diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | lib/cgi.rb | 10 |
2 files changed, 12 insertions, 5 deletions
@@ -1,3 +1,10 @@ +Thu Feb 15 10:57:38 2007 Tietew <tietew@tietew.net>> + + * lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single + unescaped ampersand. a patch from Tietew + <tietew+ruby-dev at tietew.net> in [ruby-dev:30292]. + fixed: [ruby-dev:30289] + Thu Feb 15 10:48:40 2007 MenTaLguY <mental@rydia.net> * ext/thread/thread.c: Handle interrupted waits correctly. diff --git a/lib/cgi.rb b/lib/cgi.rb index 94d92e25ae..a7cedd13aa 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -367,13 +367,13 @@ class CGI # CGI::unescapeHTML("Usage: foo "bar" <baz>") # # => "Usage: foo \"bar\" <baz>" def CGI::unescapeHTML(string) - string.gsub(/&(.*?);/n) do + string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do match = $1.dup case match - when /\Aamp\z/ni then '&' - when /\Aquot\z/ni then '"' - when /\Agt\z/ni then '>' - when /\Alt\z/ni then '<' + when 'amp' then '&' + when 'quot' then '"' + when 'gt' then '>' + when 'lt' then '<' when /\A#0*(\d+)\z/n then if Integer($1) < 256 Integer($1).chr |