* lib/cgi.rb (CGI::QueryExtension::read_multipart): should quote

  boundary. JVN#84798830


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@11330 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 8 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 44bfb41fe..67cd242bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Dec  4 08:32:49 2006  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/cgi.rb (CGI::QueryExtension::read_multipart): should quote
+	  boundary. JVN#84798830
+
 Sat Dec  2 07:09:04 2006  GOTOU Yuuzou  <gotoyuzo@notwork.org>
 
 	* ext/openssl/ossl_ocsp.c: OpenSSL::OCSP::OSCPError should be
diff --git a/lib/cgi.rb b/lib/cgi.rb
index aed619157..d937f5819 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -967,6 +967,7 @@ class CGI
     def read_multipart(boundary, content_length)
       params = Hash.new([])
       boundary = "--" + boundary
+      quoted_boundary = Regexp.quote(boundary, "n")
       buf = ""
       bufsize = 10 * 1024
       boundary_end=""
@@ -998,7 +999,7 @@ class CGI
         end
         body.binmode if defined? body.binmode
 
-        until head and /#{boundary}(?:#{EOL}|--)/n.match(buf)
+        until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf)
 
           if (not head) and /#{EOL}#{EOL}/n.match(buf)
             buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do
@@ -1025,7 +1026,7 @@ class CGI
           content_length -= c.size
         end
 
-        buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{boundary}([\r\n]{1,2}|--)/n) do
+        buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do
           body.print $1
           if "--" == $2
             content_length = -1