Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
rubygem-actionpack-2_1
rubygem-actionpack-2.1.2_CVE-2009-3009_actionpa...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionpack-2.1.2_CVE-2009-3009_actionpack.patch of Package rubygem-actionpack-2_1
From 9af2823b32e001358babde7644e5cc1c0ec29d6e Mon Sep 17 00:00:00 2001 From: Michael Koziarski <michael@koziarski.com> Date: Mon, 31 Aug 2009 12:07:30 -0700 Subject: [PATCH] Clean tag attributes before passing through the escape_once logic. Addresses CVE-2009-3009 --- actionpack/lib/action_view/helpers/tag_helper.rb | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Index: lib/action_view/helpers/tag_helper.rb =================================================================== --- lib/action_view/helpers/tag_helper.rb.orig 1970-01-01 01:00:00.000000000 +0100 +++ lib/action_view/helpers/tag_helper.rb 2009-09-16 15:09:10.075039531 +0200 @@ -101,7 +101,7 @@ module ActionView # escape_once("<< Accept & Checkout") # # => "<< Accept & Checkout" def escape_once(html) - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } + ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } end private
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor