Skip to content
Browse files

Fix digest paramater scanning.

Current scan sometimes took down sites.
Worst case scenario is when a user just clicked "ok" without entering a username. This could take down the entire website.
This is related to the ruby (language) bug:
http://rubyforge.org/tracker/index.php?func=detail&aid=21131&group_id=426&atid=1698
  • Loading branch information...
1 parent 4027f27 commit ebefdb2fa7d92eaa58122542c37f7cfda3ae7c3f @clivecrous clivecrous committed Jul 9, 2008
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/rack/auth/digest/params.rb
View
4 lib/rack/auth/digest/params.rb
@@ -17,8 +17,8 @@ def self.dequote(str) # From WEBrick::HTTPUtils
ret
end
- def self.split_header_value(str) # From WEBrick::HTTPUtils
- str.scan(/((?:"(?:\\.|[^"])+?"|[^",]+)+)(?:,\s*|\Z)/n).collect{ |v| v[0] }
+ def self.split_header_value(str)
+ str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
end
def initialize

0 comments on commit ebefdb2

Please sign in to comment.
Something went wrong with that request. Please try again.