From 1bf066dcfaeb05130f9b69c2f0928987371ecbc6 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 10 Dec 2018 23:54:14 +0000
Subject: Preserve HTTP header key as string [Bug #15394]

to prevent send Host header twice accidentally.

From: Sangyong Sim <sangyong-sim@cookpad.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66319 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/http/header.rb | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

(limited to 'lib/net')

diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb
index 4fa6d8a772..4c8758ad09 100644
--- a/lib/net/http/header.rb
+++ b/lib/net/http/header.rb
@@ -22,7 +22,7 @@ module Net::HTTPHeader
         if value.count("\r\n") > 0
           raise ArgumentError, "header #{key} has field value #{value.inspect}, this cannot include CR/LF"
         end
-        @header[key.downcase] = [value]
+        @header[key.to_str.downcase] = [value]
       end
     end
   end
@@ -36,14 +36,14 @@ module Net::HTTPHeader
   # Returns the header field corresponding to the case-insensitive key.
   # For example, a key of "Content-Type" might return "text/html"
   def [](key)
-    a = @header[key.downcase] or return nil
+    a = @header[key.to_str.downcase] or return nil
     a.join(', ')
   end
 
   # Sets the header field corresponding to the case-insensitive key.
   def []=(key, val)
     unless val
-      @header.delete key.downcase
+      @header.delete key.to_str.downcase
       return val
     end
     set_field(key, val)
@@ -65,8 +65,9 @@ module Net::HTTPHeader
   #   p request.get_fields('X-My-Header')   #=> ["a", "b", "c"]
   #
   def add_field(key, val)
-    if @header.key?(key.downcase)
-      append_field_value(@header[key.downcase], val)
+    stringified_downcased_key = key.to_str.downcase
+    if @header.key?(stringified_downcased_key)
+      append_field_value(@header[stringified_downcased_key], val)
     else
       set_field(key, val)
     end
@@ -77,13 +78,13 @@ module Net::HTTPHeader
     when Enumerable
       ary = []
       append_field_value(ary, val)
-      @header[key.downcase] = ary
+      @header[key.to_str.downcase] = ary
     else
       val = val.to_s # for compatibility use to_s instead of to_str
       if val.b.count("\r\n") > 0
         raise ArgumentError, 'header field value cannot include CR/LF'
       end
-      @header[key.downcase] = [val]
+      @header[key.to_str.downcase] = [val]
     end
   end
 
@@ -112,8 +113,9 @@ module Net::HTTPHeader
   #     #=> "session=al98axx; expires=Fri, 31-Dec-1999 23:58:23, query=rubyscript; expires=Fri, 31-Dec-1999 23:58:23"
   #
   def get_fields(key)
-    return nil unless @header[key.downcase]
-    @header[key.downcase].dup
+    stringified_downcased_key = key.to_str.downcase
+    return nil unless @header[stringified_downcased_key]
+    @header[stringified_downcased_key].dup
   end
 
   # Returns the header field corresponding to the case-insensitive key.
@@ -121,7 +123,7 @@ module Net::HTTPHeader
   # raises an IndexError if there's no header field named +key+
   # See Hash#fetch
   def fetch(key, *args, &block)   #:yield: +key+
-    a = @header.fetch(key.downcase, *args, &block)
+    a = @header.fetch(key.to_str.downcase, *args, &block)
     a.kind_of?(Array) ? a.join(', ') : a
   end
 
@@ -182,12 +184,12 @@ module Net::HTTPHeader
 
   # Removes a header field, specified by case-insensitive key.
   def delete(key)
-    @header.delete(key.downcase)
+    @header.delete(key.to_str.downcase)
   end
 
   # true if +key+ header exists.
   def key?(key)
-    @header.key?(key.downcase)
+    @header.key?(key.to_str.downcase)
   end
 
   # Returns a Hash consisting of header names and array of values.
-- 
cgit v1.2.3