archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-24 21:44:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/lib/webrick
History
normal d9d4a28f1c webrick: prevent response splitting and header injection 
Original patch by tenderlove (with minor style adjustments).

* lib/webrick/httpresponse.rb (send_header): call check_header
  (check_header): raise on embedded CRLF in header value
* test/webrick/test_httpresponse.rb
  (test_prevent_response_splitting_headers): new test
* (test_prevent_response_splitting_cookie_headers): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-03-28 08:38:26 +00:00
..
httpauth webrick/httpauth/digestauth: stream req.body 2018-03-28 08:06:49 +00:00
httpservlet webrick/httpservlet/cgihandler: reduce memory use 2018-03-28 08:06:28 +00:00
.document Ignore gemspec under the lib directory for documentation. 2017-12-12 08:34:13 +00:00
accesslog.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
cgi.rb webrick: favor .write over << method 2018-03-28 08:05:46 +00:00
compat.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
config.rb Delay Utils.getservername until needed. 2016-12-07 12:59:48 +00:00
cookie.rb * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791] 2016-09-27 03:17:47 +00:00
htmlutils.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
httpauth.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
httpproxy.rb webrick/httpproxy: stream request and response bodies 2018-03-28 08:06:55 +00:00
httprequest.rb webrick/httpproxy: stream request and response bodies 2018-03-28 08:06:55 +00:00
httpresponse.rb webrick: prevent response splitting and header injection 2018-03-28 08:38:26 +00:00
https.rb webrick: fix SNI support 2017-07-18 01:59:28 +00:00
httpserver.rb webrick: compile RE correctly for beginning and end match 2017-12-13 00:38:08 +00:00
httpservlet.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
httpstatus.rb lib/webrick/log.rb: sanitize any type of logs 2017-09-14 11:16:23 +00:00
httputils.rb webrick/httputils: note Kernel#open behavior 2017-12-22 01:08:05 +00:00
httpversion.rb Add frozen_string_literal: false for all files 2015-12-16 05:07:31 +00:00
log.rb webrick: WEBrick::Log requires path arg when given string 2017-12-22 01:07:55 +00:00
server.rb Add uplevel keyword to Kernel#warn and use it 2017-12-12 11:56:25 +00:00
ssl.rb webrick: fix SNI support 2017-07-18 01:59:28 +00:00
utils.rb Add uplevel keyword to Kernel#warn and use it 2017-12-12 11:56:25 +00:00
version.rb webrick 1.4.2 2017-12-24 08:38:43 +00:00
webrick.gemspec webrick 1.4.2 2017-12-24 08:38:43 +00:00