diff options
| author | Jeremy Evans <code@jeremyevans.net> | 2022-07-06 18:48:57 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-07 13:48:57 +1200 |
| commit | aa1f4700a2461f3f80abd219e874d0edd9a0c599 (patch) | |
| tree | 0164a36da632096cfe2c8b403b644830722a8000 | |
| parent | 08b40cf0f298fd45c975f191230a0c71270ac4df (diff) | |
| download | rack-aa1f4700a2461f3f80abd219e874d0edd9a0c599.tar.gz | |
Hex escape unprintable bytes in common logger (#1904)
When using \x prefix, users would expect hex escaping.
| -rw-r--r-- | lib/rack/common_logger.rb | 2 | ||||
| -rw-r--r-- | test/spec_common_logger.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/rack/common_logger.rb b/lib/rack/common_logger.rb index 6235cef2..42bc135b 100644 --- a/lib/rack/common_logger.rb +++ b/lib/rack/common_logger.rb @@ -65,7 +65,7 @@ module Rack length, Utils.clock_time - began_at) - msg.gsub!(/[^[:print:]\n]/) { |c| "\\x#{c.ord}" } + msg.gsub!(/[^[:print:]\n]/) { |c| sprintf("\\x%x", c.ord) } logger = @logger || request.get_header(RACK_ERRORS) # Standard library logger doesn't support write but it supports << which actually diff --git a/test/spec_common_logger.rb b/test/spec_common_logger.rb index f5f182aa..be020073 100644 --- a/test/spec_common_logger.rb +++ b/test/spec_common_logger.rb @@ -110,9 +110,9 @@ describe Rack::CommonLogger do it "escapes non printable characters except newline" do logdev = StringIO.new log = Logger.new(logdev) - Rack::MockRequest.new(Rack::CommonLogger.new(app_without_lint, log)).request("GET\b", "/hello") + Rack::MockRequest.new(Rack::CommonLogger.new(app_without_lint, log)).request("GET\x1f", "/hello") - logdev.string.must_match(/GET\\x8 \/hello HTTP\/1\.1/) + logdev.string.must_match(/GET\\x1f \/hello HTTP\/1\.1/) end it "log path with PATH_INFO" do |