From 5f33c6b0f5e7a0e5cb849e791adced2528df3227 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 27 Sep 2016 03:17:47 +0000
Subject: * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug
 #12791]

* lib/webrick/cookie.rb (parse): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                   | 6 ++++++
 NEWS                        | 8 ++++++++
 lib/cgi/cookie.rb           | 2 +-
 lib/webrick/cookie.rb       | 2 +-
 test/cgi/test_cgi_cookie.rb | 7 +++++--
 test/webrick/test_cookie.rb | 9 +++++++++
 6 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 008f7b78b0..88af16d548 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Tue Sep 27 12:07:17 2016  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
+
+	* lib/webrick/cookie.rb (parse): ditto.
+
 Mon Sep 26 21:37:21 2016  Akinori MUSHA  <knu@iDaemons.org>
 
 	* man/erb.1, man/irb.1, man/ri.1, man/ruby.1: Remove Ns before
diff --git a/NEWS b/NEWS
index dd97df3b20..c8077e3e26 100644
--- a/NEWS
+++ b/NEWS
@@ -119,6 +119,10 @@ with all sufficient information, see the ChangeLog file or Redmine
 
 === Stdlib updates (outstanding ones only)
 
+* CGI
+
+  * Don't allow , as a separator [Bug #12791]
+
 * CSV
 
   * Add a liberal_parsing option. [Feature #11839]
@@ -139,6 +143,10 @@ with all sufficient information, see the ChangeLog file or Redmine
 
   * Add an into option. [Feature #11191]
 
+* WEBrick
+
+  * Don't allow , as a separator [Bug #12791]
+
 === Compatibility issues (excluding feature bug fixes)
 
 * Array#sum and Enumerable#sum are implemented.  [Feature #12217]
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ffd88b8edb..4cc050b90d 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -162,7 +162,7 @@ class CGI
       cookies = Hash.new([])
       return cookies unless raw_cookie
 
-      raw_cookie.split(/[;,]\s?/).each do |pairs|
+      raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
         name = CGI.unescape(name)
diff --git a/lib/webrick/cookie.rb b/lib/webrick/cookie.rb
index 16f8d21827..24bf92ec00 100644
--- a/lib/webrick/cookie.rb
+++ b/lib/webrick/cookie.rb
@@ -113,7 +113,7 @@ module WEBrick
         ret = []
         cookie = nil
         ver = 0
-        str.split(/[;,]\s+/).each{|x|
+        str.split(/;\s+/).each{|x|
           key, val = x.split(/=/,2)
           val = val ? HTTPUtils::dequote(val) : ""
           case key
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index ae7b14a4dd..ca81e41133 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -88,9 +88,12 @@ class CGICookieTest < Test::Unit::TestCase
       assert_equal(name, cookie.name)
       assert_equal(value, cookie.value)
     end
-    ## ',' separator
-    cookie_str = 'name1=val1&val2, name2=val2&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93,_session_id=12345'
+    ## don't allow ',' separator
+    cookie_str = 'name1=val1&val2, name2=val2'
     cookies = CGI::Cookie.parse(cookie_str)
+    list = [
+      ['name1', ['val1', 'val2, name2=val2']],
+    ]
     list.each do |name, value|
       cookie = cookies[name]
       assert_equal(name, cookie.name)
diff --git a/test/webrick/test_cookie.rb b/test/webrick/test_cookie.rb
index ebbc5939dc..e46185f127 100644
--- a/test/webrick/test_cookie.rb
+++ b/test/webrick/test_cookie.rb
@@ -49,11 +49,20 @@ class TestWEBrickCookie < Test::Unit::TestCase
 
     data = "hoge=moge; __div__session=9865ecfd514be7f7"
     cookies = WEBrick::Cookie.parse(data)
+    assert_equal(2, cookies.size)
     assert_equal(0, cookies[0].version)
     assert_equal("hoge", cookies[0].name)
     assert_equal("moge", cookies[0].value)
     assert_equal("__div__session", cookies[1].name)
     assert_equal("9865ecfd514be7f7", cookies[1].value)
+
+    # don't allow ,-separator
+    data = "hoge=moge, __div__session=9865ecfd514be7f7"
+    cookies = WEBrick::Cookie.parse(data)
+    assert_equal(1, cookies.size)
+    assert_equal(0, cookies[0].version)
+    assert_equal("hoge", cookies[0].name)
+    assert_equal("moge, __div__session=9865ecfd514be7f7", cookies[0].value)
   end
 
   def test_parse_no_whitespace
-- 
cgit v1.2.3