ruby-changes:47577
From: naruse <ko1@a...>
Date: Thu, 31 Aug 2017 02:24:09 +0900 (JST)
Subject: [ruby-changes:47577] naruse:r59693 (trunk): A HTTP Header value must not contain CR or LF.
naruse 2017-08-31 02:24:05 +0900 (Thu, 31 Aug 2017) New Revision: 59693 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=59693 Log: A HTTP Header value must not contain CR or LF. Modified files: trunk/lib/net/http/header.rb trunk/test/net/http/test_httpheader.rb Index: lib/net/http/header.rb =================================================================== --- lib/net/http/header.rb (revision 59692) +++ lib/net/http/header.rb (revision 59693) @@ -42,7 +42,7 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/lib/net/http/header.rb#L42 @header.delete key.downcase return val end - @header[key.downcase] = [val] + set_field(key, val) end # [Ruby 1.8.3] @@ -62,12 +62,40 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/lib/net/http/header.rb#L62 # def add_field(key, val) if @header.key?(key.downcase) - @header[key.downcase].push val + append_field_value(@header[key.downcase], val) else + set_field(key, val) + end + end + + private def set_field(key, val) + case val + when Enumerable + ary = [] + append_field_value(ary, val) + @header[key.downcase] = ary + else + val = val.to_str + if /[\r\n]/.match?(val) + raise ArgumentError, 'header field value cannnot include CR/LF' + end @header[key.downcase] = [val] end end + private def append_field_value(ary, val) + case val + when Enumerable + val.each{|x| append_field_value(ary, x)} + else + val = val.to_s + if /[\r\n]/.match?(val) + raise ArgumentError, 'header field value cannnot include CR/LF' + end + ary.push val + end + end + # [Ruby 1.8.3] # Returns an array of header field strings corresponding to the # case-insensitive +key+. This method allows you to get duplicated Index: test/net/http/test_httpheader.rb =================================================================== --- test/net/http/test_httpheader.rb (revision 59692) +++ test/net/http/test_httpheader.rb (revision 59693) @@ -40,6 +40,13 @@ class HTTPHeaderTest < Test::Unit::TestC https://github.com/ruby/ruby/blob/trunk/test/net/http/test_httpheader.rb#L40 @c['aaA'] = 'aaa' @c['AAa'] = 'aaa' assert_equal 2, @c.length + + @c['aaa'] = ['aaa', ['bbb', [3]]] + assert_equal 2, @c.length + assert_equal ['aaa', 'bbb', '3'], @c.get_fields('aaa') + + assert_raise(ArgumentError){ @c['foo'] = "a\nb" } + assert_raise(ArgumentError){ @c['foo'] = ["a\nb"] } end def test_AREF @@ -65,6 +72,10 @@ class HTTPHeaderTest < Test::Unit::TestC https://github.com/ruby/ruby/blob/trunk/test/net/http/test_httpheader.rb#L72 @c.add_field 'My-Header', 'd, d' assert_equal 'a, b, c, d, d', @c['My-Header'] assert_equal ['a', 'b', 'c', 'd, d'], @c.get_fields('My-Header') + assert_raise(ArgumentError){ @c.add_field 'My-Header', "d\nd" } + @c.add_field 'My-Header', ['e', ['f', 7]] + assert_equal 'a, b, c, d, d, e, f, 7', @c['My-Header'] + assert_equal ['a', 'b', 'c', 'd, d', 'e', 'f', '7'], @c.get_fields('My-Header') end def test_get_fields -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/