Permalink
Browse files

merge revision(s) 29002:

	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
	  Fix for possible cross-site scripting (CVE-2010-0541). 
	  Found by Apple, reported by Hideki Yamane.
	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8_7@29006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
1 parent 10155be commit 065ecf13599e7783183d9d4b18015e6e5c658313 @shyouhei shyouhei committed Aug 16, 2010
Showing with 2 additions and 2 deletions.
  1. +1 −1 lib/webrick/httpresponse.rb
  2. +1 −1 version.h
@@ -209,7 +209,7 @@ def set_error(ex, backtrace=false)
@keep_alive = false
self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
end
- @header['content-type'] = "text/html"
+ @header['content-type'] = "text/html; charset=ISO-8859-1"
if respond_to?(:create_error_page)
create_error_page()
View
@@ -2,7 +2,7 @@
#define RUBY_RELEASE_DATE "2010-08-16"
#define RUBY_VERSION_CODE 187
#define RUBY_RELEASE_CODE 20100816
-#define RUBY_PATCHLEVEL 301
+#define RUBY_PATCHLEVEL 302
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8

0 comments on commit 065ecf1

Please sign in to comment.