diff options
Diffstat (limited to 'rubygem-actionpack-2.3.x-CVE-2009-4214.patch')
| -rw-r--r-- | rubygem-actionpack-2.3.x-CVE-2009-4214.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/rubygem-actionpack-2.3.x-CVE-2009-4214.patch b/rubygem-actionpack-2.3.x-CVE-2009-4214.patch deleted file mode 100644 index d180be8..0000000 --- a/rubygem-actionpack-2.3.x-CVE-2009-4214.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bfe032858077bb2946abe25e95e485ba6da86bd5 Mon Sep 17 00:00:00 2001
-From: Gabe da Silveira <gabe@websaviour.com>
-Date: Mon, 16 Nov 2009 21:17:35 -0800
-Subject: [PATCH] Make sure strip_tags removes tags which start with a non-printable character
-
-Signed-off-by: Michael Koziarski <michael@koziarski.com>
----
- .../vendor/html-scanner/html/node.rb | 2 +-
- .../test/controller/html-scanner/sanitizer_test.rb | 1 +
- 2 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
-index 6c03316..0cd05d8 100644
---- a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
-+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
-@@ -162,7 +162,7 @@ module HTML #:nodoc:
- end
-
- closing = ( scanner.scan(/\//) ? :close : nil )
-- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
-+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
- name.downcase!
-
- unless closing
-diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb
-index e85a5c7..1923544 100644
---- a/actionpack/test/controller/html-scanner/sanitizer_test.rb
-+++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb
-@@ -19,6 +19,7 @@ class SanitizerTest < ActionController::TestCase
- assert_equal "This has a here.", sanitizer.sanitize("This has a <!-- comment --> here.")
- assert_equal "This has a here.", sanitizer.sanitize("This has a <![CDATA[<section>]]> here.")
- assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed <![CDATA[<section>]] here...")
-+ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag</a>")
- [nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) }
- end
-
---
-1.6.0.1
-
|