aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-02-08 07:19:54 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-02-08 07:19:54 +0000
commitd592db9308fa8823e2d40f94cee8874b39c0dc65 (patch)
treedf42793c9b48e6bd454835ac429a7127927a4c25
parentea2dd2e805fbaf1f5ee491397db9a16eb1d4dbe3 (diff)
downloadruby-d592db9308fa8823e2d40f94cee8874b39c0dc65.tar.gz
* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single
unescaped ampersand. a patch from Tietew <tietew+ruby-dev at tietew.net> in [ruby-dev:30292]. fixed: [ruby-dev:30289] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog7
-rw-r--r--lib/cgi.rb10
2 files changed, 12 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 368dc555ee..8ee3f02089 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,13 @@ Thu Feb 8 15:00:14 2007 Koichi Sasada <ko1@atdot.net>
* common.mk: fix around vm_opts.h path
and remove harmful argument passed to insns2vm.rb.
+Thu Feb 8 03:11:47 2007 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single
+ unescaped ampersand. a patch from Tietew
+ <tietew+ruby-dev at tietew.net> in [ruby-dev:30292].
+ fixed: [ruby-dev:30289]
+
Wed Feb 7 23:25:31 2007 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (specific_eval): suppress warning.
diff --git a/lib/cgi.rb b/lib/cgi.rb
index cb348596ea..b6e432eb48 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -367,13 +367,13 @@ class CGI
# CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
# # => "Usage: foo \"bar\" <baz>"
def CGI::unescapeHTML(string)
- string.gsub(/&(.*?);/n) do
+ string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do
match = $1.dup
case match
- when /\Aamp\z/ni then '&'
- when /\Aquot\z/ni then '"'
- when /\Agt\z/ni then '>'
- when /\Alt\z/ni then '<'
+ when 'amp' then '&'
+ when 'quot' then '"'
+ when 'gt' then '>'
+ when 'lt' then '<'
when /\A#0*(\d+)\z/n then
if Integer($1) < 256
Integer($1).chr