56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From 4263c0d15a582b46d75aac57cd26a47d33941a53 Mon Sep 17 00:00:00 2001
|
|
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
|
|
Date: Fri, 21 Feb 2025 16:29:36 +0900
|
|
Subject: [PATCH] Truncate userinfo with URI#join, URI#merge and URI#+
|
|
|
|
Reference:https://github.com/ruby/uri/commit/4263c0d15a582b46d75aac57cd26a47d33941a53
|
|
Conflict:NA
|
|
---
|
|
lib/uri/generic.rb | 6 +++++-
|
|
test/uri/test_generic.rb | 11 +++++++++++
|
|
2 files changed, 16 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
|
|
index a4192c6..6b60873 100644
|
|
--- a/lib/uri/generic.rb
|
|
+++ b/lib/uri/generic.rb
|
|
@@ -1131,7 +1131,11 @@ module URI
|
|
end
|
|
|
|
# RFC2396, Section 5.2, 7)
|
|
- base.set_userinfo(rel.userinfo) if rel.userinfo
|
|
+ if rel.userinfo
|
|
+ base.set_userinfo(rel.userinfo)
|
|
+ else
|
|
+ base.set_userinfo(nil)
|
|
+ end
|
|
base.set_host(rel.host) if rel.host
|
|
base.set_port(rel.port) if rel.port
|
|
base.query = rel.query if rel.query
|
|
diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
|
|
index b449a0a..8a611e3 100644
|
|
--- a/test/uri/test_generic.rb
|
|
+++ b/test/uri/test_generic.rb
|
|
@@ -157,6 +157,17 @@ class URI::TestGeneric < Test::Unit::TestCase
|
|
assert_equal(nil, url.user)
|
|
assert_equal(nil, url.password)
|
|
assert_equal(nil, url.userinfo)
|
|
+
|
|
+ # sec-2957667
|
|
+ url = URI.parse('http://user:pass@example.com').merge('//example.net')
|
|
+ assert_equal('http://example.net', url.to_s)
|
|
+ assert_nil(url.userinfo)
|
|
+ url = URI.join('http://user:pass@example.com', '//example.net')
|
|
+ assert_equal('http://example.net', url.to_s)
|
|
+ assert_nil(url.userinfo)
|
|
+ url = URI.parse('http://user:pass@example.com') + '//example.net'
|
|
+ assert_equal('http://example.net', url.to_s)
|
|
+ assert_nil(url.userinfo)
|
|
end
|
|
|
|
def test_merge
|
|
--
|
|
2.33.0
|
|
|
|
|