ruby-changes:58407

https://git.ruby-lang.org/ruby.git/commit/?id=f126d80b1e

From f126d80b1e4f42e854555e728cd4478fc7ff56db Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@j...>
Date: Fri, 18 Oct 2019 11:40:36 -0700
Subject: [ruby/webrick] Don't check tainting in access log escaping

Only untaint result on Ruby <2.7, as taint support is deprecated
in Ruby 2.7+ and no longer has an effect.

https://github.com/ruby/webrick/commit/4c430f9410

diff --git a/lib/webrick/accesslog.rb b/lib/webrick/accesslog.rb
index 17e5b38..e484963 100644
--- a/lib/webrick/accesslog.rb
+++ b/lib/webrick/accesslog.rb
@@ -149,11 +149,9 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/accesslog.rb#L149
     # Escapes control characters in +data+
 
     def escape(data)
-      if data.tainted?
-        data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
-      else
-        data
-      end
+      data = data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}
+      data.untaint if RUBY_VERSION < '2.7'
+      data
     end
   end
 end
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/