File tree Expand file tree Collapse file tree 2 files changed +16
-1
lines changed Expand file tree Collapse file tree 2 files changed +16
-1
lines changed Original file line number Diff line number Diff line change @@ -1141,7 +1141,11 @@ def merge(oth)
11411141 end
11421142
11431143 # RFC2396, Section 5.2, 7)
1144- base . set_userinfo ( rel . userinfo ) if rel . userinfo
1144+ if rel . userinfo
1145+ base . set_userinfo ( rel . userinfo )
1146+ else
1147+ base . set_userinfo ( nil )
1148+ end
11451149 base . set_host ( rel . host ) if rel . host
11461150 base . set_port ( rel . port ) if rel . port
11471151 base . query = rel . query if rel . query
Original file line number Diff line number Diff line change @@ -164,6 +164,17 @@ def test_parse
164164 # must be empty string to identify as path-abempty, not path-absolute
165165 assert_equal ( '' , url . host )
166166 assert_equal ( 'http:////example.com' , url . to_s )
167+
168+ # sec-2957667
169+ url = URI . parse ( 'http://user:pass@example.com' ) . merge ( '//example.net' )
170+ assert_equal ( 'http://example.net' , url . to_s )
171+ assert_nil ( url . userinfo )
172+ url = URI . join ( 'http://user:pass@example.com' , '//example.net' )
173+ assert_equal ( 'http://example.net' , url . to_s )
174+ assert_nil ( url . userinfo )
175+ url = URI . parse ( 'http://user:pass@example.com' ) + '//example.net'
176+ assert_equal ( 'http://example.net' , url . to_s )
177+ assert_nil ( url . userinfo )
167178 end
168179
169180 def test_parse_scheme_with_symbols
You can’t perform that action at this time.
0 commit comments