* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single

unescaped ampersand. a patch from Tietew <tietew+ruby-dev at tietew.net> in [ruby-dev:30292]. fixed: [ruby-dev:30289] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11746 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2007-02-15 01:59:07 +00:00 · 2007-02-15 01:59:07 +00:00 · 713920f74e
commit 713920f74e
parent c31e487592
2 changed files with 12 additions and 5 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Thu Feb 15 10:57:38 2007  Tietew  <tietew@tietew.net>>
+
+	* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single
+	  unescaped ampersand.  a patch from Tietew
+	  <tietew+ruby-dev at tietew.net> in [ruby-dev:30292].
+	  fixed: [ruby-dev:30289]
+
 Thu Feb 15 10:48:40 2007  MenTaLguY  <mental@rydia.net>

 	* ext/thread/thread.c: Handle interrupted waits correctly.
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@ -367,13 +367,13 @@ class CGI
  #   CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
  #      # => "Usage: foo \"bar\" <baz>"
  def CGI::unescapeHTML(string)
-    string.gsub(/&(.*?);/n) do
+    string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do
      match = $1.dup
      case match
-      when /\Aamp\z/ni           then '&'
-      when /\Aquot\z/ni          then '"'
-      when /\Agt\z/ni            then '>'
-      when /\Alt\z/ni            then '<'
+      when 'amp'                 then '&'
+      when 'quot'                then '"'
+      when 'gt'                  then '>'
+      when 'lt'                  then '<'
      when /\A#0*(\d+)\z/n       then
        if Integer($1) < 256
          Integer($1).chr