source: trunk/server/common/patches/rubygem-actionpack-2.3.x-CVE-2009-3009.patch @ 1329

Last change on this file since 1329 was 1329, checked in by mitchb, 15 years ago
Scriptsify activesupport and actionpack ruby gems, patch for CVE-2009-3009
File size: 693 bytes

  • actionpack/lib/action_view/helpers/tag_helper.rb 

    diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index af8c4d5..db99a0e 100644
    a b module ActionView 
    103103      #   escape_once("<< Accept & Checkout")
    104104      #   # => "<< Accept & Checkout"
    105105      def escape_once(html)
    106         html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
     106        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
    107107      end
    108108
    109109      private
Note: See TracBrowser for help on using the repository browser.