Don't check tainting in access log escaping

jeremyevans · jeremyevans · commit 4c430f9410b3 · 2019-10-18T11:40:36.000-07:00
Only untaint result on Ruby &lt;2.7, as taint support is deprecated
in Ruby 2.7+ and no longer has an effect.
diff --git a/lib/webrick/accesslog.rb b/lib/webrick/accesslog.rb
@@ -149,11 +149,9 @@ def format(format_string, params)
     # Escapes control characters in +data+
 
     def escape(data)
-      if data.tainted?
-        data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
-      else
-        data
-      end
+      data = data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}
+      data.untaint if RUBY_VERSION < '2.7'
+      data
     end
   end
 end
