mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
escape.c: Preserve original state
* ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
8e4c5d3ab1
commit
1b107d48ef
3 changed files with 25 additions and 1 deletions
|
@ -1,3 +1,9 @@
|
|||
Tue Dec 22 05:39:58 2015 Takashi Kokubun <takashikkbn@gmail.com>
|
||||
|
||||
* ext/cgi/escape/escape.c (preserve_original_state): Preserve
|
||||
original state for tainted and frozen. [Fix GH-1166]
|
||||
[ruby-dev:49451] [Bug #11855]
|
||||
|
||||
Tue Dec 22 03:57:20 2015 Eric Wong <e@80x24.org>
|
||||
|
||||
* ext/socket/init.c (rsock_init_sock): check FD after validating
|
||||
|
|
|
@ -25,6 +25,14 @@ html_escaped_cat(VALUE str, char c)
|
|||
}
|
||||
}
|
||||
|
||||
static inline void
|
||||
preserve_original_state(VALUE orig, VALUE dest)
|
||||
{
|
||||
rb_enc_associate(dest, rb_enc_get(orig));
|
||||
|
||||
FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT));
|
||||
}
|
||||
|
||||
static VALUE
|
||||
optimized_escape_html(VALUE str)
|
||||
{
|
||||
|
@ -57,7 +65,7 @@ optimized_escape_html(VALUE str)
|
|||
|
||||
if (modified) {
|
||||
rb_str_cat(dest, cstr + beg, len - beg);
|
||||
rb_enc_associate(dest, rb_enc_get(str));
|
||||
preserve_original_state(str, dest);
|
||||
return dest;
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -68,6 +68,16 @@ class CGIUtilTest < Test::Unit::TestCase
|
|||
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
|
||||
end
|
||||
|
||||
def test_cgi_escape_html_preserve_tainted
|
||||
assert_equal(false, CGI::escapeHTML("'&\"><").tainted?)
|
||||
assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?)
|
||||
end
|
||||
|
||||
def test_cgi_escape_html_preserve_frozen
|
||||
assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?)
|
||||
assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?)
|
||||
end
|
||||
|
||||
def test_cgi_unescapeHTML
|
||||
assert_equal("'&\"><", CGI::unescapeHTML("'&"><"))
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue