From c2cbd5528cd1ecd0db08f93dbdd1de7175805ef3 Mon Sep 17 00:00:00 2001 From: tenderlove Date: Thu, 15 Sep 2016 21:44:56 +0000 Subject: Don't include bad password in URI exception output We shouldn't include the bad password in the URI exception output message. Just knowing that there is a bad password is enough information. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56166 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 7 +++++++ lib/uri/generic.rb | 2 +- test/uri/test_generic.rb | 9 +++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 84bfdb8a2c..d3b2eee49b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Fri Sep 16 06:43:25 2016 Aaron Patterson + + * lib/uri/generic.rb (def check_password): don't include bad password + in URI exception output + + * test/uri/test_generic.rb (def test_set_component): test for behavior + Thu Sep 15 21:40:03 2016 Kazuhiro NISHIYAMA * doc/extension.ja.rdoc: Fix file name. diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb index 5e980d699e..81d46f72a5 100644 --- a/lib/uri/generic.rb +++ b/lib/uri/generic.rb @@ -428,7 +428,7 @@ module URI if parser.regexp[:USERINFO] !~ v raise InvalidComponentError, - "bad component(expected user component): #{v}" + "bad password component" end return true diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb index 3510129832..803d427f13 100644 --- a/test/uri/test_generic.rb +++ b/test/uri/test_generic.rb @@ -749,6 +749,15 @@ class URI::TestGeneric < Test::Unit::TestCase assert_equal('foo:xyzzy', uri.to_s) end + def test_bad_password_component + uri = URI.parse('http://foo:bar@baz') + password = 'foo@bar' + e = assert_raise(URI::InvalidComponentError) do + uri.password = password + end + refute_match password, e.message + end + def test_set_scheme uri = URI.parse 'HTTP://example' -- cgit v1.2.3