* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):

Fix for possible cross-site scripting (CVE-2010-0541). Found by Apple, reported by Hideki Yamane. Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@28997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-15 08:33:58 +02:00 · 2010-08-16 00:53:48 +00:00 · 2010-08-16 00:53:48 +00:00 · 2e63271148
commit 2e63271148
parent 10bc4d23ce
3 changed files with 12 additions and 5 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Fri Jul  2 19:07:09 2010  Yuki Sonoda (Yugui)  <yugui@yugui.jp>

 	* io.c (argf_inplace_mode_set): prohibits an assignment
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@ -208,7 +208,7 @@ module WEBrick
        @keep_alive = false
        self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
      end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"

      if respond_to?(:create_error_page)
        create_error_page()
--- a/version.h
+++ b/version.h
@ -1,13 +1,13 @@
 #define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 429
+#define RUBY_PATCHLEVEL 430
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 9
 #define RUBY_VERSION_TEENY 1

 #define RUBY_RELEASE_YEAR 2010
-#define RUBY_RELEASE_MONTH 7
-#define RUBY_RELEASE_DAY 14
-#define RUBY_RELEASE_DATE "2010-07-14"
+#define RUBY_RELEASE_MONTH 8
+#define RUBY_RELEASE_DAY 16
+#define RUBY_RELEASE_DATE "2010-08-16"

 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];