[前][次][番号順一覧][スレッド一覧]

ruby-changes:19714

From: akr <ko1@a...>
Date: Sat, 28 May 2011 08:45:19 +0900 (JST)
Subject: [ruby-changes:19714] akr:r31759 (trunk): update comment.

akr	2011-05-28 08:45:12 +0900 (Sat, 28 May 2011)

  New Revision: 31759

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31759

  Log:
    update comment.

  Modified files:
    trunk/lib/open-uri.rb

Index: lib/open-uri.rb
===================================================================
--- lib/open-uri.rb	(revision 31758)
+++ lib/open-uri.rb	(revision 31759)
@@ -234,7 +234,7 @@
 
   def OpenURI.redirectable?(uri1, uri2) # :nodoc:
     # This test is intended to forbid a redirection from http://... to
-    # file:///etc/passwd.
+    # file:///etc/passwd, file:///dev/zero, etc.  CVE-2011-1521
     # https to http redirect is also forbidden intentionally.
     # It avoids sending secure cookie or referer by non-secure HTTP protocol.
     # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]