Overview

File ruby-1.8.x_webrick_charset_issue.patch of Package ruby

Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@yugui.jp>

* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
  Fix for possible cross-site scripting (CVE-2010-0541). 
  Found by Apple, reported by Hideki Yamane.
  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.

Index: lib/webrick/httpresponse.rb
===================================================================
--- lib/webrick/httpresponse.rb (revision 29001)
+++ lib/webrick/httpresponse.rb (revision 29002)
@@ -209,7 +209,7 @@
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
openSUSE Build Service is sponsored by
Places