[#25897] Mail archive searching? — "Martin J. Dürst" <duerst@...>
Why does ruby-dev's official archive
[#25928] Ruby 1.8.6-p383 hangs in dln_load on Snow Leopard — Timothy Hunter <cyclists@...>
An RMagick user reports that Ruby 1.8.6 hangs when requiring RMagick.
On Oct 3, 2009, at 4:26 PM, Timothy Hunter wrote:
On Oct 3, 10:26m, Timothy Hunter <cycli...@nc.rr.com> wrote:
[#25936] [Bug:1.9] [rubygems] $LOAD_PATH includes bin directory — Nobuyoshi Nakada <nobu@...>
Hi,
On Sun, Oct 4, 2009 at 11:47 PM, Nobuyoshi Nakada <nobu@ruby-lang.org> wrote:
[#25943] Disabling tainting — Tony Arcieri <tony@...>
Would it make sense to have a flag passed to the interpreter on startup that
2009/10/6 Tony Arcieri <tony@medioh.com>:
On Tue, Oct 6, 2009 at 3:52 AM, Yugui <yugui@yugui.jp> wrote:
[#25964] mis filed bug reports — Roger Pack <rogerdpack2@...>
If i accidentally file a bug under 1.9 that belongs in 1.8, I assume I
[#25965] [Bug #2180] request: add *Method#source_location to 1.8.x — Roger Pack <redmine@...>
Bug #2180: request: add *Method#source_location to 1.8.x
[#25969] [Bug #2181] Segmentation fault for test/drb/* -- possible bug in Marshal/GC — Nikolai Lugovoi <redmine@...>
Bug #2181: Segmentation fault for test/drb/* -- possible bug in Marshal/GC
[#26012] Segfaults after multiple call of ruby_node_run — Christoph Kappel <unexist@...>
[#26028] [Bug #2189] Math.atanh(1) & Math.atanh(-1) should not raise an error — Marc-Andre Lafortune <redmine@...>
Bug #2189: Math.atanh(1) & Math.atanh(-1) should not raise an error
[#26070] [Bug #2201] Process.spawn fails in 1.9.1 — Roger Pack <redmine@...>
Bug #2201: Process.spawn fails in 1.9.1
[#26087] [Bug #2212] Using a Lambda with Inappropriate Arity for Hash#default_proc= — Run Paint Run Run <redmine@...>
Bug #2212: Using a Lambda with Inappropriate Arity for Hash#default_proc=
[#26126] The fate of my keyword documentation — "David A. Black" <dblack@...>
Hi --
[#26200] [Bug #2243] Random instance variables order — Maxim Chechel <redmine@...>
Bug #2243: Random instance variables order
[#26222] [Bug #2250] IO::for_fd() objects' finalization dangerously closes underlying fds — Mike Pomraning <redmine@...>
Bug #2250: IO::for_fd() objects' finalization dangerously closes underlying fds
[#26232] [Feature #2255] unicode parameters cannot be passed to ruby — Vit Ondruch <redmine@...>
Feature #2255: unicode parameters cannot be passed to ruby
[#26237] [Bug #2256] net\ftp.rb failing on implicit cast of Pathname to string — Sai Fujinaro <redmine@...>
Bug #2256: net\ftp.rb failing on implicit cast of Pathname to string
[#26262] [Feature #2260] better access with GC_DEBUG — Roger Pack <redmine@...>
Feature #2260: better access with GC_DEBUG
[#26299] Which commit fixed Set#hash (Hash#hash, I assume) between 1.9.1 and 1.9.2? — "Shot (Piotr Szotkowski)" <shot@...>
Hello, good people of ruby-core.
[#26303] IO.foreach (and friends) effect on $< and $. — Charles Oliver Nutter <headius@...>
I have a few questions about how the line-by-line IO operations are
[#26336] [Bug #2283] Ruby 1.9.1p243 spinning with 100% CPU; perhaps rb_str_slice_bang-related — Mark Aiken <redmine@...>
Bug #2283: Ruby 1.9.1p243 spinning with 100% CPU; perhaps rb_str_slice_bang-related
[#26361] [Feature #2294] [PATCH] ruby_bind_stack() to embed Ruby in coroutine — Suraj Kurapati <redmine@...>
Feature #2294: [PATCH] ruby_bind_stack() to embed Ruby in coroutine
Issue #2294 has been updated by Anonymous Anonymous.
Hi,
Hi,
Hi,
[#26388] suggestion: gems.ruby-lang.org — Yusuke ENDOH <mame@...>
Hi --
On Wed, Oct 28, 2009 at 3:20 AM, Yusuke ENDOH <mame@tsg.ne.jp> wrote:
Hi,
On Wed, Oct 28, 2009 at 9:00 PM, Yusuke ENDOH <mame@tsg.ne.jp> wrote:
Hi,
[#26390] [Bug #2303] dl.so segfaults on mingw32 — Nikolai Weibull <redmine@...>
Bug #2303: dl.so segfaults on mingw32
[#26429] [Bug #2313] Incomplete encoding conversion? — Adam Salter <redmine@...>
Bug #2313: Incomplete encoding conversion?
[#26447] [Bug #2316] [BUG] cfp consistency error — Cezary Baginski <redmine@...>
Bug #2316: [BUG] cfp consistency error
[#26458] [Bug #2319] gethostbyname fails in windows — Roger Pack <redmine@...>
Bug #2319: gethostbyname fails in windows
[#26459] [Bug #2320] patch to trunk .document to include more readme's etc. — Roger Pack <redmine@...>
Bug #2320: patch to trunk .document to include more readme's etc.
[ruby-core:26223] [Bug #2251] URI.parse accepts strings with invalid characters
Bug #2251: URI.parse accepts strings with invalid characters
http://redmine.ruby-lang.org/issues/show/2251
Author: Sam Quigley
Status: Open, Priority: Normal
Category: lib
ruby -v: ruby 1.9.1p243 (2009-07-16 revision 24175) [i386-darwin10.0.0]
The regexes used in URI::Parser's initialize_regexp use ^ and $ rather than \A and \Z:
399 # for URI::split
400 ret[:ABS_URI] = Regexp.new('^' + pattern[:X_ABS_URI] + '$', Regexp::EXTENDED)
401 ret[:REL_URI] = Regexp.new('^' + pattern[:X_REL_URI] + '$', Regexp::EXTENDED)
The result is that URI.parse matches on any URI separated by newlines, rather than on its argument as a whole:
irb(main):001:0> require 'uri'
=> true
irb(main):002:0> URI.parse("blah\nhttp://www.foo.com/\nblahblah")
=> #<URI::HTTP:0x000001010aac78 URL:http://www.foo.com/>
I think programmers would expect URI.parse to only successfully parse strings that *are* URIs, rather than any string that *contains* a URI surrounded by a particular kind of whitespace. This issue has apparently caused at least one security vulnerability in the real world: http://schmoil.blogspot.com/2009/10/mainlining-new-lines-feel-burn.html
Replacing the ^ and $ with \A and \Z should fix the issue, and is unlikely to break any existing code. The Rubyspec project does not seem to have any tests for this behavior. This behavior is present in at least versions 1.8.6, 1.8.7, and 1.9.1.
-sq
----------------------------------------
http://redmine.ruby-lang.org