[ruby/webrick] Don't check tainting in access log escaping

Only untaint result on Ruby <2.7, as taint support is deprecated in Ruby 2.7+ and no longer has an effect. https://github.com/ruby/webrick/commit/4c430f9410
2022-11-09 12:17:21 -05:00 · 2019-10-18 11:40:36 -07:00 · 2019-10-18 11:40:36 -07:00 · f126d80b1e
commit f126d80b1e
parent c28d50a753
1 changed files with 3 additions and 5 deletions
--- a/lib/webrick/accesslog.rb
+++ b/lib/webrick/accesslog.rb
@ -149,11 +149,9 @@ module WEBrick
    # Escapes control characters in +data+

    def escape(data)
-      if data.tainted?
-        data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
-      else
-        data
-      end
+      data = data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}
+      data.untaint if RUBY_VERSION < '2.7'
+      data
    end
  end
 end