diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | lib/cgi.rb | 10 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 11 insertions, 6 deletions
@@ -1,3 +1,8 @@ +Sun Jun 8 05:05:05 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * lib/cgi.rb (read_multipart): exclude blanks from header values. + [ruby-list:44327] + Sun Jun 8 05:00:44 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * bignum.c (rb_cstr_to_inum): trailing spaces may exist at sqeezing diff --git a/lib/cgi.rb b/lib/cgi.rb index a5f79b14ac..c07f412442 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -1032,21 +1032,21 @@ class CGI if "--" == $2 content_length = -1 end - boundary_end = $2.dup + boundary_end = $2.dup "" end body.rewind - /Content-Disposition:.* filename="?([^\";]*)"?/ni.match(head) - filename = ($1 or "") + /Content-Disposition:.* filename=(?:"((?:\\.|[^\"\s])*)"|([^;\s]*))/ni.match(head) + filename = ($1 or $2 or "") if /Mac/ni.match(env_table['HTTP_USER_AGENT']) and /Mozilla/ni.match(env_table['HTTP_USER_AGENT']) and (not /MSIE/ni.match(env_table['HTTP_USER_AGENT'])) filename = CGI::unescape(filename) end - /Content-Type: (.*)/ni.match(head) + /Content-Type: ([^\s]*)/ni.match(head) content_type = ($1 or "") (class << body; self; end).class_eval do @@ -1055,7 +1055,7 @@ class CGI define_method(:content_type) {content_type.dup.taint} end - /Content-Disposition:.* name="?([^\";]*)"?/ni.match(head) + /Content-Disposition:.* name="?([^\";\s]*)"?/ni.match(head) name = $1.dup if params.has_key?(name) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-08" #define RUBY_VERSION_CODE 185 #define RUBY_RELEASE_CODE 20080608 -#define RUBY_PATCHLEVEL 156 +#define RUBY_PATCHLEVEL 157 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |