diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-01-08 00:07:38 -0800 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-01-08 00:07:38 -0800 |
commit | 23bf8da0774b21d8c55786b4b386faba4b53c97f (patch) | |
tree | 94d5f6808faeb145a396ae2aa7f17ed637d5b6ea | |
parent | ef16157cd049743ba0b0cc237b6289bdd503a66e (diff) | |
parent | fddbfa6929569685bcb92f54f6938df97bccd575 (diff) | |
download | rainbows-23bf8da0774b21d8c55786b4b386faba4b53c97f.tar.gz |
* rack-1.1: http_response: disallow blank, multi-value headers
-rw-r--r-- | lib/rainbows/http_response.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/rainbows/http_response.rb b/lib/rainbows/http_response.rb index 39ebd32..55c2ad2 100644 --- a/lib/rainbows/http_response.rb +++ b/lib/rainbows/http_response.rb @@ -16,7 +16,8 @@ module Rainbows next if %r{\AX-Rainbows-}i =~ key next if SKIP.include?(key.downcase) if value =~ /\n/ - out.concat(value.split(/\n/).map! { |v| "#{key}: #{v}\r\n" }) + # avoiding blank, key-only cookies with /\n+/ + out.concat(value.split(/\n+/).map! { |v| "#{key}: #{v}\r\n" }) else out << "#{key}: #{value}\r\n" end |