From cc24eb85189fe811f4cdd01b5ba070461d5c376a Mon Sep 17 00:00:00 2001 From: matz Date: Sat, 17 Sep 2005 14:55:06 +0000 Subject: * lib/cgi.rb (CGI::Cookie): should handle multiple values for a cookie name. [ruby-talk:156140] * string.c (rb_str_substr): should propagate taintness even for empty strings. [ruby-dev:27121] * string.c (rb_str_aref): should infect result if range argument is tainted. [ruby-dev:27121] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 13 +++++++++++++ io.c | 2 +- lib/cgi.rb | 7 ++++--- string.c | 13 +++++++++---- 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5047f0b32f..49d0cb3e35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Sat Sep 17 23:20:27 2005 Yukihiro Matsumoto + + * lib/cgi.rb (CGI::Cookie): should handle multiple values for a + cookie name. [ruby-talk:156140] + Sat Sep 17 10:42:13 2005 Hidetoshi NAGAI * ext/tk/lib/multi-tk.rb: MultiTkIp#eval_string and bg_eval_string @@ -5,6 +10,14 @@ Sat Sep 17 10:42:13 2005 Hidetoshi NAGAI safe-level (Of course, the given script should be evaluated on slave's safe-level). +Sat Sep 17 09:45:26 2005 Yukihiro Matsumoto + + * string.c (rb_str_substr): should propagate taintness even for + empty strings. [ruby-dev:27121] + + * string.c (rb_str_aref): should infect result if range argument + is tainted. [ruby-dev:27121] + Sat Sep 17 08:35:39 2005 Kouhei Sutou * lib/rss/maker/base.rb (RSS::Maker::ItemsBase#normalize): fixed diff --git a/io.c b/io.c index 6d5b4f9920..e3bc73a2dd 100644 --- a/io.c +++ b/io.c @@ -32,7 +32,7 @@ # define NO_LONG_FNAME #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(sun) || defined(_nec_ews) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) || defined(sun) || defined(_nec_ews) # define USE_SETVBUF #endif diff --git a/lib/cgi.rb b/lib/cgi.rb index 7c84f64640..b18a03524c 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -870,15 +870,16 @@ class CGI cookies = Hash.new([]) return cookies unless raw_cookie - raw_cookie.split(/; /).each do |pairs| + raw_cookie.split(/[;,] /).each do |pairs| name, values = pairs.split('=',2) next unless name and values name = CGI::unescape(name) values ||= "" values = values.split('&').collect{|v| CGI::unescape(v) } - unless cookies.has_key?(name) - cookies[name] = Cookie::new({ "name" => name, "value" => values }) + if cookies.has_key?(name) + values = cookies[name].value + values end + cookies[name] = Cookie::new({ "name" => name, "value" => values }) end cookies diff --git a/string.c b/string.c index 206ef70691..ccfda5c8f4 100644 --- a/string.c +++ b/string.c @@ -605,9 +605,10 @@ rb_str_substr(str, beg, len) if (len < 0) { len = 0; } - if (len == 0) return rb_str_new5(str,0,0); - - if (len > sizeof(struct RString)/2 && + if (len == 0) { + str2 = rb_str_new5(str,0,0); + } + else if (len > sizeof(struct RString)/2 && beg + len == RSTRING(str)->len && !FL_TEST(str, STR_ASSOC)) { str2 = rb_str_new3(rb_str_new4(str)); RSTRING(str2)->ptr += RSTRING(str2)->len - len; @@ -1539,13 +1540,17 @@ rb_str_aref(str, indx) /* check if indx is Range */ { long beg, len; + VALUE tmp; + switch (rb_range_beg_len(indx, &beg, &len, RSTRING(str)->len, 0)) { case Qfalse: break; case Qnil: return Qnil; default: - return rb_str_substr(str, beg, len); + tmp = rb_str_substr(str, beg, len); + OBJ_INFECT(tmp, indx); + return tmp; } } idx = NUM2LONG(indx); -- cgit v1.2.3