| commit | 83f72773b7242d86263a18950fca7c8101d7038d | |
| author | Eric Wong <normalperson@yhbt.net> | |
| Tue, 12 Jul 2011 23:52:33 +0000 (12 23:52 +0000) | ||
| committer | Eric Wong <normalperson@yhbt.net> | |
| Wed, 13 Jul 2011 23:51:57 +0000 (13 23:51 +0000) | ||
| tree | cac5c69c36b95543d5f46621d172cb2232c1b315 | treesnapshot (tar.gz zip) |
| parent | cc63e2ee54b4113c40631214618f51c9ef867a91 | commitdiff |
http: reject non-LWS CTL chars (0..31 + 127) in field values
RFC 2616 doesn't appear to allow most CTL bytes even though
Mongrel always did. Rack::Lint disallows 0..31, too, though we
allow "\t" (HT, 09) since it's LWS and allowed by RFC 2616.
RFC 2616 doesn't appear to allow most CTL bytes even though
Mongrel always did. Rack::Lint disallows 0..31, too, though we
allow "\t" (HT, 09) since it's LWS and allowed by RFC 2616.
| ext/unicorn_http/unicorn_http_common.rl | diffblobblamehistory | |
| test/unit/test_http_parser.rb | diffblobblamehistory |