cgi 0.1.0.2 → 0.3.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cgi/escape/depend +0 -15
- data/ext/cgi/escape/escape.c +213 -155
- data/lib/cgi/cookie.rb +1 -1
- data/lib/cgi/session/pstore.rb +2 -14
- data/lib/cgi/session.rb +43 -15
- data/lib/cgi/util.rb +50 -21
- data/lib/cgi.rb +2 -1
- metadata +7 -13
- data/.gitignore +0 -12
- data/.travis.yml +0 -7
- data/Gemfile +0 -8
- data/Rakefile +0 -13
- data/bin/console +0 -7
- data/bin/setup +0 -6
- data/cgi.gemspec +0 -27
- data/lib/cgi/version.rb +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef7c6fbc3fed4edb75963f96b0b7a150dca2d296730f28eb42844e7582f73ddb
|
4
|
+
data.tar.gz: 6dff4891d8e6b75480346969bef5efd4e33c323a8e6dbe2196e07abf5d4b4366
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4b6abc351ceaf68ededa9d590fdd7adfb1fe8b32d4818128be7fb10867788cf32de65ea5d11cd4d7a38dc1a4adf19c1faee1b6a3689aeccea943178d18b09f8d
|
7
|
+
data.tar.gz: 1d805aede830aabc0c7d7ca577d8bd2bca541956d37cadeda9262a5e5ee01af5d940d4e135b907deadc16d20ef5a8357b2d4bb8817fc4241491f8305030e3d2e
|
data/ext/cgi/escape/depend
CHANGED
@@ -1,17 +1,2 @@
|
|
1
|
-
# AUTOGENERATED DEPENDENCIES START
|
2
1
|
escape.o: $(RUBY_EXTCONF_H)
|
3
|
-
escape.o: $(arch_hdrdir)/ruby/config.h
|
4
|
-
escape.o: $(hdrdir)/ruby.h
|
5
|
-
escape.o: $(hdrdir)/ruby/assert.h
|
6
|
-
escape.o: $(hdrdir)/ruby/backward.h
|
7
|
-
escape.o: $(hdrdir)/ruby/defines.h
|
8
|
-
escape.o: $(hdrdir)/ruby/encoding.h
|
9
|
-
escape.o: $(hdrdir)/ruby/intern.h
|
10
|
-
escape.o: $(hdrdir)/ruby/missing.h
|
11
|
-
escape.o: $(hdrdir)/ruby/onigmo.h
|
12
|
-
escape.o: $(hdrdir)/ruby/oniguruma.h
|
13
|
-
escape.o: $(hdrdir)/ruby/ruby.h
|
14
|
-
escape.o: $(hdrdir)/ruby/st.h
|
15
|
-
escape.o: $(hdrdir)/ruby/subst.h
|
16
2
|
escape.o: escape.c
|
17
|
-
# AUTOGENERATED DEPENDENCIES END
|
data/ext/cgi/escape/escape.c
CHANGED
@@ -32,12 +32,21 @@ preserve_original_state(VALUE orig, VALUE dest)
|
|
32
32
|
rb_enc_associate(dest, rb_enc_get(orig));
|
33
33
|
}
|
34
34
|
|
35
|
+
static inline long
|
36
|
+
escaped_length(VALUE str)
|
37
|
+
{
|
38
|
+
const long len = RSTRING_LEN(str);
|
39
|
+
if (len >= LONG_MAX / HTML_ESCAPE_MAX_LEN) {
|
40
|
+
ruby_malloc_size_overflow(len, HTML_ESCAPE_MAX_LEN);
|
41
|
+
}
|
42
|
+
return len * HTML_ESCAPE_MAX_LEN;
|
43
|
+
}
|
44
|
+
|
35
45
|
static VALUE
|
36
46
|
optimized_escape_html(VALUE str)
|
37
47
|
{
|
38
48
|
VALUE vbuf;
|
39
|
-
|
40
|
-
char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
|
49
|
+
char *buf = ALLOCV_N(char, vbuf, escaped_length(str));
|
41
50
|
const char *cstr = RSTRING_PTR(str);
|
42
51
|
const char *end = cstr + RSTRING_LEN(str);
|
43
52
|
|
@@ -72,8 +81,8 @@ optimized_unescape_html(VALUE str)
|
|
72
81
|
enum {UNICODE_MAX = 0x10ffff};
|
73
82
|
rb_encoding *enc = rb_enc_get(str);
|
74
83
|
unsigned long charlimit = (strcasecmp(rb_enc_name(enc), "UTF-8") == 0 ? UNICODE_MAX :
|
75
|
-
|
76
|
-
|
84
|
+
strcasecmp(rb_enc_name(enc), "ISO-8859-1") == 0 ? 256 :
|
85
|
+
128);
|
77
86
|
long i, len, beg = 0;
|
78
87
|
size_t clen, plen;
|
79
88
|
int overflow;
|
@@ -85,89 +94,89 @@ optimized_unescape_html(VALUE str)
|
|
85
94
|
cstr = RSTRING_PTR(str);
|
86
95
|
|
87
96
|
for (i = 0; i < len; i++) {
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
97
|
+
unsigned long cc;
|
98
|
+
char c = cstr[i];
|
99
|
+
if (c != '&') continue;
|
100
|
+
plen = i - beg;
|
101
|
+
if (++i >= len) break;
|
102
|
+
c = (unsigned char)cstr[i];
|
94
103
|
#define MATCH(s) (len - i >= (int)rb_strlen_lit(s) && \
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
104
|
+
memcmp(&cstr[i], s, rb_strlen_lit(s)) == 0 && \
|
105
|
+
(i += rb_strlen_lit(s) - 1, 1))
|
106
|
+
switch (c) {
|
107
|
+
case 'a':
|
108
|
+
++i;
|
109
|
+
if (MATCH("pos;")) {
|
110
|
+
c = '\'';
|
111
|
+
}
|
112
|
+
else if (MATCH("mp;")) {
|
113
|
+
c = '&';
|
114
|
+
}
|
115
|
+
else continue;
|
116
|
+
break;
|
117
|
+
case 'q':
|
118
|
+
++i;
|
119
|
+
if (MATCH("uot;")) {
|
120
|
+
c = '"';
|
121
|
+
}
|
122
|
+
else continue;
|
123
|
+
break;
|
124
|
+
case 'g':
|
125
|
+
++i;
|
126
|
+
if (MATCH("t;")) {
|
127
|
+
c = '>';
|
128
|
+
}
|
129
|
+
else continue;
|
130
|
+
break;
|
131
|
+
case 'l':
|
132
|
+
++i;
|
133
|
+
if (MATCH("t;")) {
|
134
|
+
c = '<';
|
135
|
+
}
|
136
|
+
else continue;
|
137
|
+
break;
|
138
|
+
case '#':
|
139
|
+
if (len - ++i >= 2 && ISDIGIT(cstr[i])) {
|
140
|
+
cc = ruby_scan_digits(&cstr[i], len-i, 10, &clen, &overflow);
|
141
|
+
}
|
142
|
+
else if ((cstr[i] == 'x' || cstr[i] == 'X') && len - ++i >= 2 && ISXDIGIT(cstr[i])) {
|
143
|
+
cc = ruby_scan_digits(&cstr[i], len-i, 16, &clen, &overflow);
|
144
|
+
}
|
145
|
+
else continue;
|
146
|
+
i += clen;
|
147
|
+
if (overflow || cc >= charlimit || cstr[i] != ';') continue;
|
148
|
+
if (!dest) {
|
149
|
+
dest = rb_str_buf_new(len);
|
150
|
+
}
|
151
|
+
rb_str_cat(dest, cstr + beg, plen);
|
152
|
+
if (charlimit > 256) {
|
153
|
+
rb_str_cat(dest, buf, rb_enc_mbcput((OnigCodePoint)cc, buf, enc));
|
154
|
+
}
|
155
|
+
else {
|
156
|
+
c = (unsigned char)cc;
|
157
|
+
rb_str_cat(dest, &c, 1);
|
158
|
+
}
|
159
|
+
beg = i + 1;
|
160
|
+
continue;
|
161
|
+
default:
|
162
|
+
--i;
|
163
|
+
continue;
|
164
|
+
}
|
165
|
+
if (!dest) {
|
166
|
+
dest = rb_str_buf_new(len);
|
167
|
+
}
|
168
|
+
rb_str_cat(dest, cstr + beg, plen);
|
169
|
+
rb_str_cat(dest, &c, 1);
|
170
|
+
beg = i + 1;
|
162
171
|
}
|
163
172
|
|
164
173
|
if (dest) {
|
165
|
-
|
166
|
-
|
167
|
-
|
174
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
175
|
+
preserve_original_state(str, dest);
|
176
|
+
return dest;
|
168
177
|
}
|
169
178
|
else {
|
170
|
-
|
179
|
+
return rb_str_dup(str);
|
171
180
|
}
|
172
181
|
}
|
173
182
|
|
@@ -191,7 +200,7 @@ url_unreserved_char(unsigned char c)
|
|
191
200
|
}
|
192
201
|
|
193
202
|
static VALUE
|
194
|
-
optimized_escape(VALUE str)
|
203
|
+
optimized_escape(VALUE str, int plus_escape)
|
195
204
|
{
|
196
205
|
long i, len, beg = 0;
|
197
206
|
VALUE dest = 0;
|
@@ -202,38 +211,38 @@ optimized_escape(VALUE str)
|
|
202
211
|
cstr = RSTRING_PTR(str);
|
203
212
|
|
204
213
|
for (i = 0; i < len; ++i) {
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
214
|
+
const unsigned char c = (unsigned char)cstr[i];
|
215
|
+
if (!url_unreserved_char(c)) {
|
216
|
+
if (!dest) {
|
217
|
+
dest = rb_str_buf_new(len);
|
218
|
+
}
|
219
|
+
|
220
|
+
rb_str_cat(dest, cstr + beg, i - beg);
|
221
|
+
beg = i + 1;
|
222
|
+
|
223
|
+
if (plus_escape && c == ' ') {
|
224
|
+
rb_str_cat_cstr(dest, "+");
|
225
|
+
}
|
226
|
+
else {
|
227
|
+
buf[1] = upper_hexdigits[(c >> 4) & 0xf];
|
228
|
+
buf[2] = upper_hexdigits[c & 0xf];
|
229
|
+
rb_str_cat(dest, buf, 3);
|
230
|
+
}
|
231
|
+
}
|
223
232
|
}
|
224
233
|
|
225
234
|
if (dest) {
|
226
|
-
|
227
|
-
|
228
|
-
|
235
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
236
|
+
preserve_original_state(str, dest);
|
237
|
+
return dest;
|
229
238
|
}
|
230
239
|
else {
|
231
|
-
|
240
|
+
return rb_str_dup(str);
|
232
241
|
}
|
233
242
|
}
|
234
243
|
|
235
244
|
static VALUE
|
236
|
-
optimized_unescape(VALUE str, VALUE encoding)
|
245
|
+
optimized_unescape(VALUE str, VALUE encoding, int unescape_plus)
|
237
246
|
{
|
238
247
|
long i, len, beg = 0;
|
239
248
|
VALUE dest = 0;
|
@@ -245,52 +254,52 @@ optimized_unescape(VALUE str, VALUE encoding)
|
|
245
254
|
cstr = RSTRING_PTR(str);
|
246
255
|
|
247
256
|
for (i = 0; i < len; ++i) {
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
257
|
+
char buf[1];
|
258
|
+
const char c = cstr[i];
|
259
|
+
int clen = 0;
|
260
|
+
if (c == '%') {
|
261
|
+
if (i + 3 > len) break;
|
262
|
+
if (!ISXDIGIT(cstr[i+1])) continue;
|
263
|
+
if (!ISXDIGIT(cstr[i+2])) continue;
|
264
|
+
buf[0] = ((char_to_number(cstr[i+1]) << 4)
|
265
|
+
| char_to_number(cstr[i+2]));
|
266
|
+
clen = 2;
|
267
|
+
}
|
268
|
+
else if (unescape_plus && c == '+') {
|
269
|
+
buf[0] = ' ';
|
270
|
+
}
|
271
|
+
else {
|
272
|
+
continue;
|
273
|
+
}
|
274
|
+
|
275
|
+
if (!dest) {
|
276
|
+
dest = rb_str_buf_new(len);
|
277
|
+
}
|
278
|
+
|
279
|
+
rb_str_cat(dest, cstr + beg, i - beg);
|
280
|
+
i += clen;
|
281
|
+
beg = i + 1;
|
282
|
+
|
283
|
+
rb_str_cat(dest, buf, 1);
|
275
284
|
}
|
276
285
|
|
277
286
|
if (dest) {
|
278
|
-
|
279
|
-
|
280
|
-
|
287
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
288
|
+
preserve_original_state(str, dest);
|
289
|
+
cr = ENC_CODERANGE_UNKNOWN;
|
281
290
|
}
|
282
291
|
else {
|
283
|
-
|
284
|
-
|
292
|
+
dest = rb_str_dup(str);
|
293
|
+
cr = ENC_CODERANGE(str);
|
285
294
|
}
|
286
295
|
origenc = rb_enc_get_index(str);
|
287
296
|
if (origenc != encidx) {
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
297
|
+
rb_enc_associate_index(dest, encidx);
|
298
|
+
if (!ENC_CODERANGE_CLEAN_P(rb_enc_str_coderange(dest))) {
|
299
|
+
rb_enc_associate_index(dest, origenc);
|
300
|
+
if (cr != ENC_CODERANGE_UNKNOWN)
|
301
|
+
ENC_CODERANGE_SET(dest, cr);
|
302
|
+
}
|
294
303
|
}
|
295
304
|
return dest;
|
296
305
|
}
|
@@ -308,10 +317,10 @@ cgiesc_escape_html(VALUE self, VALUE str)
|
|
308
317
|
StringValue(str);
|
309
318
|
|
310
319
|
if (rb_enc_str_asciicompat_p(str)) {
|
311
|
-
|
320
|
+
return optimized_escape_html(str);
|
312
321
|
}
|
313
322
|
else {
|
314
|
-
|
323
|
+
return rb_call_super(1, &str);
|
315
324
|
}
|
316
325
|
}
|
317
326
|
|
@@ -328,10 +337,10 @@ cgiesc_unescape_html(VALUE self, VALUE str)
|
|
328
337
|
StringValue(str);
|
329
338
|
|
330
339
|
if (rb_enc_str_asciicompat_p(str)) {
|
331
|
-
|
340
|
+
return optimized_unescape_html(str);
|
332
341
|
}
|
333
342
|
else {
|
334
|
-
|
343
|
+
return rb_call_super(1, &str);
|
335
344
|
}
|
336
345
|
}
|
337
346
|
|
@@ -339,7 +348,7 @@ cgiesc_unescape_html(VALUE self, VALUE str)
|
|
339
348
|
* call-seq:
|
340
349
|
* CGI.escape(string) -> string
|
341
350
|
*
|
342
|
-
* Returns URL-escaped string.
|
351
|
+
* Returns URL-escaped string (+application/x-www-form-urlencoded+).
|
343
352
|
*
|
344
353
|
*/
|
345
354
|
static VALUE
|
@@ -348,10 +357,10 @@ cgiesc_escape(VALUE self, VALUE str)
|
|
348
357
|
StringValue(str);
|
349
358
|
|
350
359
|
if (rb_enc_str_asciicompat_p(str)) {
|
351
|
-
|
360
|
+
return optimized_escape(str, 1);
|
352
361
|
}
|
353
362
|
else {
|
354
|
-
|
363
|
+
return rb_call_super(1, &str);
|
355
364
|
}
|
356
365
|
}
|
357
366
|
|
@@ -359,7 +368,7 @@ static VALUE
|
|
359
368
|
accept_charset(int argc, VALUE *argv, VALUE self)
|
360
369
|
{
|
361
370
|
if (argc > 0)
|
362
|
-
|
371
|
+
return argv[0];
|
363
372
|
return rb_cvar_get(CLASS_OF(self), id_accept_charset);
|
364
373
|
}
|
365
374
|
|
@@ -367,7 +376,7 @@ accept_charset(int argc, VALUE *argv, VALUE self)
|
|
367
376
|
* call-seq:
|
368
377
|
* CGI.unescape(string, encoding=@@accept_charset) -> string
|
369
378
|
*
|
370
|
-
* Returns URL-unescaped string.
|
379
|
+
* Returns URL-unescaped string (+application/x-www-form-urlencoded+).
|
371
380
|
*
|
372
381
|
*/
|
373
382
|
static VALUE
|
@@ -378,17 +387,64 @@ cgiesc_unescape(int argc, VALUE *argv, VALUE self)
|
|
378
387
|
StringValue(str);
|
379
388
|
|
380
389
|
if (rb_enc_str_asciicompat_p(str)) {
|
381
|
-
|
382
|
-
|
390
|
+
VALUE enc = accept_charset(argc-1, argv+1, self);
|
391
|
+
return optimized_unescape(str, enc, 1);
|
383
392
|
}
|
384
393
|
else {
|
385
|
-
|
394
|
+
return rb_call_super(argc, argv);
|
395
|
+
}
|
396
|
+
}
|
397
|
+
|
398
|
+
/*
|
399
|
+
* call-seq:
|
400
|
+
* CGI.escapeURIComponent(string) -> string
|
401
|
+
*
|
402
|
+
* Returns URL-escaped string following RFC 3986.
|
403
|
+
*
|
404
|
+
*/
|
405
|
+
static VALUE
|
406
|
+
cgiesc_escape_uri_component(VALUE self, VALUE str)
|
407
|
+
{
|
408
|
+
StringValue(str);
|
409
|
+
|
410
|
+
if (rb_enc_str_asciicompat_p(str)) {
|
411
|
+
return optimized_escape(str, 0);
|
412
|
+
}
|
413
|
+
else {
|
414
|
+
return rb_call_super(1, &str);
|
415
|
+
}
|
416
|
+
}
|
417
|
+
|
418
|
+
/*
|
419
|
+
* call-seq:
|
420
|
+
* CGI.unescapeURIComponent(string, encoding=@@accept_charset) -> string
|
421
|
+
*
|
422
|
+
* Returns URL-unescaped string following RFC 3986.
|
423
|
+
*
|
424
|
+
*/
|
425
|
+
static VALUE
|
426
|
+
cgiesc_unescape_uri_component(int argc, VALUE *argv, VALUE self)
|
427
|
+
{
|
428
|
+
VALUE str = (rb_check_arity(argc, 1, 2), argv[0]);
|
429
|
+
|
430
|
+
StringValue(str);
|
431
|
+
|
432
|
+
if (rb_enc_str_asciicompat_p(str)) {
|
433
|
+
VALUE enc = accept_charset(argc-1, argv+1, self);
|
434
|
+
return optimized_unescape(str, enc, 0);
|
435
|
+
}
|
436
|
+
else {
|
437
|
+
return rb_call_super(argc, argv);
|
386
438
|
}
|
387
439
|
}
|
388
440
|
|
389
441
|
void
|
390
442
|
Init_escape(void)
|
391
443
|
{
|
444
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
445
|
+
rb_ext_ractor_safe(true);
|
446
|
+
#endif
|
447
|
+
|
392
448
|
id_accept_charset = rb_intern_const("@@accept_charset");
|
393
449
|
InitVM(escape);
|
394
450
|
}
|
@@ -401,6 +457,8 @@ InitVM_escape(void)
|
|
401
457
|
rb_mUtil = rb_define_module_under(rb_cCGI, "Util");
|
402
458
|
rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
|
403
459
|
rb_define_method(rb_mEscape, "unescapeHTML", cgiesc_unescape_html, 1);
|
460
|
+
rb_define_method(rb_mEscape, "escapeURIComponent", cgiesc_escape_uri_component, 1);
|
461
|
+
rb_define_method(rb_mEscape, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
|
404
462
|
rb_define_method(rb_mEscape, "escape", cgiesc_escape, 1);
|
405
463
|
rb_define_method(rb_mEscape, "unescape", cgiesc_unescape, -1);
|
406
464
|
rb_prepend_module(rb_mUtil, rb_mEscape);
|
data/lib/cgi/cookie.rb
CHANGED
@@ -42,7 +42,7 @@ class CGI
|
|
42
42
|
|
43
43
|
TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
|
44
44
|
PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
|
45
|
-
DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
|
45
|
+
DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
|
46
46
|
|
47
47
|
# Create a new CGI::Cookie object.
|
48
48
|
#
|
data/lib/cgi/session/pstore.rb
CHANGED
@@ -44,20 +44,8 @@ class CGI
|
|
44
44
|
# This session's PStore file will be created if it does
|
45
45
|
# not exist, or opened if it does.
|
46
46
|
def initialize(session, option={})
|
47
|
-
|
48
|
-
|
49
|
-
id = session.session_id
|
50
|
-
require 'digest/md5'
|
51
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
52
|
-
path = dir+"/"+prefix+md5
|
53
|
-
if File::exist?(path)
|
54
|
-
@hash = nil
|
55
|
-
else
|
56
|
-
unless session.new_session
|
57
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
58
|
-
end
|
59
|
-
@hash = {}
|
60
|
-
end
|
47
|
+
option = {'suffix'=>''}.update(option)
|
48
|
+
path, @hash = session.new_store_file(option)
|
61
49
|
@p = ::PStore.new(path)
|
62
50
|
@p.transaction do |p|
|
63
51
|
File.chmod(0600, p.path)
|
data/lib/cgi/session.rb
CHANGED
@@ -189,6 +189,47 @@ class CGI
|
|
189
189
|
end
|
190
190
|
private :create_new_id
|
191
191
|
|
192
|
+
|
193
|
+
# Create a new file to store the session data.
|
194
|
+
#
|
195
|
+
# This file will be created if it does not exist, or opened if it
|
196
|
+
# does.
|
197
|
+
#
|
198
|
+
# This path is generated under _tmpdir_ from _prefix_, the
|
199
|
+
# digested session id, and _suffix_.
|
200
|
+
#
|
201
|
+
# +option+ is a hash of options for the initializer. The
|
202
|
+
# following options are recognised:
|
203
|
+
#
|
204
|
+
# tmpdir:: the directory to use for storing the FileStore
|
205
|
+
# file. Defaults to Dir::tmpdir (generally "/tmp"
|
206
|
+
# on Unix systems).
|
207
|
+
# prefix:: the prefix to add to the session id when generating
|
208
|
+
# the filename for this session's FileStore file.
|
209
|
+
# Defaults to "cgi_sid_".
|
210
|
+
# suffix:: the prefix to add to the session id when generating
|
211
|
+
# the filename for this session's FileStore file.
|
212
|
+
# Defaults to the empty string.
|
213
|
+
def new_store_file(option={}) # :nodoc:
|
214
|
+
dir = option['tmpdir'] || Dir::tmpdir
|
215
|
+
prefix = option['prefix']
|
216
|
+
suffix = option['suffix']
|
217
|
+
require 'digest/md5'
|
218
|
+
md5 = Digest::MD5.hexdigest(session_id)[0,16]
|
219
|
+
path = dir+"/"
|
220
|
+
path << prefix if prefix
|
221
|
+
path << md5
|
222
|
+
path << suffix if suffix
|
223
|
+
if File::exist? path
|
224
|
+
hash = nil
|
225
|
+
elsif new_session
|
226
|
+
hash = {}
|
227
|
+
else
|
228
|
+
raise NoSession, "uninitialized session"
|
229
|
+
end
|
230
|
+
return path, hash
|
231
|
+
end
|
232
|
+
|
192
233
|
# Create a new CGI::Session object for +request+.
|
193
234
|
#
|
194
235
|
# +request+ is an instance of the +CGI+ class (see cgi.rb).
|
@@ -373,21 +414,8 @@ class CGI
|
|
373
414
|
# This session's FileStore file will be created if it does
|
374
415
|
# not exist, or opened if it does.
|
375
416
|
def initialize(session, option={})
|
376
|
-
|
377
|
-
|
378
|
-
suffix = option['suffix'] || ''
|
379
|
-
id = session.session_id
|
380
|
-
require 'digest/md5'
|
381
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
382
|
-
@path = dir+"/"+prefix+md5+suffix
|
383
|
-
if File::exist? @path
|
384
|
-
@hash = nil
|
385
|
-
else
|
386
|
-
unless session.new_session
|
387
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
388
|
-
end
|
389
|
-
@hash = {}
|
390
|
-
end
|
417
|
+
option = {'prefix' => 'cgi_sid_'}.update(option)
|
418
|
+
@path, @hash = session.new_store_file(option)
|
391
419
|
end
|
392
420
|
|
393
421
|
# Restore session state from the session's FileStore file.
|
data/lib/cgi/util.rb
CHANGED
@@ -5,24 +5,57 @@ class CGI
|
|
5
5
|
extend Util
|
6
6
|
end
|
7
7
|
module CGI::Util
|
8
|
-
@@accept_charset=
|
9
|
-
|
8
|
+
@@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
|
9
|
+
|
10
|
+
# URL-encode a string into application/x-www-form-urlencoded.
|
11
|
+
# Space characters (+" "+) are encoded with plus signs (+"+"+)
|
10
12
|
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
11
13
|
# # => "%27Stop%21%27+said+Fred"
|
12
14
|
def escape(string)
|
13
15
|
encoding = string.encoding
|
14
|
-
string.b
|
16
|
+
buffer = string.b
|
17
|
+
buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
|
15
18
|
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
16
|
-
end
|
19
|
+
end
|
20
|
+
buffer.tr!(' ', '+')
|
21
|
+
buffer.force_encoding(encoding)
|
17
22
|
end
|
18
23
|
|
19
|
-
# URL-decode
|
24
|
+
# URL-decode an application/x-www-form-urlencoded string with encoding(optional).
|
20
25
|
# string = CGI.unescape("%27Stop%21%27+said+Fred")
|
21
26
|
# # => "'Stop!' said Fred"
|
22
|
-
def unescape(string,encoding
|
23
|
-
str=string.tr('+', ' ')
|
27
|
+
def unescape(string, encoding = @@accept_charset)
|
28
|
+
str = string.tr('+', ' ')
|
29
|
+
str = str.b
|
30
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
24
31
|
[m.delete('%')].pack('H*')
|
25
|
-
end
|
32
|
+
end
|
33
|
+
str.force_encoding(encoding)
|
34
|
+
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
35
|
+
end
|
36
|
+
|
37
|
+
# URL-encode a string following RFC 3986
|
38
|
+
# Space characters (+" "+) are encoded with (+"%20"+)
|
39
|
+
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
40
|
+
# # => "%27Stop%21%27%20said%20Fred"
|
41
|
+
def escapeURIComponent(string)
|
42
|
+
encoding = string.encoding
|
43
|
+
buffer = string.b
|
44
|
+
buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
|
45
|
+
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
46
|
+
end
|
47
|
+
buffer.force_encoding(encoding)
|
48
|
+
end
|
49
|
+
|
50
|
+
# URL-decode a string following RFC 3986 with encoding(optional).
|
51
|
+
# string = CGI.unescape("%27Stop%21%27+said%20Fred")
|
52
|
+
# # => "'Stop!'+said Fred"
|
53
|
+
def unescapeURIComponent(string, encoding = @@accept_charset)
|
54
|
+
str = string.b
|
55
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
56
|
+
[m.delete('%')].pack('H*')
|
57
|
+
end
|
58
|
+
str.force_encoding(encoding)
|
26
59
|
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
27
60
|
end
|
28
61
|
|
@@ -49,9 +82,12 @@ module CGI::Util
|
|
49
82
|
table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
|
50
83
|
string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
|
51
84
|
string.encode!(origenc) if origenc
|
52
|
-
|
85
|
+
string
|
86
|
+
else
|
87
|
+
string = string.b
|
88
|
+
string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
89
|
+
string.force_encoding(enc)
|
53
90
|
end
|
54
|
-
string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
55
91
|
end
|
56
92
|
|
57
93
|
begin
|
@@ -90,7 +126,8 @@ module CGI::Util
|
|
90
126
|
when Encoding::ISO_8859_1; 256
|
91
127
|
else 128
|
92
128
|
end
|
93
|
-
string.
|
129
|
+
string = string.b
|
130
|
+
string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
|
94
131
|
match = $1.dup
|
95
132
|
case match
|
96
133
|
when 'apos' then "'"
|
@@ -116,6 +153,7 @@ module CGI::Util
|
|
116
153
|
"&#{match};"
|
117
154
|
end
|
118
155
|
end
|
156
|
+
string.force_encoding enc
|
119
157
|
end
|
120
158
|
|
121
159
|
# Synonym for CGI.escapeHTML(str)
|
@@ -174,21 +212,12 @@ module CGI::Util
|
|
174
212
|
# Synonym for CGI.unescapeElement(str)
|
175
213
|
alias unescape_element unescapeElement
|
176
214
|
|
177
|
-
# Abbreviated day-of-week names specified by RFC 822
|
178
|
-
RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
|
179
|
-
|
180
|
-
# Abbreviated month names specified by RFC 822
|
181
|
-
RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
|
182
|
-
|
183
215
|
# Format a +Time+ object as a String using the format specified by RFC 1123.
|
184
216
|
#
|
185
217
|
# CGI.rfc1123_date(Time.now)
|
186
218
|
# # Sat, 01 Jan 2000 00:00:00 GMT
|
187
219
|
def rfc1123_date(time)
|
188
|
-
|
189
|
-
return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
|
190
|
-
RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
|
191
|
-
t.hour, t.min, t.sec)
|
220
|
+
time.getgm.strftime("%a, %d %b %Y %T GMT")
|
192
221
|
end
|
193
222
|
|
194
223
|
# Prettify (indent) an HTML string.
|
data/lib/cgi.rb
CHANGED
@@ -162,7 +162,7 @@
|
|
162
162
|
# cgi.has_key?('field_name')
|
163
163
|
# cgi.include?('field_name')
|
164
164
|
#
|
165
|
-
# CAUTION! cgi['field_name'] returned an Array with the old
|
165
|
+
# CAUTION! <code>cgi['field_name']</code> returned an Array with the old
|
166
166
|
# cgi.rb(included in Ruby 1.6)
|
167
167
|
#
|
168
168
|
# === Get form values as hash
|
@@ -288,6 +288,7 @@
|
|
288
288
|
#
|
289
289
|
|
290
290
|
class CGI
|
291
|
+
VERSION = "0.3.6"
|
291
292
|
end
|
292
293
|
|
293
294
|
require 'cgi/core'
|
metadata
CHANGED
@@ -1,31 +1,25 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yukihiro Matsumoto
|
8
8
|
autorequire:
|
9
|
-
bindir:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-11-
|
11
|
+
date: 2022-11-28 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|
15
15
|
- matz@ruby-lang.org
|
16
16
|
executables: []
|
17
|
-
extensions:
|
17
|
+
extensions:
|
18
|
+
- ext/cgi/escape/extconf.rb
|
18
19
|
extra_rdoc_files: []
|
19
20
|
files:
|
20
|
-
- ".gitignore"
|
21
|
-
- ".travis.yml"
|
22
|
-
- Gemfile
|
23
21
|
- LICENSE.txt
|
24
22
|
- README.md
|
25
|
-
- Rakefile
|
26
|
-
- bin/console
|
27
|
-
- bin/setup
|
28
|
-
- cgi.gemspec
|
29
23
|
- ext/cgi/escape/depend
|
30
24
|
- ext/cgi/escape/escape.c
|
31
25
|
- ext/cgi/escape/extconf.rb
|
@@ -36,9 +30,9 @@ files:
|
|
36
30
|
- lib/cgi/session.rb
|
37
31
|
- lib/cgi/session/pstore.rb
|
38
32
|
- lib/cgi/util.rb
|
39
|
-
- lib/cgi/version.rb
|
40
33
|
homepage: https://github.com/ruby/cgi
|
41
34
|
licenses:
|
35
|
+
- Ruby
|
42
36
|
- BSD-2-Clause
|
43
37
|
metadata:
|
44
38
|
homepage_uri: https://github.com/ruby/cgi
|
@@ -51,7 +45,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
51
45
|
requirements:
|
52
46
|
- - ">="
|
53
47
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
48
|
+
version: 2.5.0
|
55
49
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
56
50
|
requirements:
|
57
51
|
- - ">="
|
data/.gitignore
DELETED
data/.travis.yml
DELETED
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
require "bundler/gem_tasks"
|
2
|
-
require "rake/testtask"
|
3
|
-
|
4
|
-
Rake::TestTask.new(:test) do |t|
|
5
|
-
t.libs << "test/lib"
|
6
|
-
t.ruby_opts << "-rhelper"
|
7
|
-
t.test_files = FileList['test/**/test_*.rb']
|
8
|
-
end
|
9
|
-
|
10
|
-
require 'rake/extensiontask'
|
11
|
-
Rake::ExtensionTask.new("cgi/escape")
|
12
|
-
|
13
|
-
task :default => :test
|
data/bin/console
DELETED
data/bin/setup
DELETED
data/cgi.gemspec
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
begin
|
2
|
-
require_relative "lib/cgi/version"
|
3
|
-
rescue LoadError # Fallback to load version file in ruby core repository
|
4
|
-
require_relative "version"
|
5
|
-
end
|
6
|
-
|
7
|
-
Gem::Specification.new do |spec|
|
8
|
-
spec.name = "cgi"
|
9
|
-
spec.version = CGI::VERSION
|
10
|
-
spec.authors = ["Yukihiro Matsumoto"]
|
11
|
-
spec.email = ["matz@ruby-lang.org"]
|
12
|
-
|
13
|
-
spec.summary = %q{Support for the Common Gateway Interface protocol.}
|
14
|
-
spec.description = %q{Support for the Common Gateway Interface protocol.}
|
15
|
-
spec.homepage = "https://github.com/ruby/cgi"
|
16
|
-
spec.license = "BSD-2-Clause"
|
17
|
-
|
18
|
-
spec.metadata["homepage_uri"] = spec.homepage
|
19
|
-
spec.metadata["source_code_uri"] = spec.homepage
|
20
|
-
|
21
|
-
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
22
|
-
`git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
23
|
-
end
|
24
|
-
spec.bindir = "exe"
|
25
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
|
-
spec.require_paths = ["lib"]
|
27
|
-
end
|
data/lib/cgi/version.rb
DELETED