代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/rubygem-actionpack 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From b1241f468d1b32235f438c2e2203386e6efd3891 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Thu, 10 Oct 2024 20:41:33 -0700
Subject: [PATCH] Avoid backtracking in filtered_query_string
Thanks scyoon for the patch
CVE-2024-41128
---
.../lib/action_dispatch/http/filter_parameters.rb | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb
index d053fc0b9f781..0e2e771da104d 100644
--- a/actionpack/lib/action_dispatch/http/filter_parameters.rb
+++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb
@@ -58,12 +58,17 @@ def parameter_filter_for(filters) # :doc:
ActiveSupport::ParameterFilter.new(filters)
end
- KV_RE = "[^&;=]+"
- PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
def filtered_query_string # :doc:
- query_string.gsub(PAIR_RE) do |_|
- parameter_filter.filter($1 => $2).first.join("=")
+ parts = query_string.split(/([&;])/)
+ filtered_parts = parts.map do |part|
+ if part.include?("=")
+ key, value = part.split("=", 2)
+ parameter_filter.filter(key => value).first.join("=")
+ else
+ part
+ end
end
+ filtered_parts.join("")
end
end
end
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手