File 0011-CVE-2024-42228.patch of Package rubygem-actionpack-5_1.36289

Index: actionpack-5.1.4/lib/action_dispatch/http/filter_parameters.rb
===================================================================
--- actionpack-5.1.4.orig/lib/action_dispatch/http/filter_parameters.rb
+++ actionpack-5.1.4/lib/action_dispatch/http/filter_parameters.rb
@@ -70,12 +70,17 @@ module ActionDispatch
         ParameterFilter.new(filters)
       end
 
-      KV_RE   = "[^&;=]+"
-      PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
       def filtered_query_string # :doc:
-        query_string.gsub(PAIR_RE) do |_|
-          parameter_filter.filter($1 => $2).first.join("=")
+        parts = query_string.split(/([&;])/)
+        filtered_parts = parts.map do |part|
+          if part.include?("=")
+            key, value = part.split("=", 2)
+            parameter_filter.filter(key => value).first.join("=")
+          else
+            part
+          end
         end
+        filtered_parts.join("")
       end
     end
   end

Places

File 0011-CVE-2024-42228.patch of Package rubygem-actionpack-5_1.36289

Places