15 lines
375 B
Diff
15 lines
375 B
Diff
--- lib/cgi.rb (revision 19665)
|
|
+++ lib/cgi.rb (working copy)
|
|
@@ -546,6 +546,11 @@
|
|
when Hash
|
|
options = options.dup
|
|
end
|
|
+ options.each_value do |value|
|
|
+ if /\n(?![ \t])/ === value
|
|
+ raise ArgumentError, "potential HTTP header injection detected"
|
|
+ end
|
|
+ end
|
|
|
|
unless options.has_key?("type")
|
|
options["type"] = "text/html"
|