RubyGems - cgi - Versions diffs - 0.1.0 - Mend

cgi 0.1.0

Potentially problematic release.

This version of cgi might be problematic. Click here for more details.

Files changed (22) hide show

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+#
+# cgi/session/pstore.rb - persistent storage of marshalled session data
+#
+# Documentation: William Webber (william@williamwebber.com)
+#
+# == Overview
+#
+# This file provides the CGI::Session::PStore class, which builds
+# persistent of session data on top of the pstore library.  See
+# cgi/session.rb for more details on session storage managers.
+require_relative '../session'
+require 'pstore'
+class CGI
+  class Session
+    # PStore-based session storage class.
+    #
+    # This builds upon the top-level PStore class provided by the
+    # library file pstore.rb.  Session data is marshalled and stored
+    # in a file.  File locking and transaction services are provided.
+    class PStore
+      # Create a new CGI::Session::PStore instance
+      #
+      # This constructor is used internally by CGI::Session.  The
+      # user does not generally need to call it directly.
+      #
+      # +session+ is the session for which this instance is being
+      # created.  The session id must only contain alphanumeric
+      # characters; automatically generated session ids observe
+      # this requirement.
+      #
+      # +option+ is a hash of options for the initializer.  The
+      # following options are recognised:
+      #
+      # tmpdir:: the directory to use for storing the PStore
+      #          file.  Defaults to Dir::tmpdir (generally "/tmp"
+      #          on Unix systems).
+      # prefix:: the prefix to add to the session id when generating
+      #          the filename for this session's PStore file.
+      #          Defaults to the empty string.
+      #
+      # This session's PStore file will be created if it does
+      # not exist, or opened if it does.
+      def initialize(session, option={})
+        dir = option['tmpdir'] || Dir::tmpdir
+        prefix = option['prefix'] || ''
+        id = session.session_id
+        require 'digest/md5'
+        md5 = Digest::MD5.hexdigest(id)[0,16]
+        path = dir+"/"+prefix+md5
+        path.untaint
+        if File::exist?(path)
+          @hash = nil
+        else
+          unless session.new_session
+            raise CGI::Session::NoSession, "uninitialized session"
+          end
+          @hash = {}
+        end
+        @p = ::PStore.new(path)
+        @p.transaction do |p|
+          File.chmod(0600, p.path)
+        end
+      end
+      # Restore session state from the session's PStore file.
+      #
+      # Returns the session state as a hash.
+      def restore
+        unless @hash
+          @p.transaction do
+            @hash = @p['hash'] || {}
+          end
+        end
+        @hash
+      end
+      # Save session state to the session's PStore file.
+      def update
+        @p.transaction do
+          @p['hash'] = @hash
+        end
+      end
+      # Update and close the session's PStore file.
+      def close
+        update
+      end
+      # Close and delete the session's PStore file.
+      def delete
+        path = @p.path
+        File::unlink path
+      end
+    end
+  end
+end
+# :enddoc:

data/lib/cgi/util.rb ADDED

@@ -0,0 +1,223 @@
+# frozen_string_literal: true
+class CGI
+  module Util; end
+  include Util
+  extend Util
+end
+module CGI::Util
+  @@accept_charset="UTF-8" unless defined?(@@accept_charset)
+  # URL-encode a string.
+  #   url_encoded_string = CGI::escape("'Stop!' said Fred")
+  #      # => "%27Stop%21%27+said+Fred"
+  def escape(string)
+    encoding = string.encoding
+    string.b.gsub(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
+      '%' + m.unpack('H2' * m.bytesize).join('%').upcase
+    end.tr(' ', '+').force_encoding(encoding)
+  end
+  # URL-decode a string with encoding(optional).
+  #   string = CGI::unescape("%27Stop%21%27+said+Fred")
+  #      # => "'Stop!' said Fred"
+  def unescape(string,encoding=@@accept_charset)
+    str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|
+      [m.delete('%')].pack('H*')
+    end.force_encoding(encoding)
+    str.valid_encoding? ? str : str.force_encoding(string.encoding)
+  end
+  # The set of special characters and their escaped values
+  TABLE_FOR_ESCAPE_HTML__ = {
+    "'" => '&#39;',
+    '&' => '&amp;',
+    '"' => '&quot;',
+    '<' => '&lt;',
+    '>' => '&gt;',
+  }
+  # Escape special characters in HTML, namely '&\"<>
+  #   CGI::escapeHTML('Usage: foo "bar" <baz>')
+  #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
+  def escapeHTML(string)
+    enc = string.encoding
+    unless enc.ascii_compatible?
+      if enc.dummy?
+        origenc = enc
+        enc = Encoding::Converter.asciicompat_encoding(enc)
+        string = enc ? string.encode(enc) : string.b
+      end
+      table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
+      string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
+      string.encode!(origenc) if origenc
+      return string
+    end
+    string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
+  end
+  begin
+    require 'cgi/escape'
+  rescue LoadError
+  end
+  # Unescape a string that has been HTML-escaped
+  #   CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
+  #      # => "Usage: foo \"bar\" <baz>"
+  def unescapeHTML(string)
+    enc = string.encoding
+    unless enc.ascii_compatible?
+      if enc.dummy?
+        origenc = enc
+        enc = Encoding::Converter.asciicompat_encoding(enc)
+        string = enc ? string.encode(enc) : string.b
+      end
+      string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
+        case $1.encode(Encoding::US_ASCII)
+        when 'apos'                then "'".encode(enc)
+        when 'amp'                 then '&'.encode(enc)
+        when 'quot'                then '"'.encode(enc)
+        when 'gt'                  then '>'.encode(enc)
+        when 'lt'                  then '<'.encode(enc)
+        when /\A#0*(\d+)\z/        then $1.to_i.chr(enc)
+        when /\A#x([0-9a-f]+)\z/i  then $1.hex.chr(enc)
+        end
+      end
+      string.encode!(origenc) if origenc
+      return string
+    end
+    return string unless string.include? '&'
+    charlimit = case enc
+                when Encoding::UTF_8; 0x10ffff
+                when Encoding::ISO_8859_1; 256
+                else 128
+                end
+    string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
+      match = $1.dup
+      case match
+      when 'apos'                then "'"
+      when 'amp'                 then '&'
+      when 'quot'                then '"'
+      when 'gt'                  then '>'
+      when 'lt'                  then '<'
+      when /\A#0*(\d+)\z/
+        n = $1.to_i
+        if n < charlimit
+          n.chr(enc)
+        else
+          "&##{$1};"
+        end
+      when /\A#x([0-9a-f]+)\z/i
+        n = $1.hex
+        if n < charlimit
+          n.chr(enc)
+        else
+          "&#x#{$1};"
+        end
+      else
+        "&#{match};"
+      end
+    end
+  end
+  # Synonym for CGI::escapeHTML(str)
+  alias escape_html escapeHTML
+  # Synonym for CGI::unescapeHTML(str)
+  alias unescape_html unescapeHTML
+  # Escape only the tags of certain HTML elements in +string+.
+  #
+  # Takes an element or elements or array of elements.  Each element
+  # is specified by the name of the element, without angle brackets.
+  # This matches both the start and the end tag of that element.
+  # The attribute list of the open tag will also be escaped (for
+  # instance, the double-quotes surrounding attribute values).
+  #
+  #   print CGI::escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
+  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
+  #
+  #   print CGI::escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
+  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
+  def escapeElement(string, *elements)
+    elements = elements[0] if elements[0].kind_of?(Array)
+    unless elements.empty?
+      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
+        CGI::escapeHTML($&)
+      end
+    else
+      string
+    end
+  end
+  # Undo escaping such as that done by CGI::escapeElement()
+  #
+  #   print CGI::unescapeElement(
+  #           CGI::escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
+  #     # "&lt;BR&gt;<A HREF="url"></A>"
+  #
+  #   print CGI::unescapeElement(
+  #           CGI::escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
+  #     # "&lt;BR&gt;<A HREF="url"></A>"
+  def unescapeElement(string, *elements)
+    elements = elements[0] if elements[0].kind_of?(Array)
+    unless elements.empty?
+      string.gsub(/&lt;\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?&gt;/i) do
+        unescapeHTML($&)
+      end
+    else
+      string
+    end
+  end
+  # Synonym for CGI::escapeElement(str)
+  alias escape_element escapeElement
+  # Synonym for CGI::unescapeElement(str)
+  alias unescape_element unescapeElement
+  # Abbreviated day-of-week names specified by RFC 822
+  RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
+  # Abbreviated month names specified by RFC 822
+  RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
+  # Format a +Time+ object as a String using the format specified by RFC 1123.
+  #
+  #   CGI::rfc1123_date(Time.now)
+  #     # Sat, 01 Jan 2000 00:00:00 GMT
+  def rfc1123_date(time)
+    t = time.clone.gmtime
+    return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
+                  RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
+                  t.hour, t.min, t.sec)
+  end
+  # Prettify (indent) an HTML string.
+  #
+  # +string+ is the HTML string to indent.  +shift+ is the indentation
+  # unit to use; it defaults to two spaces.
+  #
+  #   print CGI::pretty("<HTML><BODY></BODY></HTML>")
+  #     # <HTML>
+  #     #   <BODY>
+  #     #   </BODY>
+  #     # </HTML>
+  #
+  #   print CGI::pretty("<HTML><BODY></BODY></HTML>", "\t")
+  #     # <HTML>
+  #     #         <BODY>
+  #     #         </BODY>
+  #     # </HTML>
+  #
+  def pretty(string, shift = "  ")
+    lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n")
+    end_pos = 0
+    while end_pos = lines.index(/^<\/(\w+)/, end_pos)
+      element = $1.dup
+      start_pos = lines.rindex(/^\s*<#{element}/i, end_pos)
+      lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__"
+    end
+    lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
+  end
+  alias h escapeHTML
+end

data/lib/cgi/version.rb ADDED

@@ -0,0 +1,3 @@
+class CGI
+  VERSION = "0.1.0"
+end

metadata ADDED

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification
+name: cgi
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Hiroshi SHIBATA
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2019-11-06 00:00:00.000000000 Z
+dependencies: []
+description: Support for the Common Gateway Interface protocol.
+email:
+- hsbt@ruby-lang.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- cgi.gemspec
+- ext/cgi/escape/depend
+- ext/cgi/escape/escape.c
+- ext/cgi/escape/extconf.rb
+- lib/cgi.rb
+- lib/cgi/cookie.rb
+- lib/cgi/core.rb
+- lib/cgi/html.rb
+- lib/cgi/session.rb
+- lib/cgi/session/pstore.rb
+- lib/cgi/util.rb
+- lib/cgi/version.rb
+homepage: https://github.com/ruby/cgi
+licenses:
+- BSD-2-Clause
+metadata:
+  homepage_uri: https://github.com/ruby/cgi
+  source_code_uri: https://github.com/ruby/cgi
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Support for the Common Gateway Interface protocol.
+test_files: []