[ruby/webrick] Don't check tainting in access log escaping

Only untaint result on Ruby <2.7, as taint support is deprecated in Ruby 2.7+ and no longer has an effect. https://github.com/ruby/webrick/commit/4c430f9410
2019-10-18 11:40:36 -07:00 · 2019-10-18 11:40:36 -07:00 · f126d80b1e
commit f126d80b1e
parent c28d50a753
1 changed files with 3 additions and 5 deletions
--- a/lib/webrick/accesslog.rb
+++ b/lib/webrick/accesslog.rb
@ -149,11 +149,9 @@ module WEBrick
    # Escapes control characters in +data+
    def escape(data)
-      if data.tainted?
+      data = data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}
-        data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
+      data.untaint if RUBY_VERSION < '2.7'
-      else
+      data
        data
      end
    end
  end
 end