1 |
diff --git a/lib/webrick/httpstatus.rb b/lib/webrick/httpstatus.rb |
2 |
index 7ffda64cf0f9..5dc136f88f70 100644 |
3 |
--- a/lib/webrick/httpstatus.rb |
4 |
+++ b/lib/webrick/httpstatus.rb |
5 |
@@ -22,10 +22,6 @@ module HTTPStatus |
6 |
## |
7 |
# Root of the HTTP status class hierarchy |
8 |
class Status < StandardError |
9 |
- def initialize(*args) # :nodoc: |
10 |
- args[0] = AccessLog.escape(args[0]) unless args.empty? |
11 |
- super(*args) |
12 |
- end |
13 |
class << self |
14 |
attr_reader :code, :reason_phrase # :nodoc: |
15 |
end |
16 |
diff --git a/lib/webrick/log.rb b/lib/webrick/log.rb |
17 |
index 41cde4a74084..4f069ac0c549 100644 |
18 |
--- a/lib/webrick/log.rb |
19 |
+++ b/lib/webrick/log.rb |
20 |
@@ -117,10 +117,10 @@ def debug?; @level >= DEBUG; end |
21 |
# * Otherwise it will return +arg+.inspect. |
22 |
def format(arg) |
23 |
if arg.is_a?(Exception) |
24 |
- "#{arg.class}: #{arg.message}\n\t" << |
25 |
+ "#{arg.class}: #{AccessLog.escape(arg.message)}\n\t" << |
26 |
arg.backtrace.join("\n\t") << "\n" |
27 |
elsif arg.respond_to?(:to_str) |
28 |
- arg.to_str |
29 |
+ AccessLog.escape(arg.to_str) |
30 |
else |
31 |
arg.inspect |
32 |
end |
33 |
diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb |
34 |
index 27c37f36770b..0aebb7a231c7 100644 |
35 |
--- a/test/webrick/test_httpauth.rb |
36 |
+++ b/test/webrick/test_httpauth.rb |
37 |
@@ -81,6 +81,42 @@ def test_basic_auth3 |
38 |
tmpfile.close(true) |
39 |
end |
40 |
|
41 |
+ def test_bad_username_with_control_characters |
42 |
+ log_tester = lambda {|log, access_log| |
43 |
+ assert_equal(2, log.length) |
44 |
+ assert_match(/ERROR Basic WEBrick's realm: foo\\ebar: the user is not allowed./, log[0]) |
45 |
+ assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log[1]) |
46 |
+ } |
47 |
+ TestWEBrick.start_httpserver({}, log_tester) {|server, addr, port, log| |
48 |
+ realm = "WEBrick's realm" |
49 |
+ path = "/basic_auth" |
50 |
+ |
51 |
+ Tempfile.create("test_webrick_auth") {|tmpfile| |
52 |
+ tmpfile.close |
53 |
+ tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) |
54 |
+ tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
55 |
+ tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
56 |
+ tmp_pass.flush |
57 |
+ |
58 |
+ htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) |
59 |
+ users = [] |
60 |
+ htpasswd.each{|user, pass| users << user } |
61 |
+ server.mount_proc(path){|req, res| |
62 |
+ auth = WEBrick::HTTPAuth::BasicAuth.new( |
63 |
+ :Realm => realm, :UserDB => htpasswd, |
64 |
+ :Logger => server.logger |
65 |
+ ) |
66 |
+ auth.authenticate(req, res) |
67 |
+ res.body = "hoge" |
68 |
+ } |
69 |
+ http = Net::HTTP.new(addr, port) |
70 |
+ g = Net::HTTP::Get.new(path) |
71 |
+ g.basic_auth("foo\ebar", "passwd") |
72 |
+ http.request(g){|res| assert_not_equal("hoge", res.body, log.call) } |
73 |
+ } |
74 |
+ } |
75 |
+ end |
76 |
+ |
77 |
DIGESTRES_ = / |
78 |
([a-zA-z\-]+) |
79 |
[\s\t]*(?:\r\n[\s\t]*)* |