1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single

unescaped ampersand.  a patch from Tietew
  <tietew+ruby-dev at tietew.net> in [ruby-dev:30292].
  fixed: [ruby-dev:30289]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
matz 2007-02-08 07:19:54 +00:00
parent ea2dd2e805
commit d592db9308
2 changed files with 12 additions and 5 deletions

View file

@ -17,6 +17,13 @@ Thu Feb 8 15:00:14 2007 Koichi Sasada <ko1@atdot.net>
* common.mk: fix around vm_opts.h path
and remove harmful argument passed to insns2vm.rb.
Thu Feb 8 03:11:47 2007 Yukihiro Matsumoto <matz@ruby-lang.org>
* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single
unescaped ampersand. a patch from Tietew
<tietew+ruby-dev at tietew.net> in [ruby-dev:30292].
fixed: [ruby-dev:30289]
Wed Feb 7 23:25:31 2007 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (specific_eval): suppress warning.

View file

@ -367,13 +367,13 @@ class CGI
# CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
# # => "Usage: foo \"bar\" <baz>"
def CGI::unescapeHTML(string)
string.gsub(/&(.*?);/n) do
string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do
match = $1.dup
case match
when /\Aamp\z/ni then '&'
when /\Aquot\z/ni then '"'
when /\Agt\z/ni then '>'
when /\Alt\z/ni then '<'
when 'amp' then '&'
when 'quot' then '"'
when 'gt' then '>'
when 'lt' then '<'
when /\A#0*(\d+)\z/n then
if Integer($1) < 256
Integer($1).chr