1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update comment.

Browse Source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31759 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
akr 2011-05-27 23:45:12 +00:00
parent 9efb5a9d6a
commit aede5b3911
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/open-uri.rb
View File

@ -234,7 +234,7 @@ module OpenURI
def OpenURI.redirectable?(uri1, uri2) # :nodoc: def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to # This test is intended to forbid a redirection from http://... to
# file:///etc/passwd. # file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521
# https to http redirect is also forbidden intentionally. # https to http redirect is also forbidden intentionally.
# It avoids sending secure cookie or referer by non-secure HTTP protocol. # It avoids sending secure cookie or referer by non-secure HTTP protocol.
# (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3) # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)