27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
From 2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8 Mon Sep 17 00:00:00 2001
|
|
From: John Hawthorn <john@hawthorn.email>
|
|
Date: Wed, 11 Jan 2023 10:14:55 -0800
|
|
Subject: [PATCH] Avoid regex backtracking in Inflector.underscore
|
|
|
|
[CVE-2023-22796]
|
|
---
|
|
activesupport/lib/active_support/inflector/methods.rb | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/activesupport/lib/active_support/inflector/methods.rb b/activesupport/lib/active_support/inflector/methods.rb
|
|
index 68a00d73f2..43abb9c4e1 100644
|
|
--- a/activesupport/lib/active_support/inflector/methods.rb
|
|
+++ b/activesupport/lib/active_support/inflector/methods.rb
|
|
@@ -97,7 +97,7 @@ def underscore(camel_cased_word)
|
|
return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word)
|
|
word = camel_cased_word.to_s.gsub("::", "/")
|
|
word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
|
|
- word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
|
|
+ word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
|
|
word.tr!("-", "_")
|
|
word.downcase!
|
|
word
|
|
--
|
|
2.35.1
|
|
|