cgi 0.1.0 → 0.1.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of cgi might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/cgi.gemspec +9 -7
- data/ext/cgi/escape/escape.c +2 -3
- data/lib/cgi/cookie.rb +4 -11
- data/lib/cgi/core.rb +10 -9
- data/lib/cgi/html.rb +3 -3
- data/lib/cgi/session/pstore.rb +0 -1
- data/lib/cgi/session.rb +2 -2
- data/lib/cgi/util.rb +19 -19
- data/lib/cgi/version.rb +1 -1
- data/lib/cgi.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de6f4f6a0ff1e6b0e525b68b7bc03e700146bbd881648094674128ab59979e38
|
4
|
+
data.tar.gz: 1c3c231e1e9c0374b4d80528c1cb8bc9414d8c65aaf53927edb85f9a184699d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27096879d4596c9b333fd70fb36874984870cd133388e31271cbad902ed4ca3785f62ef94f056ba09e47027a8cc161c24aede0723f35323a5c008cb8cc236a25
|
7
|
+
data.tar.gz: d5c33d0414644d31f51de5c5637c5625b5a3cb90405587fc30d1bbb5e1fc153483e6b3b5ce7054891ab0b81b076eaac98f0eda4dc47bb3feedfdf74ded6b091e
|
data/cgi.gemspec
CHANGED
@@ -1,25 +1,27 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
begin
|
2
|
+
require_relative "lib/cgi/version"
|
3
|
+
rescue LoadError # Fallback to load version file in ruby core repository
|
4
|
+
require_relative "version"
|
5
|
+
end
|
4
6
|
|
5
7
|
Gem::Specification.new do |spec|
|
6
8
|
spec.name = "cgi"
|
7
9
|
spec.version = CGI::VERSION
|
8
|
-
spec.authors = ["
|
9
|
-
spec.email = ["
|
10
|
+
spec.authors = ["Yukihiro Matsumoto"]
|
11
|
+
spec.email = ["matz@ruby-lang.org"]
|
10
12
|
|
11
13
|
spec.summary = %q{Support for the Common Gateway Interface protocol.}
|
12
14
|
spec.description = %q{Support for the Common Gateway Interface protocol.}
|
13
15
|
spec.homepage = "https://github.com/ruby/cgi"
|
16
|
+
spec.license = "BSD-2-Clause"
|
14
17
|
|
15
18
|
spec.metadata["homepage_uri"] = spec.homepage
|
16
19
|
spec.metadata["source_code_uri"] = spec.homepage
|
17
20
|
|
18
21
|
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
19
|
-
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
|
+
`git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
20
23
|
end
|
21
24
|
spec.bindir = "exe"
|
22
25
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
23
26
|
spec.require_paths = ["lib"]
|
24
|
-
spec.license = "BSD-2-Clause"
|
25
27
|
end
|
data/ext/cgi/escape/escape.c
CHANGED
@@ -30,15 +30,14 @@ static inline void
|
|
30
30
|
preserve_original_state(VALUE orig, VALUE dest)
|
31
31
|
{
|
32
32
|
rb_enc_associate(dest, rb_enc_get(orig));
|
33
|
-
|
34
|
-
RB_OBJ_INFECT_RAW(dest, orig);
|
35
33
|
}
|
36
34
|
|
37
35
|
static VALUE
|
38
36
|
optimized_escape_html(VALUE str)
|
39
37
|
{
|
40
38
|
VALUE vbuf;
|
41
|
-
|
39
|
+
typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
|
40
|
+
char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
|
42
41
|
const char *cstr = RSTRING_PTR(str);
|
43
42
|
const char *end = cstr + RSTRING_LEN(str);
|
44
43
|
|
data/lib/cgi/cookie.rb
CHANGED
@@ -57,7 +57,7 @@ class CGI
|
|
57
57
|
#
|
58
58
|
# name:: the name of the cookie. Required.
|
59
59
|
# value:: the cookie's value or list of values.
|
60
|
-
# path:: the path for which this cookie applies. Defaults to
|
60
|
+
# path:: the path for which this cookie applies. Defaults to
|
61
61
|
# the value of the +SCRIPT_NAME+ environment variable.
|
62
62
|
# domain:: the domain for which this cookie applies.
|
63
63
|
# expires:: the time at which this cookie expires, as a +Time+ object.
|
@@ -73,8 +73,7 @@ class CGI
|
|
73
73
|
@expires = nil
|
74
74
|
if name.kind_of?(String)
|
75
75
|
@name = name
|
76
|
-
%r
|
77
|
-
@path = ($1 or "")
|
76
|
+
@path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
78
77
|
@secure = false
|
79
78
|
@httponly = false
|
80
79
|
return super(value)
|
@@ -88,12 +87,7 @@ class CGI
|
|
88
87
|
@name = options["name"]
|
89
88
|
value = Array(options["value"])
|
90
89
|
# simple support for IE
|
91
|
-
|
92
|
-
@path = options["path"]
|
93
|
-
else
|
94
|
-
%r|^(.*/)|.match(ENV["SCRIPT_NAME"])
|
95
|
-
@path = ($1 or "")
|
96
|
-
end
|
90
|
+
@path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
97
91
|
@domain = options["domain"]
|
98
92
|
@expires = options["expires"]
|
99
93
|
@secure = options["secure"] == true
|
@@ -146,7 +140,7 @@ class CGI
|
|
146
140
|
buf = "#{@name}=#{val}".dup
|
147
141
|
buf << "; domain=#{@domain}" if @domain
|
148
142
|
buf << "; path=#{@path}" if @path
|
149
|
-
buf << "; expires=#{CGI
|
143
|
+
buf << "; expires=#{CGI.rfc1123_date(@expires)}" if @expires
|
150
144
|
buf << "; secure" if @secure
|
151
145
|
buf << "; HttpOnly" if @httponly
|
152
146
|
buf
|
@@ -165,7 +159,6 @@ class CGI
|
|
165
159
|
raw_cookie.split(/;\s?/).each do |pairs|
|
166
160
|
name, values = pairs.split('=',2)
|
167
161
|
next unless name and values
|
168
|
-
name = CGI.unescape(name)
|
169
162
|
values ||= ""
|
170
163
|
values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
|
171
164
|
if cookies.has_key?(name)
|
data/lib/cgi/core.rb
CHANGED
@@ -261,7 +261,7 @@ class CGI
|
|
261
261
|
private :_header_for_hash
|
262
262
|
|
263
263
|
def nph? #:nodoc:
|
264
|
-
return /IIS\/(\d+)
|
264
|
+
return /IIS\/(\d+)/ =~ $CGI_ENV['SERVER_SOFTWARE'] && $1.to_i < 5
|
265
265
|
end
|
266
266
|
|
267
267
|
def _header_for_modruby(buf) #:nodoc:
|
@@ -375,14 +375,14 @@ class CGI
|
|
375
375
|
|
376
376
|
# Parse an HTTP query string into a hash of key=>value pairs.
|
377
377
|
#
|
378
|
-
# params = CGI
|
378
|
+
# params = CGI.parse("query_string")
|
379
379
|
# # {"name1" => ["value1", "value2", ...],
|
380
380
|
# # "name2" => ["value1", "value2", ...], ... }
|
381
381
|
#
|
382
|
-
def
|
382
|
+
def self.parse(query)
|
383
383
|
params = {}
|
384
384
|
query.split(/[&;]/).each do |pairs|
|
385
|
-
key, value = pairs.split('=',2).collect{|v| CGI
|
385
|
+
key, value = pairs.split('=',2).collect{|v| CGI.unescape(v) }
|
386
386
|
|
387
387
|
next unless key
|
388
388
|
|
@@ -544,11 +544,11 @@ class CGI
|
|
544
544
|
/Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
|
545
545
|
filename = $1 || $2 || ''.dup
|
546
546
|
filename = CGI.unescape(filename) if unescape_filename?()
|
547
|
-
body.instance_variable_set(:@original_filename, filename
|
547
|
+
body.instance_variable_set(:@original_filename, filename)
|
548
548
|
## content type
|
549
549
|
/Content-Type: (.*)/i.match(head)
|
550
550
|
(content_type = $1 || ''.dup).chomp!
|
551
|
-
body.instance_variable_set(:@content_type, content_type
|
551
|
+
body.instance_variable_set(:@content_type, content_type)
|
552
552
|
## query parameter name
|
553
553
|
/Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
|
554
554
|
name = $1 || $2 || ''
|
@@ -607,6 +607,7 @@ class CGI
|
|
607
607
|
end
|
608
608
|
def unescape_filename? #:nodoc:
|
609
609
|
user_agent = $CGI_ENV['HTTP_USER_AGENT']
|
610
|
+
return false unless user_agent
|
610
611
|
return /Mac/i.match(user_agent) && /Mozilla/i.match(user_agent) && !/MSIE/i.match(user_agent)
|
611
612
|
end
|
612
613
|
|
@@ -648,7 +649,7 @@ class CGI
|
|
648
649
|
# Reads query parameters in the @params field, and cookies into @cookies.
|
649
650
|
def initialize_query()
|
650
651
|
if ("POST" == env_table['REQUEST_METHOD']) and
|
651
|
-
%r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"
|
652
|
+
%r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?| =~ env_table['CONTENT_TYPE']
|
652
653
|
current_max_multipart_length = @max_multipart_length.respond_to?(:call) ? @max_multipart_length.call : @max_multipart_length
|
653
654
|
raise StandardError.new("too large multipart data.") if env_table['CONTENT_LENGTH'].to_i > current_max_multipart_length
|
654
655
|
boundary = $1.dup
|
@@ -656,7 +657,7 @@ class CGI
|
|
656
657
|
@params = read_multipart(boundary, Integer(env_table['CONTENT_LENGTH']))
|
657
658
|
else
|
658
659
|
@multipart = false
|
659
|
-
@params = CGI
|
660
|
+
@params = CGI.parse(
|
660
661
|
case env_table['REQUEST_METHOD']
|
661
662
|
when "GET", "HEAD"
|
662
663
|
if defined?(MOD_RUBY)
|
@@ -686,7 +687,7 @@ class CGI
|
|
686
687
|
end
|
687
688
|
end
|
688
689
|
|
689
|
-
@cookies = CGI::Cookie
|
690
|
+
@cookies = CGI::Cookie.parse((env_table['HTTP_COOKIE'] or env_table['COOKIE']))
|
690
691
|
end
|
691
692
|
private :initialize_query
|
692
693
|
|
data/lib/cgi/html.rb
CHANGED
@@ -30,10 +30,10 @@ class CGI
|
|
30
30
|
attributes.each do|name, value|
|
31
31
|
next unless value
|
32
32
|
s << " "
|
33
|
-
s << CGI
|
33
|
+
s << CGI.escapeHTML(name.to_s)
|
34
34
|
if value != true
|
35
35
|
s << '="'
|
36
|
-
s << CGI
|
36
|
+
s << CGI.escapeHTML(value.to_s)
|
37
37
|
s << '"'
|
38
38
|
end
|
39
39
|
end
|
@@ -423,7 +423,7 @@ class CGI
|
|
423
423
|
buf << super(attributes)
|
424
424
|
|
425
425
|
if pretty
|
426
|
-
CGI
|
426
|
+
CGI.pretty(buf, pretty)
|
427
427
|
else
|
428
428
|
buf
|
429
429
|
end
|
data/lib/cgi/session/pstore.rb
CHANGED
data/lib/cgi/session.rb
CHANGED
@@ -403,7 +403,7 @@ class CGI
|
|
403
403
|
for line in f
|
404
404
|
line.chomp!
|
405
405
|
k, v = line.split('=',2)
|
406
|
-
@hash[CGI
|
406
|
+
@hash[CGI.unescape(k)] = Marshal.restore(CGI.unescape(v))
|
407
407
|
end
|
408
408
|
ensure
|
409
409
|
f&.close
|
@@ -421,7 +421,7 @@ class CGI
|
|
421
421
|
lockf.flock File::LOCK_EX
|
422
422
|
f = File.open(@path+".new", File::CREAT|File::TRUNC|File::WRONLY, 0600)
|
423
423
|
for k,v in @hash
|
424
|
-
f.printf "%s=%s\n", CGI
|
424
|
+
f.printf "%s=%s\n", CGI.escape(k), CGI.escape(String(Marshal.dump(v)))
|
425
425
|
end
|
426
426
|
f.close
|
427
427
|
File.rename @path+".new", @path
|
data/lib/cgi/util.rb
CHANGED
@@ -7,7 +7,7 @@ end
|
|
7
7
|
module CGI::Util
|
8
8
|
@@accept_charset="UTF-8" unless defined?(@@accept_charset)
|
9
9
|
# URL-encode a string.
|
10
|
-
# url_encoded_string = CGI
|
10
|
+
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
11
11
|
# # => "%27Stop%21%27+said+Fred"
|
12
12
|
def escape(string)
|
13
13
|
encoding = string.encoding
|
@@ -17,7 +17,7 @@ module CGI::Util
|
|
17
17
|
end
|
18
18
|
|
19
19
|
# URL-decode a string with encoding(optional).
|
20
|
-
# string = CGI
|
20
|
+
# string = CGI.unescape("%27Stop%21%27+said+Fred")
|
21
21
|
# # => "'Stop!' said Fred"
|
22
22
|
def unescape(string,encoding=@@accept_charset)
|
23
23
|
str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
@@ -36,7 +36,7 @@ module CGI::Util
|
|
36
36
|
}
|
37
37
|
|
38
38
|
# Escape special characters in HTML, namely '&\"<>
|
39
|
-
# CGI
|
39
|
+
# CGI.escapeHTML('Usage: foo "bar" <baz>')
|
40
40
|
# # => "Usage: foo "bar" <baz>"
|
41
41
|
def escapeHTML(string)
|
42
42
|
enc = string.encoding
|
@@ -60,7 +60,7 @@ module CGI::Util
|
|
60
60
|
end
|
61
61
|
|
62
62
|
# Unescape a string that has been HTML-escaped
|
63
|
-
# CGI
|
63
|
+
# CGI.unescapeHTML("Usage: foo "bar" <baz>")
|
64
64
|
# # => "Usage: foo \"bar\" <baz>"
|
65
65
|
def unescapeHTML(string)
|
66
66
|
enc = string.encoding
|
@@ -118,10 +118,10 @@ module CGI::Util
|
|
118
118
|
end
|
119
119
|
end
|
120
120
|
|
121
|
-
# Synonym for CGI
|
121
|
+
# Synonym for CGI.escapeHTML(str)
|
122
122
|
alias escape_html escapeHTML
|
123
123
|
|
124
|
-
# Synonym for CGI
|
124
|
+
# Synonym for CGI.unescapeHTML(str)
|
125
125
|
alias unescape_html unescapeHTML
|
126
126
|
|
127
127
|
# Escape only the tags of certain HTML elements in +string+.
|
@@ -132,30 +132,30 @@ module CGI::Util
|
|
132
132
|
# The attribute list of the open tag will also be escaped (for
|
133
133
|
# instance, the double-quotes surrounding attribute values).
|
134
134
|
#
|
135
|
-
# print CGI
|
135
|
+
# print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
|
136
136
|
# # "<BR><A HREF="url"></A>"
|
137
137
|
#
|
138
|
-
# print CGI
|
138
|
+
# print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
|
139
139
|
# # "<BR><A HREF="url"></A>"
|
140
140
|
def escapeElement(string, *elements)
|
141
141
|
elements = elements[0] if elements[0].kind_of?(Array)
|
142
142
|
unless elements.empty?
|
143
143
|
string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
|
144
|
-
CGI
|
144
|
+
CGI.escapeHTML($&)
|
145
145
|
end
|
146
146
|
else
|
147
147
|
string
|
148
148
|
end
|
149
149
|
end
|
150
150
|
|
151
|
-
# Undo escaping such as that done by CGI
|
151
|
+
# Undo escaping such as that done by CGI.escapeElement()
|
152
152
|
#
|
153
|
-
# print CGI
|
154
|
-
# CGI
|
153
|
+
# print CGI.unescapeElement(
|
154
|
+
# CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
|
155
155
|
# # "<BR><A HREF="url"></A>"
|
156
156
|
#
|
157
|
-
# print CGI
|
158
|
-
# CGI
|
157
|
+
# print CGI.unescapeElement(
|
158
|
+
# CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
|
159
159
|
# # "<BR><A HREF="url"></A>"
|
160
160
|
def unescapeElement(string, *elements)
|
161
161
|
elements = elements[0] if elements[0].kind_of?(Array)
|
@@ -168,10 +168,10 @@ module CGI::Util
|
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
171
|
-
# Synonym for CGI
|
171
|
+
# Synonym for CGI.escapeElement(str)
|
172
172
|
alias escape_element escapeElement
|
173
173
|
|
174
|
-
# Synonym for CGI
|
174
|
+
# Synonym for CGI.unescapeElement(str)
|
175
175
|
alias unescape_element unescapeElement
|
176
176
|
|
177
177
|
# Abbreviated day-of-week names specified by RFC 822
|
@@ -182,7 +182,7 @@ module CGI::Util
|
|
182
182
|
|
183
183
|
# Format a +Time+ object as a String using the format specified by RFC 1123.
|
184
184
|
#
|
185
|
-
# CGI
|
185
|
+
# CGI.rfc1123_date(Time.now)
|
186
186
|
# # Sat, 01 Jan 2000 00:00:00 GMT
|
187
187
|
def rfc1123_date(time)
|
188
188
|
t = time.clone.gmtime
|
@@ -196,13 +196,13 @@ module CGI::Util
|
|
196
196
|
# +string+ is the HTML string to indent. +shift+ is the indentation
|
197
197
|
# unit to use; it defaults to two spaces.
|
198
198
|
#
|
199
|
-
# print CGI
|
199
|
+
# print CGI.pretty("<HTML><BODY></BODY></HTML>")
|
200
200
|
# # <HTML>
|
201
201
|
# # <BODY>
|
202
202
|
# # </BODY>
|
203
203
|
# # </HTML>
|
204
204
|
#
|
205
|
-
# print CGI
|
205
|
+
# print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")
|
206
206
|
# # <HTML>
|
207
207
|
# # <BODY>
|
208
208
|
# # </BODY>
|
data/lib/cgi/version.rb
CHANGED
data/lib/cgi.rb
CHANGED
metadata
CHANGED
@@ -1,18 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0
|
4
|
+
version: 0.1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
autorequire:
|
7
|
+
- Yukihiro Matsumoto
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-11-21 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|
15
|
-
-
|
15
|
+
- matz@ruby-lang.org
|
16
16
|
executables: []
|
17
17
|
extensions: []
|
18
18
|
extra_rdoc_files: []
|
@@ -43,7 +43,7 @@ licenses:
|
|
43
43
|
metadata:
|
44
44
|
homepage_uri: https://github.com/ruby/cgi
|
45
45
|
source_code_uri: https://github.com/ruby/cgi
|
46
|
-
post_install_message:
|
46
|
+
post_install_message:
|
47
47
|
rdoc_options: []
|
48
48
|
require_paths:
|
49
49
|
- lib
|
@@ -58,8 +58,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
58
|
- !ruby/object:Gem::Version
|
59
59
|
version: '0'
|
60
60
|
requirements: []
|
61
|
-
rubygems_version: 3.0.
|
62
|
-
signing_key:
|
61
|
+
rubygems_version: 3.4.0.dev
|
62
|
+
signing_key:
|
63
63
|
specification_version: 4
|
64
64
|
summary: Support for the Common Gateway Interface protocol.
|
65
65
|
test_files: []
|