merge revision(s) 28997:

	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
	  Fix for possible cross-site scripting (CVE-2010-0541). 
	  Found by Apple, reported by Hideki Yamane.
	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 8 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 8d6145d5fe..a9d3fe5c5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <[email protected]>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Mon Aug 16 12:29:06 2010  Nobuyoshi Nakada  <[email protected]>
 
 	* Makefile.in, win32/Makefile.sub (test-rubyspec-precheck): split
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 98c4a357fa..16bf15b6dd 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -208,7 +208,7 @@ module WEBrick
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()