ruby-changes:17009
From: shyouhei <ko1@a...>
Date: Mon, 16 Aug 2010 16:31:42 +0900 (JST)
Subject: [ruby-changes:17009] Ruby:r29006 (ruby_1_8_7): merge revision(s) 29002:
shyouhei 2010-08-16 16:31:35 +0900 (Mon, 16 Aug 2010) New Revision: 29006 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=29006 Log: merge revision(s) 29002: * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): Fix for possible cross-site scripting (CVE-2010-0541). Found by Apple, reported by Hideki Yamane. Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. Modified files: branches/ruby_1_8_7/lib/webrick/httpresponse.rb branches/ruby_1_8_7/version.h Index: ruby_1_8_7/version.h =================================================================== --- ruby_1_8_7/version.h (revision 29005) +++ ruby_1_8_7/version.h (revision 29006) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2010-08-16" #define RUBY_VERSION_CODE 187 #define RUBY_RELEASE_CODE 20100816 -#define RUBY_PATCHLEVEL 301 +#define RUBY_PATCHLEVEL 302 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 Index: ruby_1_8_7/lib/webrick/httpresponse.rb =================================================================== --- ruby_1_8_7/lib/webrick/httpresponse.rb (revision 29005) +++ ruby_1_8_7/lib/webrick/httpresponse.rb (revision 29006) @@ -209,7 +209,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/