ruby-changes:65925
From: pavel <ko1@a...>
Date: Thu, 22 Apr 2021 11:52:00 +0900 (JST)
Subject: [ruby-changes:65925] 2756938369 (master): [ruby/cgi] handle invalid encoding
https://git.ruby-lang.org/ruby.git/commit/?id=2756938369 From 27569383693a04907b50ec9170f9ebf164d01d0f Mon Sep 17 00:00:00 2001 From: pavel <pavel.rosicky@e...> Date: Fri, 13 Mar 2020 18:55:55 +0100 Subject: [ruby/cgi] handle invalid encoding https://github.com/ruby/cgi/commit/2b1c2e21a4 --- lib/cgi/util.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index aab8b00..69a252b 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -49,9 +49,12 @@ module CGI::Util https://github.com/ruby/ruby/blob/trunk/lib/cgi/util.rb#L49 table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}] string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table) string.encode!(origenc) if origenc - return string + string + else + string = string.b + string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) + string.force_encoding(enc) end - string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end begin @@ -90,7 +93,8 @@ module CGI::Util https://github.com/ruby/ruby/blob/trunk/lib/cgi/util.rb#L93 when Encoding::ISO_8859_1; 256 else 128 end - string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do + string = string.b + string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do match = $1.dup case match when 'apos' then "'" @@ -116,6 +120,7 @@ module CGI::Util https://github.com/ruby/ruby/blob/trunk/lib/cgi/util.rb#L120 "&#{match};" end end + string.force_encoding enc end # Synonym for CGI.escapeHTML(str) -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/