Project

General

Profile

Actions
Copy link

Feature #6472

closed

Multiline mode in regexp by default

Added by Sega100500 (Сергей Е) over 12 years ago. Updated over 12 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
1.9.3
[ruby-core:45148]

Description

When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more

Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.

Actions
Copy link
 #1 [ruby-core:45149]

Updated by fxn (Xavier Noria) over 12 years ago

In Ruby there is no multiline flag, regexps in Ruby are always in multiline mode. See http://advogato.org/person/fxn/diary/498.html for some gotchas regarding regexp flags in Perl vs Ruby.

In Ruby, you need to use \A and \z (or \Z) to match start and end of string.

Actions
Copy link
 #2 [ruby-core:45150]

Updated by shyouhei (Shyouhei Urabe) over 12 years ago

  • Status changed from Open to Third Party's Issue

Not a bug at least. Regexps are working as expected.
Ruby won't prevent you shooting your foot.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0