From cc24eb85189fe811f4cdd01b5ba070461d5c376a Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 17 Sep 2005 14:55:06 +0000
Subject: * lib/cgi.rb (CGI::Cookie): should handle multiple values for a  
 cookie name.  [ruby-talk:156140]

* string.c (rb_str_substr): should propagate taintness even for
  empty strings.  [ruby-dev:27121]

* string.c (rb_str_aref): should infect result if range argument
  is tainted.  [ruby-dev:27121]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib/cgi.rb')

diff --git a/lib/cgi.rb b/lib/cgi.rb
index 7c84f64640..b18a03524c 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -870,15 +870,16 @@ class CGI
     cookies = Hash.new([])
     return cookies unless raw_cookie
 
-    raw_cookie.split(/; /).each do |pairs|
+    raw_cookie.split(/[;,] /).each do |pairs|
       name, values = pairs.split('=',2)
       next unless name and values
       name = CGI::unescape(name)
       values ||= ""
       values = values.split('&').collect{|v| CGI::unescape(v) }
-      unless cookies.has_key?(name)
-        cookies[name] = Cookie::new({ "name" => name, "value" => values })
+      if cookies.has_key?(name)
+        values = cookies[name].value + values
       end
+      cookies[name] = Cookie::new({ "name" => name, "value" => values })
     end
 
     cookies
-- 
cgit v1.2.3