diff options
author | Jeremy Evans <code@jeremyevans.net> | 2019-10-18 11:40:36 -0700 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-10-24 19:47:29 +0900 |
commit | f126d80b1e4f42e854555e728cd4478fc7ff56db (patch) | |
tree | 1ffa61bd9ac6e6330381797e07498395014984e7 /lib/webrick | |
parent | c28d50a753615dff9bd721f608846d4ef541feb1 (diff) | |
download | ruby-f126d80b1e4f42e854555e728cd4478fc7ff56db.tar.gz |
[ruby/webrick] Don't check tainting in access log escaping
Only untaint result on Ruby <2.7, as taint support is deprecated
in Ruby 2.7+ and no longer has an effect.
https://github.com/ruby/webrick/commit/4c430f9410
Diffstat (limited to 'lib/webrick')
-rw-r--r-- | lib/webrick/accesslog.rb | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/webrick/accesslog.rb b/lib/webrick/accesslog.rb index 17e5b38ac9..e4849637f3 100644 --- a/lib/webrick/accesslog.rb +++ b/lib/webrick/accesslog.rb @@ -149,11 +149,9 @@ module WEBrick # Escapes control characters in +data+ def escape(data) - if data.tainted? - data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint - else - data - end + data = data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]} + data.untaint if RUBY_VERSION < '2.7' + data end end end |