Age | Commit message (Collapse) | Author |
|
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/http.rb: an SSL verification (the server hostname should
be matched with its certificate's commonName) is added.
this verification can be skipped by
"Net::HTTP#enable_post_connection_check=(false)".
suggested by Chris Clark <cclark at isecpartners.com>
* lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
perform SSL post connection check.
* ext/openssl/lib/openssl/ssl.c
(OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
changed. [ ruby-Bugs-11978 ], Thanks Florian Frank.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
the thread is started too early. [ruby-talk:264062]
* test/rinda/test_rinda.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13049 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
only if extconf.h is created.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13032 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13028 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for regular expression. [ruby-dev:31221]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
::CONFIG which is an alias of MAKEFILE_CONFIG.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12980 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:30740], Thanks Kentaro KAWAMOTO.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12341 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12326 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12316 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12072 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/fileutils.rb (FileUtils::mv): Type Error; should utilize
Strings instead of Symbols here.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
FileUtils.mv changes at r11988
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12046 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12020 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@12018 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@11599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/rdoc/ri/ri_options.rb: prevent NameError. [ruby-dev:29597]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@11395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
boundary. JVN#84798830
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@11326 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@11309 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rdoc documents C module methods as instance methods. a patch in
[ruby-core:08536].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10769 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:8574]. [ruby-dev:29346]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10764 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rdoc documents C module methods as instance methods. a patch in
[ruby-core:08536].
* lib/rdoc/parsers/parse_c.rb (RDoc::C_Parser#find_body): Make RDoc
ignore C function prototypes. Patch by Tilman Sauerbeck
<tilman at code-monkey.de>. [ruby-core:8574]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10761 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10759 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
patch from Fujioka <fuj at rabbix.jp>. [ruby-dev:29284]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10739 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
TupleSpace when TupleSpace resides in the same ruby process with
RingServer. a patch from Kent Sibilev. [ruby-core:08453]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10737 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10730 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
RDoc. a patch from Eric Hodel <drbrain at segment7.net>.
[ruby-core:08522]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10683 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10679 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core: 7122].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10664 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
in Date#strftime the same as Time#strftime accepts.
fixed: [ruby-core:08466]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
may not be defined to shut up gcc's -Wundef warnings.
[ruby-core:08447]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10648 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for the value of IPv6 address in the Host: header field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fixed: [ruby-talk:204896]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10643 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
picks up when processing logger.rb by moving the require
statement back before the comment block. a patch from Hugh
Sasse <hgs at dmu.ac.uk>. [ruby-core:08422]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10638 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10615 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/http.rb (Net::HTTP#post, request_post, request): should set Content-Type: x-www-form-urlencoded by default.
* lib/net/http.rb (Net::HTTPHeader#content_type): should return nil when there's no Content-Type.
* lib/net/http.rb (Net::HTTPHeader#sub_type): should return nil when there's no sub Content-Type (e.g. "Content-Type: text").
* lib/net/http.rb (Net::HTTPHeader#type_params): wrongly failed when there's no Content-Type.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
multipart boundary end. a patch from Fujioka <fuj at rabbix.jp>
[ruby-dev:28470]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10602 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|