Permalink
Browse files

Fixed a Regexp bug that can DoS your box.

  • Loading branch information...
1 parent 9f0e0bd commit 19451fc0463ec424fa368cac05be15c75e87e016 @usergenic usergenic committed Jul 13, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/rack/backports/uri/common.rb
@@ -64,7 +64,7 @@ def self.decode_www_form_component(str, enc=nil)
rescue
end
end
- raise ArgumentError, "invalid %-encoding (#{str})" unless /\A(?:%[0-9a-fA-F]{2}|[^%]+)*\z/ =~ str
+ raise ArgumentError, "invalid %-encoding (#{str})" unless /\A(?:%[0-9a-fA-F]{2}|[^%])*\z/ =~ str
str.gsub(/\+|%[0-9a-fA-F]{2}/) {|m| TBLDECWWWCOMP_[m]}
end
end

0 comments on commit 19451fc

Please sign in to comment.