From 427f5b57135fa165990f87c93658fafbe070289f Mon Sep 17 00:00:00 2001 From: naruse Date: Wed, 30 Aug 2017 17:24:05 +0000 Subject: [PATCH] A HTTP Header value must not contain CR or LF. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/net/http/header.rb | 32 ++++++++++++++++++++++++++++++-- test/net/http/test_httpheader.rb | 11 +++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb index 63a163afbd..d363dffca5 100644 --- a/lib/net/http/header.rb +++ b/lib/net/http/header.rb @@ -42,7 +42,7 @@ module Net::HTTPHeader @header.delete key.downcase return val end - @header[key.downcase] = [val] + set_field(key, val) end # [Ruby 1.8.3] @@ -62,12 +62,40 @@ module Net::HTTPHeader # def add_field(key, val) if @header.key?(key.downcase) - @header[key.downcase].push val + append_field_value(@header[key.downcase], val) else + set_field(key, val) + end + end + + private def set_field(key, val) + case val + when Enumerable + ary = [] + append_field_value(ary, val) + @header[key.downcase] = ary + else + val = val.to_str + if /[\r\n]/.match?(val) + raise ArgumentError, 'header field value cannnot include CR/LF' + end @header[key.downcase] = [val] end end + private def append_field_value(ary, val) + case val + when Enumerable + val.each{|x| append_field_value(ary, x)} + else + val = val.to_s + if /[\r\n]/.match?(val) + raise ArgumentError, 'header field value cannnot include CR/LF' + end + ary.push val + end + end + # [Ruby 1.8.3] # Returns an array of header field strings corresponding to the # case-insensitive +key+. This method allows you to get duplicated diff --git a/test/net/http/test_httpheader.rb b/test/net/http/test_httpheader.rb index 99c47cac93..0a2c57dcb8 100644 --- a/test/net/http/test_httpheader.rb +++ b/test/net/http/test_httpheader.rb @@ -40,6 +40,13 @@ class HTTPHeaderTest < Test::Unit::TestCase @c['aaA'] = 'aaa' @c['AAa'] = 'aaa' assert_equal 2, @c.length + + @c['aaa'] = ['aaa', ['bbb', [3]]] + assert_equal 2, @c.length + assert_equal ['aaa', 'bbb', '3'], @c.get_fields('aaa') + + assert_raise(ArgumentError){ @c['foo'] = "a\nb" } + assert_raise(ArgumentError){ @c['foo'] = ["a\nb"] } end def test_AREF @@ -65,6 +72,10 @@ class HTTPHeaderTest < Test::Unit::TestCase @c.add_field 'My-Header', 'd, d' assert_equal 'a, b, c, d, d', @c['My-Header'] assert_equal ['a', 'b', 'c', 'd, d'], @c.get_fields('My-Header') + assert_raise(ArgumentError){ @c.add_field 'My-Header', "d\nd" } + @c.add_field 'My-Header', ['e', ['f', 7]] + assert_equal 'a, b, c, d, d, e, f, 7', @c['My-Header'] + assert_equal ['a', 'b', 'c', 'd, d', 'e', 'f', '7'], @c.get_fields('My-Header') end def test_get_fields