From 427f5b57135fa165990f87c93658fafbe070289f Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 30 Aug 2017 17:24:05 +0000
Subject: A HTTP Header value must not contain CR or LF.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/http/header.rb | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

(limited to 'lib/net/http')

diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb
index 63a163afbd..d363dffca5 100644
--- a/lib/net/http/header.rb
+++ b/lib/net/http/header.rb
@@ -42,7 +42,7 @@ module Net::HTTPHeader
       @header.delete key.downcase
       return val
     end
-    @header[key.downcase] = [val]
+    set_field(key, val)
   end
 
   # [Ruby 1.8.3]
@@ -62,12 +62,40 @@ module Net::HTTPHeader
   #
   def add_field(key, val)
     if @header.key?(key.downcase)
-      @header[key.downcase].push val
+      append_field_value(@header[key.downcase], val)
     else
+      set_field(key, val)
+    end
+  end
+
+  private def set_field(key, val)
+    case val
+    when Enumerable
+      ary = []
+      append_field_value(ary, val)
+      @header[key.downcase] = ary
+    else
+      val = val.to_str
+      if /[\r\n]/.match?(val)
+        raise ArgumentError, 'header field value cannnot include CR/LF'
+      end
       @header[key.downcase] = [val]
     end
   end
 
+  private def append_field_value(ary, val)
+    case val
+    when Enumerable
+      val.each{|x| append_field_value(ary, x)}
+    else
+      val = val.to_s
+      if /[\r\n]/.match?(val)
+        raise ArgumentError, 'header field value cannnot include CR/LF'
+      end
+      ary.push val
+    end
+  end
+
   # [Ruby 1.8.3]
   # Returns an array of header field strings corresponding to the
   # case-insensitive +key+.  This method allows you to get duplicated
-- 
cgit v1.2.3