From 3a47f23e74a681339f74b21b94241dcfe9542472 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Mon, 5 Dec 2011 17:59:40 -0800
Subject: escape individual cookie values from $cookie_*

These values are untrusted, so if any client sends them to us
we must escape them.
---
 ext/clogger_ext/clogger.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'ext')

diff --git a/ext/clogger_ext/clogger.c b/ext/clogger_ext/clogger.c
index c1e3eb4..857ed9a 100644
--- a/ext/clogger_ext/clogger.c
+++ b/ext/clogger_ext/clogger.c
@@ -572,8 +572,7 @@ static void append_cookie(struct clogger *c, VALUE key)
 		cookie = g_dash;
 	} else {
 		cookie = rb_hash_aref(c->cookies, key);
-		if (NIL_P(cookie))
-			cookie = g_dash;
+		cookie = NIL_P(cookie) ? g_dash : byte_xs(cookie);
 	}
 	rb_str_buf_append(c->log_buf, cookie);
 }
-- 
cgit v1.2.3-24-ge0c7