ruby-changes:19714
From: akr <ko1@a...>
Date: Sat, 28 May 2011 08:45:19 +0900 (JST)
Subject: [ruby-changes:19714] akr:r31759 (trunk): update comment.
akr 2011-05-28 08:45:12 +0900 (Sat, 28 May 2011) New Revision: 31759 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31759 Log: update comment. Modified files: trunk/lib/open-uri.rb Index: lib/open-uri.rb =================================================================== --- lib/open-uri.rb (revision 31758) +++ lib/open-uri.rb (revision 31759) @@ -234,7 +234,7 @@ def OpenURI.redirectable?(uri1, uri2) # :nodoc: # This test is intended to forbid a redirection from http://... to - # file:///etc/passwd. + # file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521 # https to http redirect is also forbidden intentionally. # It avoids sending secure cookie or referer by non-secure HTTP protocol. # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/