ruby-changes:50682
From: nagachika <ko1@a...>
Date: Tue, 20 Mar 2018 02:13:47 +0900 (JST)
Subject: [ruby-changes:50682] nagachika:r62848 (ruby_2_4): merge revision(s) 61359: [Backport #14208]
nagachika 2018-03-20 02:13:41 +0900 (Tue, 20 Mar 2018) New Revision: 62848 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62848 Log: merge revision(s) 61359: [Backport #14208] raise error if value contains CR/LF in iniheader of initialize_http_header like r59693, initialize_http_header also should raise error. [Bug #14208] Modified directories: branches/ruby_2_4/ Modified files: branches/ruby_2_4/lib/net/http/header.rb branches/ruby_2_4/test/net/http/test_httpheader.rb branches/ruby_2_4/version.h Index: ruby_2_4/test/net/http/test_httpheader.rb =================================================================== --- ruby_2_4/test/net/http/test_httpheader.rb (revision 62847) +++ ruby_2_4/test/net/http/test_httpheader.rb (revision 62848) @@ -16,6 +16,21 @@ class HTTPHeaderTest < Test::Unit::TestC https://github.com/ruby/ruby/blob/trunk/ruby_2_4/test/net/http/test_httpheader.rb#L16 @c = C.new end + def test_initialize + @c.initialize_http_header("foo"=>"abc") + assert_equal "abc", @c["foo"] + @c.initialize_http_header("foo"=>"abc", "bar"=>"xyz") + assert_equal "xyz", @c["bar"] + @c.initialize_http_header([["foo", "abc"]]) + assert_equal "abc", @c["foo"] + @c.initialize_http_header([["foo", "abc"], ["bar","xyz"]]) + assert_equal "xyz", @c["bar"] + assert_raise(NoMethodError){ @c.initialize_http_header("foo"=>[]) } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\nb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\rb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\xff") } + end + def test_size assert_equal 0, @c.size @c['a'] = 'a' Index: ruby_2_4/version.h =================================================================== --- ruby_2_4/version.h (revision 62847) +++ ruby_2_4/version.h (revision 62848) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_4/version.h#L1 #define RUBY_VERSION "2.4.4" #define RUBY_RELEASE_DATE "2018-03-20" -#define RUBY_PATCHLEVEL 267 +#define RUBY_PATCHLEVEL 268 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 Index: ruby_2_4/lib/net/http/header.rb =================================================================== --- ruby_2_4/lib/net/http/header.rb (revision 62847) +++ ruby_2_4/lib/net/http/header.rb (revision 62848) @@ -18,7 +18,11 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/ruby_2_4/lib/net/http/header.rb#L18 if value.nil? warn "net/http: warning: nil HTTP header: #{key}" if $VERBOSE else - @header[key.downcase] = [value.strip] + value = value.strip # raise error for invalid byte sequences + if value.count("\r\n") > 0 + raise ArgumentError, 'header field value cannot include CR/LF' + end + @header[key.downcase] = [value] end end end @@ -75,8 +79,8 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/ruby_2_4/lib/net/http/header.rb#L79 append_field_value(ary, val) @header[key.downcase] = ary else - val = val.to_s - if /[\r\n]/n.match?(val.b) + val = val.to_s # for compatibility use to_s instead of to_str + if val.b.count("\r\n") > 0 raise ArgumentError, 'header field value cannnot include CR/LF' end @header[key.downcase] = [val] Index: ruby_2_4 =================================================================== --- ruby_2_4 (revision 62847) +++ ruby_2_4 (revision 62848) Property changes on: ruby_2_4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r61359 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/