| Age | Commit message (Collapse) | Author |
|---|
|
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
backported from 1.8 HEAD.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* file.c (USE_NTFS): fixed merge miss.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16449 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
and ignored trailing garbages of NTFS.
* file.c (rb_file_s_basename): ditto.
* file.c (rb_file_s_extname): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16442 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15738 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured
declaring XML namespaces.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@14091 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@14089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fixes another bug related to the formatting code refactoring in 3.1.7
Fixes ticket:99, and adds Henrik's unit test (with minor modifications)
Fixes ticket:102.
Fix provided by kevinj -- thanks! Great job.
Implements namespace validation in the baseparser. This means that, as per
the XML namespace spec, unbound prefixes generate UndefinedNamespaceException.
Also, as per the namespace spec, the 'xml' prefix must be bound to
http://www.w3.org/XML/1998/namespace, and the 'xmlns' prefix must not be declared.
in the XML.
Fix for ticket:115
Fixes a bug in the pretty printer related to an incomplete refactoring.
Merge code cleanups
Fixes another bug related to the formatting code refactoring in 3.1.7
Indentation fix.
lib/rexml/formatters/*.rb: set properties.
lib/rexml/encodings/{ISO-8859-15,CP-1252}.rb: fixed invalid syntax.
lib/rexml/rexml.rb: removed doubled constant.
lib/rexml/rexml.rb: added encoding.
Fixes ticket:110
Missing include for UndefinedNamespaceException was causing errors in some
cases.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13815 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13607 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Fixes another bug related to the formatting code refactoring in 3.1.7
* Fixes ticket:99, and adds Henrik's unit test (with minor modifications)
* Fixes ticket:102.
Fix provided by kevinj -- thanks! Great job.
* Implements namespace validation in the baseparser. This means that, as per
the XML namespace spec, unbound prefixes generate UndefinedNamespaceException.
Also, as per the namespace spec, the 'xml' prefix must be bound to
http://www.w3.org/XML/1998/namespace, and the 'xmlns' prefix must not be declared.
in the XML.
* Eggbeater missed one.
* Fix for ticket:115
* Fixes a bug in the pretty printer related to an incomplete refactoring.
* Merge code cleanups
* Fixes another bug related to the formatting code refactoring in 3.1.7
* Indentation fix.
* r1342@bean (orig r12846): nobu | 2007-07-25 17:18:55 -0400
* lib/rexml/formatters/*.rb: set properties.
* r1358@bean (orig r12883): nobu | 2007-08-06 04:36:31 -0400
* lib/rexml/encodings/{ISO-8859-15,CP-1252}.rb: fixed invalid syntax.
* r1359@bean (orig r13096): nobu | 2007-08-18 02:03:45 -0400
* lib/rexml/rexml.rb: removed doubled constant.
* r1360@bean (orig r13097): nobu | 2007-08-18 02:12:48 -0400
* lib/rexml/rexml.rb: added encoding.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13600 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
be matched with its certificate's commonName) is added.
this verification can be skipped by
"Net::HTTP#enable_post_connection_check=(false)".
suggested by Chris Clark <cclark at isecpartners.com>
* lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
perform SSL post connection check.
* ext/openssl/lib/openssl/ssl.c
(OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
any live threads are waiting. [ruby-dev:30653]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to share with strio_reopen properly. [ruby-Bugs-13919]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13487 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
changed. [ ruby-Bugs-11978 ], Thanks Florian Frank.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
access. [ruby-dev:31404]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13468 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
not waiting any longer; there cases of a thread raising
exceptions. [ ruby-Bugs-11901 ]
* test/thread/test_thread.rb (test_mutex_exception_handling):
test for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13463 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
environment variable. [ruby-core:12118]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-talk:257219], [ruby-core:11542], [ruby-dev:31253]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:31736]
* array.c (rb_ary_splice): ditto. [ruby-dev:31737]
* array.c (rb_ary_fill): ditto. [ruby-dev:31738]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:31738]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:31739]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* configure.in (XCFLAGS): add _GNU_SOURCE on linux.
* file.c (group_member): use system routine if available.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13393 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
even on Linux/Sparc. [ruby-dev:31674]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13391 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reg_get_val, ole_wc2mb): fix the bug. Thanks, arton.
[ruby-dev:31576]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13389 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* eval.c (rb_call0): tighten security check condition..
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13385 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to an auto variable to the thread to be created. pointed and
fix by KUBO Takehiro <kubo at jiubao.org> [ruby-dev:30618]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13383 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
comment lines first.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(big_rshift): ditto.
(rb_big_lshift): ditto.
(big_rshift): ditto.
[ruby-dev:31434]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13379 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* hash.c (rb_hash_shift): should consider iter_lev too.
* hash.c (delete_if_i): use rb_hash_delete_key() so that the block
isn't called twice. [ruby-core:11556]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13224 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
the thread is started too early. [ruby-talk:264062]
* test/rinda/test_rinda.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13222 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
device. [ruby-talk:263410]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-Bugs-12859]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/extmk.rb (extmake): remove mkmf.log at clean, and extconf.h at
distclean, respectively.
* ext/extmk.rb: remove rdoc at clean, and installed list file at
distclean, respectively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13212 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
width. [ruby-core:11838]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13210 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:31271]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
infinite recursive const_missing call. [ruby-talk:262193]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13206 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ruby.c (rubylib_mangled_path, rubylib_mangled_path2): return
VALUE instead of a pointer to static buffer.
* ruby.c (push_include_cygwin): fixed buffer overflow.
[ruby-dev:31297]
* ruby.c (ruby_init_loadpath): not convert built-in paths.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
function in ruby.h already.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13202 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
old Cygwin.
* file.c (rb_file_truncate): added prototype of GetLastError()
on cygwin. [ruby-dev:31239]
* intern.h (is_ruby_native_thread): prototype.
* missing/strftime.c (strftime): fix printf format and actual
arguments.
* ext/Win32API/Win32API.c (Win32API_initialize): ditto.
* ext/tk/tcltklib.c (ip_finalize): ditto.
* ext/dl/ptr.c (rb_dlptr_inspect): ditto. [ruby-dev:31268]
* ext/dl/sym.c (rb_dlsym_inspect): ditto.
* ext/socket/getnameinfo.c: include stdio.h always.
* ext/win32ole/win32ole.c (ole_hresult2msg, folevariable_name,
folevariable_ole_type, folevariable_ole_type_detail,
folevariable_value, folemethod_visible): missing return value.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
only if extconf.h is created.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
