rpms / rubygem-actionpack

Clone
Source Code
GIT

Blame rubygem-actionpack-2.1.x-CVE-2009-3009.patch

el5 el6 epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 main rawhide
  1.   1846e015b6717cfea68708e7b73fecd158f419ff
  2.   rubygem-actionpack-2.1.x-CVE-2009-3009.patch
Blob History Raw
1846e01 
From 9af2823b32e001358babde7644e5cc1c0ec29d6e Mon Sep 17 00:00:00 2001
1846e01 
From: Michael Koziarski <michael@koziarski.com>
1846e01 
Date: Mon, 31 Aug 2009 12:07:30 -0700
1846e01 
Subject: [PATCH] Clean tag attributes before passing through the escape_once logic.
1846e01
1846e01 
Addresses CVE-2009-3009
1846e01 
---
1846e01 
 actionpack/lib/action_view/helpers/tag_helper.rb |    2 +-
1846e01 
 1 files changed, 1 insertions(+), 1 deletions(-)
1846e01
1846e01 
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
1846e01 
index ba43b5e..623b8f7 100644
1846e01 
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
1846e01 
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
1846e01 
@@ -101,7 +101,7 @@ module ActionView
1846e01 
       #   escape_once("<< Accept & Checkout")
1846e01 
       #   # => "<< Accept & Checkout"
1846e01 
       def escape_once(html)
1846e01 
-        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
1846e01 
+        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
1846e01 
       end
1846e01
1846e01 
       private
1846e01 
--
1846e01 
1.6.0.1
1846e01
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.