merge revision(s) 40848: [Backport #8425]

	* lib/webrick/htmlutils.rb (WEBrick::HTMLUtils#escape): replace HTML
	  meta chars even in non-ascii string.  [Bug #8425] [ruby-core:55052]

	* lib/webrick/httputils.rb (WEBrick::HTTPUtils#{_escape,_unescape}):
	  fix %-escape encodings.  [Bug #8425] [ruby-core:55052]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@44934 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

4 files changed, 20 insertions, 5 deletions

diff --git a/lib/webrick/htmlutils.rb b/lib/webrick/htmlutils.rb
index ed901f1ce2..90994f18b8 100644
--- a/lib/webrick/htmlutils.rb
+++ b/lib/webrick/htmlutils.rb
@@ -15,12 +15,13 @@ module WEBrick
     # Escapes &, ", > and < in +string+
 
     def escape(string)
-      str = string ? string.dup : ""
+      return "" unless string
+      str = string.dup.force_encoding('binary')
       str.gsub!(/&/n, '&amp;')
       str.gsub!(/\"/n, '&quot;')
       str.gsub!(/>/n, '&gt;')
       str.gsub!(/</n, '&lt;')
-      str
+      str.force_encoding(string.encoding)
     end
     module_function :escape
 
diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb
index f029dacb56..d99573762c 100644
--- a/lib/webrick/httputils.rb
+++ b/lib/webrick/httputils.rb
@@ -350,8 +350,18 @@ module WEBrick
 
     def _make_regex(str) /([#{Regexp.escape(str)}])/n end
     def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end
-    def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1.ord } end
-    def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end
+    def _escape(str, regex)
+      str = str.dup.force_encoding('binary')
+      str.gsub!(regex) {"%%%02X" % $1.ord}
+      # %-escaped string should contain US-ASCII only
+      str.force_encoding(Encoding::US_ASCII)
+    end
+    def _unescape(str, regex)
+      str = str.dup.force_encoding('binary')
+      str.gsub!(regex) {$1.hex.chr}
+      # encoding of %-unescaped string is unknown
+      str
+    end
 
     UNESCAPED = _make_regex(control+space+delims+unwise+nonascii)
     UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii)
diff --git a/test/webrick/test_httputils.rb b/test/webrick/test_httputils.rb
index ebe8a2b8a5..2753cbe6c9 100644
--- a/test/webrick/test_httputils.rb
+++ b/test/webrick/test_httputils.rb
@@ -66,6 +66,10 @@ class TestWEBrickHTTPUtils < Test::Unit::TestCase
     assert_equal("/~foo%20bar", escape("/~foo bar"))
     assert_equal("/~foo%09bar", escape("/~foo\tbar"))
     assert_equal("/~foo+bar", escape("/~foo+bar"))
+    bug8425 = '[Bug #8425] [ruby-core:55052]'
+    assert_nothing_raised(ArgumentError, Encoding::CompatibilityError, bug8425) {
+      assert_equal("%E3%83%AB%E3%83%93%E3%83%BC%E3%81%95%E3%82%93", escape("\u{30EB 30D3 30FC 3055 3093}"))
+    }
   end
 
   def test_escape_form
diff --git a/version.h b/version.h
index 0cab6e385f..21f798e864 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.3"
-#define RUBY_PATCHLEVEL 517
+#define RUBY_PATCHLEVEL 518
 
 #define RUBY_RELEASE_DATE "2014-02-14"
 #define RUBY_RELEASE_YEAR 2014