Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

merge revision(s) 29002:

	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
	  Fix for possible cross-site scripting (CVE-2010-0541). 
	  Found by Apple, reported by Hideki Yamane.
	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@29006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
commit b08619c82a09b204e818a16e9ad6343ef9a1b9fd 1 parent 4b46ec3
@shyouhei shyouhei authored
Showing with 2 additions and 2 deletions.
  1. +1 −1  lib/webrick/httpresponse.rb
  2. +1 −1  version.h
View
2  lib/webrick/httpresponse.rb
@@ -209,7 +209,7 @@ def set_error(ex, backtrace=false)
@keep_alive = false
self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
end
- @header['content-type'] = "text/html"
+ @header['content-type'] = "text/html; charset=ISO-8859-1"
if respond_to?(:create_error_page)
create_error_page()
View
2  version.h
@@ -2,7 +2,7 @@
#define RUBY_RELEASE_DATE "2010-08-16"
#define RUBY_VERSION_CODE 187
#define RUBY_RELEASE_CODE 20100816
-#define RUBY_PATCHLEVEL 301
+#define RUBY_PATCHLEVEL 302
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8
Please sign in to comment.
Something went wrong with that request. Please try again.