ruby-changes:50756
From: usa <ko1@a...>
Date: Wed, 28 Mar 2018 13:55:03 +0900 (JST)
Subject: [ruby-changes:50756] usa:r62939 (ruby_2_3): merge revision(s) 61359: [Backport #14208]
usa 2018-03-28 13:54:58 +0900 (Wed, 28 Mar 2018) New Revision: 62939 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62939 Log: merge revision(s) 61359: [Backport #14208] raise error if value contains CR/LF in iniheader of initialize_http_header like r59693, initialize_http_header also should raise error. [Bug #14208] Modified directories: branches/ruby_2_3/ Modified files: branches/ruby_2_3/lib/net/http/header.rb branches/ruby_2_3/test/net/http/test_httpheader.rb branches/ruby_2_3/version.h Index: ruby_2_3/version.h =================================================================== --- ruby_2_3/version.h (revision 62938) +++ ruby_2_3/version.h (revision 62939) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/version.h#L1 #define RUBY_VERSION "2.3.7" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 435 +#define RUBY_PATCHLEVEL 436 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 Index: ruby_2_3/lib/net/http/header.rb =================================================================== --- ruby_2_3/lib/net/http/header.rb (revision 62938) +++ ruby_2_3/lib/net/http/header.rb (revision 62939) @@ -15,7 +15,11 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/ruby_2_3/lib/net/http/header.rb#L15 return unless initheader initheader.each do |key, value| warn "net/http: warning: duplicated HTTP header: #{key}" if key?(key) and $VERBOSE - @header[key.downcase] = [value.strip] + value = value.strip # raise error for invalid byte sequences + if value.count("\r\n") > 0 + raise ArgumentError, 'header field value cannot include CR/LF' + end + @header[key.downcase] = [value] end end @@ -71,9 +75,9 @@ module Net::HTTPHeader https://github.com/ruby/ruby/blob/trunk/ruby_2_3/lib/net/http/header.rb#L75 append_field_value(ary, val) @header[key.downcase] = ary else - val = val.to_s - if /[\r\n]/n =~ val.b - raise ArgumentError, 'header field value cannnot include CR/LF' + val = val.to_s # for compatibility use to_s instead of to_str + if val.b.count("\r\n") > 0 + raise ArgumentError, 'header field value cannnot include CR/LF' end @header[key.downcase] = [val] end Index: ruby_2_3/test/net/http/test_httpheader.rb =================================================================== --- ruby_2_3/test/net/http/test_httpheader.rb (revision 62938) +++ ruby_2_3/test/net/http/test_httpheader.rb (revision 62939) @@ -16,6 +16,21 @@ class HTTPHeaderTest < Test::Unit::TestC https://github.com/ruby/ruby/blob/trunk/ruby_2_3/test/net/http/test_httpheader.rb#L16 @c = C.new end + def test_initialize + @c.initialize_http_header("foo"=>"abc") + assert_equal "abc", @c["foo"] + @c.initialize_http_header("foo"=>"abc", "bar"=>"xyz") + assert_equal "xyz", @c["bar"] + @c.initialize_http_header([["foo", "abc"]]) + assert_equal "abc", @c["foo"] + @c.initialize_http_header([["foo", "abc"], ["bar","xyz"]]) + assert_equal "xyz", @c["bar"] + assert_raise(NoMethodError){ @c.initialize_http_header("foo"=>[]) } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\nb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\rb") } + assert_raise(ArgumentError){ @c.initialize_http_header("foo"=>"a\xff") } + end + def test_size assert_equal 0, @c.size @c['a'] = 'a' Index: ruby_2_3 =================================================================== --- ruby_2_3 (revision 62938) +++ ruby_2_3 (revision 62939) Property changes on: ruby_2_3 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r61359 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/