From 11183a22ef3998b9e822bb9322e49b8d6838aa81 Mon Sep 17 00:00:00 2001
From: wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 17 Aug 2010 18:36:29 +0000
Subject: lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS
 vulnerabilty. See the CVE report for more information.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@29026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                   | 10 +++++++---
 lib/webrick/httpresponse.rb |  2 +-
 version.h                   |  2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cd6c93a591..28a818bbd4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,14 @@
+Tue Aug 18 03:34:00 Kirk Haines <khaines@ruby-lang.org>
+
+	* lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
+
 Tue Aug 18 03:27:00 Kirk Haines <khaines@ruby-lang.org>
 
-	* ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests.
+	* ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests. r29025
 
-	* test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite.
+	* test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite. r29025
 
-	* test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively.
+	* test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively. r29025
 
 Wed Jun 23 04:26:00 Kirk Haines <khaines@ruby-lang.org>
 
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 62156b1abd..48fe4b07f8 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -209,7 +209,7 @@ module WEBrick
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
diff --git a/version.h b/version.h
index 8f5dd218bc..6faee54cd9 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2010-08-18"
 #define RUBY_VERSION_CODE 186
 #define RUBY_RELEASE_CODE 20100818
-#define RUBY_PATCHLEVEL 419
+#define RUBY_PATCHLEVEL 420
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
-- 
cgit v1.2.3