize_http_header([["foo", "abc"]]) + assert_equal "abc", @c["foo"] + @c.initialize_http_header([["foo", "abc"], ["bar","xyz"]]) + assert_equal "xyz", @c["bar"] + assert_raise(NoMethodError){ @c.initialize_http_header("foo"=>[]) } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\nb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\rb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\xff") } + end + def test_size assert_equal 0, @c.size @c['a'] = 'a' |