Overview

File 0010-CVE-2024-47887.patch of Package rubygem-actionpack-5_1.36289

Index: actionpack-5.1.4/lib/action_controller/metal/http_authentication.rb
===================================================================
--- actionpack-5.1.4.orig/lib/action_controller/metal/http_authentication.rb
+++ actionpack-5.1.4/lib/action_controller/metal/http_authentication.rb
@@ -482,7 +482,7 @@ module ActionController
       # pairs by the standardized <tt>:</tt>, <tt>;</tt>, or <tt>\t</tt>
       # delimiters defined in +AUTHN_PAIR_DELIMITERS+.
       def raw_params(auth)
-        _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
+        _raw_params = auth.sub(TOKEN_REGEX, "").split(AUTHN_PAIR_DELIMITERS).map(&:strip)
 
         if !(_raw_params.first =~ %r{\A#{TOKEN_KEY}})
           _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
openSUSE Build Service is sponsored by
Places