Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):

  Fix for possible cross-site scripting (CVE-2010-0541).
  Found by Apple, reported by Hideki Yamane.
  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@28997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
commit 2e632711482dfbfc8e18990be485fbed4784a095 1 parent 10bc4d2
@yugui yugui authored
Showing with 12 additions and 5 deletions.
  1. +7 −0 ChangeLog
  2. +1 −1  lib/webrick/httpresponse.rb
  3. +4 −4 version.h
View
7 ChangeLog
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@yugui.jp>
+
+ * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+ Fix for possible cross-site scripting (CVE-2010-0541).
+ Found by Apple, reported by Hideki Yamane.
+ Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
Fri Jul 2 19:07:09 2010 Yuki Sonoda (Yugui) <yugui@yugui.jp>
* io.c (argf_inplace_mode_set): prohibits an assignment
View
2  lib/webrick/httpresponse.rb
@@ -208,7 +208,7 @@ def set_error(ex, backtrace=false)
@keep_alive = false
self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
end
- @header['content-type'] = "text/html"
+ @header['content-type'] = "text/html; charset=ISO-8859-1"
if respond_to?(:create_error_page)
create_error_page()
View
8 version.h
@@ -1,13 +1,13 @@
#define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 429
+#define RUBY_PATCHLEVEL 430
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 9
#define RUBY_VERSION_TEENY 1
#define RUBY_RELEASE_YEAR 2010
-#define RUBY_RELEASE_MONTH 7
-#define RUBY_RELEASE_DAY 14
-#define RUBY_RELEASE_DATE "2010-07-14"
+#define RUBY_RELEASE_MONTH 8
+#define RUBY_RELEASE_DAY 16
+#define RUBY_RELEASE_DATE "2010-08-16"
#ifdef RUBY_EXTERN
RUBY_EXTERN const char ruby_version[];
Please sign in to comment.
Something went wrong with that request. Please try again.