1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
$NetBSD: patch-dy,v 1.2 2010/01/14 15:07:28 taca Exp $
webrick security fix.
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
--- lib/webrick/httpstatus.rb.orig 2007-02-12 23:01:19.000000000 +0000
+++ lib/webrick/httpstatus.rb
@@ -12,7 +12,18 @@ module WEBrick
module HTTPStatus
- class Status < StandardError; end
+ class Status < StandardError
+ def initialize(*args)
+ args[0] = AccessLog.escape(args[0]) unless args.empty?
+ super(*args)
+ end
+ class << self
+ attr_reader :code, :reason_phrase
+ end
+ def code() self::class::code end
+ def reason_phrase() self::class::reason_phrase end
+ alias to_i code
+ end
class Info < Status; end
class Success < Status; end
class Redirect < Status; end
@@ -68,6 +79,7 @@ module WEBrick
CodeToError = {}
StatusMessage.each{|code, message|
+ message.freeze
var_name = message.gsub(/[ \-]/,'_').upcase
err_name = message.gsub(/[ \-]/,'')
@@ -79,18 +91,12 @@ module WEBrick
when 500...600; parent = ServerError
end
- eval %-
- RC_#{var_name} = #{code}
- class #{err_name} < #{parent}
- def self.code() RC_#{var_name} end
- def self.reason_phrase() StatusMessage[code] end
- def code() self::class::code end
- def reason_phrase() self::class::reason_phrase end
- alias to_i code
- end
- -
-
- CodeToError[code] = const_get(err_name)
+ const_set("RC_#{var_name}", code)
+ err_class = Class.new(parent)
+ err_class.instance_variable_set(:@code, code)
+ err_class.instance_variable_set(:@reason_phrase, message)
+ const_set(err_name, err_class)
+ CodeToError[code] = err_class
}
def reason_phrase(code)
|
