* lib/cgi.rb (CGI::QueryExtension::read_multipart): check

multipart boundary end. a patch from Fujioka <fuj at rabbix.jp> [ruby-dev:28470] git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@10601 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2006-07-26 07:09:32 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2006-07-26 07:09:32 +0000
commit: 7edf6b576e7e40155d830a573966a691fd7c809c (patch)
tree: 761bc642d9a26f6f43ea86bdec85caf1a8aa2d50 /lib
parent: 19f79a8f5c066b337c16adcf64dfbe967375a9b3 (diff)
download: ruby-7edf6b576e7e40155d830a573966a691fd7c809c.tar.gz
ruby-7edf6b576e7e40155d830a573966a691fd7c809c.tar.xz
ruby-7edf6b576e7e40155d830a573966a691fd7c809c.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/cgi.rb b/lib/cgi.rb
index 04f0b5e7c..4308efcb6 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -981,6 +981,7 @@ class CGI
       boundary = "--" + boundary
       buf = ""
       bufsize = 10 * 1024
+      boundary_end=""
 
       # start multipart/form-data
       stdinput.binmode if defined? stdinput.binmode
@@ -1028,6 +1029,7 @@ class CGI
           if "--" == $2
             content_length = -1
           end
+         boundary_end = $2.dup
           ""
         end
 
@@ -1062,6 +1064,7 @@ class CGI
         break if buf.size == 0
         break if content_length === -1
       end
+      raise EOFError, "bad boundary end of body part" unless boundary_end=~/--/
 
       params
     end # read_multipart
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2006-07-26 07:09:32 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2006-07-26 07:09:32 +0000
commit	7edf6b576e7e40155d830a573966a691fd7c809c (patch)
tree	761bc642d9a26f6f43ea86bdec85caf1a8aa2d50 /lib
parent	19f79a8f5c066b337c16adcf64dfbe967375a9b3 (diff)
download	ruby-7edf6b576e7e40155d830a573966a691fd7c809c.tar.gz ruby-7edf6b576e7e40155d830a573966a691fd7c809c.tar.xz ruby-7edf6b576e7e40155d830a573966a691fd7c809c.zip