From 3a47f23e74a681339f74b21b94241dcfe9542472 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 5 Dec 2011 17:59:40 -0800 Subject: escape individual cookie values from $cookie_* These values are untrusted, so if any client sends them to us we must escape them. --- lib/clogger/pure.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/clogger/pure.rb') diff --git a/lib/clogger/pure.rb b/lib/clogger/pure.rb index 8c3d3dc..24392e7 100644 --- a/lib/clogger/pure.rb +++ b/lib/clogger/pure.rb @@ -177,7 +177,7 @@ private t = Time.now time_format(t.to_i, t.usec, op[1], op[2]) when OP_COOKIE - (env['rack.request.cookie_hash'][op[1]] rescue "-") || "-" + (byte_xs(env['rack.request.cookie_hash'][op[1]]) rescue "-") || "-" else raise "EDOOFUS #{op.inspect}" end -- cgit v1.2.3-24-ge0c7