merge revision(s) 28997:

* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): Fix for possible cross-site scripting (CVE-2010-0541). Found by Apple, reported by Hideki Yamane. Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2010-08-16 03:41:12 +00:00 · 2010-08-16 03:41:12 +00:00 · 29b30b66f3
commit 29b30b66f3
parent 966532cc40
2 changed files with 8 additions and 1 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Mon Aug 16 12:29:06 2010  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* Makefile.in, win32/Makefile.sub (test-rubyspec-precheck): split
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@ -208,7 +208,7 @@ module WEBrick
        @keep_alive = false
        self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
      end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"

      if respond_to?(:create_error_page)
        create_error_page()