deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Security: Response Splitting

Browse source 
Apply a patch to close the Response Splitting vulnerability in Rails.
See

   http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
This commit is contained in:
Jacques Distler 2008-10-20 14:22:17 -05:00
parent 2fb41f12ce
commit 8d1d8a5693
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
vendor/rails/actionpack/lib/action_controller/response.rb vendored
View file

@ -30,9 +30,9 @@ module ActionController
def redirect(to_url, response_status) def redirect(to_url, response_status)
self.headers["Status"] = response_status self.headers["Status"] = response_status
self.headers["Location"] = to_url self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>" self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
end end
def prepare! def prepare!