Skip to content

Commit

Permalink
Fix digest paramater scanning.
Browse files Browse the repository at this point in the history 
Current scan sometimes took down sites.
Worst case scenario is when a user just clicked "ok" without entering a username. This could take down the entire website.
This is related to the ruby (language) bug:
http://rubyforge.org/tracker/index.php?func=detail&aid=21131&group_id=426&atid=1698
  • Loading branch information
@clivecrous
clivecrous committed Jul 9, 2008
1 parent 4027f27 commit ebefdb2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/rack/auth/digest/params.rb
View file
Expand Up @@ -17,8 +17,8 @@ def self.dequote(str) # From WEBrick::HTTPUtils
ret
end

def self.split_header_value(str) # From WEBrick::HTTPUtils
str.scan(/((?:"(?:\\.|[^"])+?"|[^",]+)+)(?:,\s*|\Z)/n).collect{ |v| v[0] }
def self.split_header_value(str)
str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
end

def initialize
Expand Down

0 comments on commit ebefdb2

Please sign in to comment.