diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-02-08 07:19:54 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-02-08 07:19:54 +0000 |
| commit | 7a90cf744638495de739e34e0790178eafa5479d (patch) | |
| tree | df42793c9b48e6bd454835ac429a7127927a4c25 /lib | |
| parent | e193c1117e23e2987abf370de4fbc2608e9b7ec5 (diff) | |
| download | ruby-7a90cf744638495de739e34e0790178eafa5479d.tar.gz ruby-7a90cf744638495de739e34e0790178eafa5479d.tar.xz ruby-7a90cf744638495de739e34e0790178eafa5479d.zip | |
* lib/cgi.rb (CGI::unescapeHTML): invalid decoding for single
unescaped ampersand. a patch from Tietew
<tietew+ruby-dev at tietew.net> in [ruby-dev:30292].
fixed: [ruby-dev:30289]
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@11660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/cgi.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/cgi.rb b/lib/cgi.rb index cb348596e..b6e432eb4 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -367,13 +367,13 @@ class CGI # CGI::unescapeHTML("Usage: foo "bar" <baz>") # # => "Usage: foo \"bar\" <baz>" def CGI::unescapeHTML(string) - string.gsub(/&(.*?);/n) do + string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do match = $1.dup case match - when /\Aamp\z/ni then '&' - when /\Aquot\z/ni then '"' - when /\Agt\z/ni then '>' - when /\Alt\z/ni then '<' + when 'amp' then '&' + when 'quot' then '"' + when 'gt' then '>' + when 'lt' then '<' when /\A#0*(\d+)\z/n then if Integer($1) < 256 Integer($1).chr |