cgi 0.1.1 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c59b54c540f8dfd3c9cef427e4598a27bb9bd7e8153bbed89c68c2fb922103bd
-  data.tar.gz: f2cba0d010a587aaae58e466cb16c4d4a4361bf18aff3bc2adb38e10032ddfbf
+  metadata.gz: 90a6a863562fc49b43b4b3363838cfc00cd4080df4fa1a4939e505d651115ad2
+  data.tar.gz: 5eeb77d5c5e4a42c8683e6953174483d4c5d7c5c9a61dc78590df100a716985f
 SHA512:
-  metadata.gz: 6127931c98c74e21472eb971e6fa59d97a75b944e17758ee1d31485622c845cabf076bcf53ada40b996edba1067abcd5522ff9f94f7eae75cfc020df292adf84
-  data.tar.gz: 76b61d86486908ab6d53193ced1e49b94de23a7df3a09ba37146c8fa3b6c68200eee2c1e206eb856d8c203ab8b4ea02b62831aeb0d7b5ca994a95a5dcef6a3b1
+  metadata.gz: dc300664978f5278e2e366c85acf2ec7929505369c7abaa0ef3d0658e5de556d3eb1c8e66d497c6f8b88efeabcfa57c2871bfbd325dd1e1b72fdcc4edf03defd
+  data.tar.gz: 7f82863adb49bd898c376d16a5d8ade52c0ada8d5994a22a858e7b47f467a69c755f22d8f691fcc891df222b176d472c167ac3e4b6896b104353fb04da867a56

data/.github/workflows/test.yml

@@ -0,0 +1,22 @@
+name: test
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: build (${{ matrix.ruby }} / ${{ matrix.os }})
+    strategy:
+      matrix:
+        ruby: [ '3.0', 2.7, 2.6, 2.5, head ]
+        os: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Install dependencies
+      run: bundle install
+    - name: Run test
+      run: rake test

data/Rakefile

@@ -10,4 +10,11 @@ end
 require 'rake/extensiontask'
 Rake::ExtensionTask.new("cgi/escape")
 
+task :sync_tool do
+  require 'fileutils'
+  FileUtils.cp "../ruby/tool/lib/core_assertions.rb", "./test/lib"
+  FileUtils.cp "../ruby/tool/lib/envutil.rb", "./test/lib"
+  FileUtils.cp "../ruby/tool/lib/find_executable.rb", "./test/lib"
+end
+
 task :default => :test

data/cgi.gemspec

@@ -1,25 +1,31 @@
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "cgi/version"
+# frozen_string_literal: true
+
+name = File.basename(__FILE__, ".gemspec")
+version = ["lib", Array.new(name.count("-")+1, "..").join("/")].find do |dir|
+  break File.foreach(File.join(__dir__, dir, "#{name.tr('-', '/')}.rb")) do |line|
+    /^\s*VERSION\s*=\s*"(.*)"/ =~ line and break $1
+  end rescue nil
+end
 
 Gem::Specification.new do |spec|
-  spec.name          = "cgi"
-  spec.version       = CGI::VERSION
-  spec.authors       = ["Hiroshi SHIBATA"]
-  spec.email         = ["hsbt@ruby-lang.org"]
+  spec.name          = name
+  spec.version       = version
+  spec.authors       = ["Yukihiro Matsumoto"]
+  spec.email         = ["matz@ruby-lang.org"]
 
   spec.summary       = %q{Support for the Common Gateway Interface protocol.}
   spec.description   = %q{Support for the Common Gateway Interface protocol.}
   spec.homepage      = "https://github.com/ruby/cgi"
+  spec.licenses      = ["Ruby", "BSD-2-Clause"]
+  spec.required_ruby_version = ">= 2.5.0"
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
 
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+    `git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.executables   = []
   spec.require_paths = ["lib"]
-  spec.license = "BSD-2-Clause"
 end

data/ext/cgi/escape/escape.c

@@ -30,8 +30,6 @@ static inline void
 preserve_original_state(VALUE orig, VALUE dest)
 {
     rb_enc_associate(dest, rb_enc_get(orig));
-
-    RB_OBJ_INFECT_RAW(dest, orig);
 }
 
 static VALUE
@@ -391,6 +389,10 @@ cgiesc_unescape(int argc, VALUE *argv, VALUE self)
 void
 Init_escape(void)
 {
+#ifdef HAVE_RB_EXT_RACTOR_SAFE
+    rb_ext_ractor_safe(true);
+#endif
+
     id_accept_charset = rb_intern_const("@@accept_charset");
     InitVM(escape);
 }

data/lib/cgi/cookie.rb

@@ -57,7 +57,7 @@ class CGI
     #
     #   name:: the name of the cookie.  Required.
     #   value:: the cookie's value or list of values.
-    #   path:: the path for which this cookie applies.  Defaults to the
+    #   path:: the path for which this cookie applies.  Defaults to
     #          the value of the +SCRIPT_NAME+ environment variable.
     #   domain:: the domain for which this cookie applies.
     #   expires:: the time at which this cookie expires, as a +Time+ object.
@@ -73,8 +73,7 @@ class CGI
       @expires = nil
       if name.kind_of?(String)
         @name = name
-        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
-        @path = ($1 or "")
+        @path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
         @secure = false
         @httponly = false
         return super(value)
@@ -88,12 +87,7 @@ class CGI
       @name = options["name"]
       value = Array(options["value"])
       # simple support for IE
-      if options["path"]
-        @path = options["path"]
-      else
-        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
-        @path = ($1 or "")
-      end
+      @path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
       @domain = options["domain"]
       @expires = options["expires"]
       @secure = options["secure"] == true
@@ -146,7 +140,7 @@ class CGI
       buf = "#{@name}=#{val}".dup
       buf << "; domain=#{@domain}" if @domain
       buf << "; path=#{@path}"     if @path
-      buf << "; expires=#{CGI::rfc1123_date(@expires)}" if @expires
+      buf << "; expires=#{CGI.rfc1123_date(@expires)}" if @expires
       buf << "; secure"            if @secure
       buf << "; HttpOnly"          if @httponly
       buf

data/lib/cgi/core.rb

@@ -261,7 +261,7 @@ class CGI
   private :_header_for_hash
 
   def nph?  #:nodoc:
-    return /IIS\/(\d+)/.match($CGI_ENV['SERVER_SOFTWARE']) && $1.to_i < 5
+    return /IIS\/(\d+)/ =~ $CGI_ENV['SERVER_SOFTWARE'] && $1.to_i < 5
   end
 
   def _header_for_modruby(buf)  #:nodoc:
@@ -375,14 +375,14 @@ class CGI
 
   # Parse an HTTP query string into a hash of key=>value pairs.
   #
-  #   params = CGI::parse("query_string")
+  #   params = CGI.parse("query_string")
   #     # {"name1" => ["value1", "value2", ...],
   #     #  "name2" => ["value1", "value2", ...], ... }
   #
-  def CGI::parse(query)
+  def self.parse(query)
     params = {}
     query.split(/[&;]/).each do |pairs|
-      key, value = pairs.split('=',2).collect{|v| CGI::unescape(v) }
+      key, value = pairs.split('=',2).collect{|v| CGI.unescape(v) }
 
       next unless key
 
@@ -544,11 +544,11 @@ class CGI
         /Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
         filename = $1 || $2 || ''.dup
         filename = CGI.unescape(filename) if unescape_filename?()
-        body.instance_variable_set(:@original_filename, filename.taint)
+        body.instance_variable_set(:@original_filename, filename)
         ## content type
         /Content-Type: (.*)/i.match(head)
         (content_type = $1 || ''.dup).chomp!
-        body.instance_variable_set(:@content_type, content_type.taint)
+        body.instance_variable_set(:@content_type, content_type)
         ## query parameter name
         /Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
         name = $1 || $2 || ''
@@ -607,6 +607,7 @@ class CGI
     end
     def unescape_filename?  #:nodoc:
       user_agent = $CGI_ENV['HTTP_USER_AGENT']
+      return false unless user_agent
       return /Mac/i.match(user_agent) && /Mozilla/i.match(user_agent) && !/MSIE/i.match(user_agent)
     end
 
@@ -648,7 +649,7 @@ class CGI
     # Reads query parameters in the @params field, and cookies into @cookies.
     def initialize_query()
       if ("POST" == env_table['REQUEST_METHOD']) and
-        %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|.match(env_table['CONTENT_TYPE'])
+        %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?| =~ env_table['CONTENT_TYPE']
         current_max_multipart_length = @max_multipart_length.respond_to?(:call) ? @max_multipart_length.call : @max_multipart_length
         raise StandardError.new("too large multipart data.") if env_table['CONTENT_LENGTH'].to_i > current_max_multipart_length
         boundary = $1.dup
@@ -656,7 +657,7 @@ class CGI
         @params = read_multipart(boundary, Integer(env_table['CONTENT_LENGTH']))
       else
         @multipart = false
-        @params = CGI::parse(
+        @params = CGI.parse(
                     case env_table['REQUEST_METHOD']
                     when "GET", "HEAD"
                       if defined?(MOD_RUBY)
@@ -686,7 +687,7 @@ class CGI
         end
       end
 
-      @cookies = CGI::Cookie::parse((env_table['HTTP_COOKIE'] or env_table['COOKIE']))
+      @cookies = CGI::Cookie.parse((env_table['HTTP_COOKIE'] or env_table['COOKIE']))
     end
     private :initialize_query
 

data/lib/cgi/html.rb

@@ -30,10 +30,10 @@ class CGI
       attributes.each do|name, value|
         next unless value
         s << " "
-        s << CGI::escapeHTML(name.to_s)
+        s << CGI.escapeHTML(name.to_s)
         if value != true
           s << '="'
-          s << CGI::escapeHTML(value.to_s)
+          s << CGI.escapeHTML(value.to_s)
           s << '"'
         end
       end
@@ -423,7 +423,7 @@ class CGI
       buf << super(attributes)
 
       if pretty
-        CGI::pretty(buf, pretty)
+        CGI.pretty(buf, pretty)
       else
         buf
       end

data/lib/cgi/session/pstore.rb

@@ -50,7 +50,6 @@ class CGI
         require 'digest/md5'
         md5 = Digest::MD5.hexdigest(id)[0,16]
         path = dir+"/"+prefix+md5
-        path.untaint
         if File::exist?(path)
           @hash = nil
         else

data/lib/cgi/session.rb

@@ -403,7 +403,7 @@ class CGI
             for line in f
               line.chomp!
               k, v = line.split('=',2)
-              @hash[CGI::unescape(k)] = Marshal.restore(CGI::unescape(v))
+              @hash[CGI.unescape(k)] = Marshal.restore(CGI.unescape(v))
             end
           ensure
             f&.close
@@ -421,7 +421,7 @@ class CGI
           lockf.flock File::LOCK_EX
           f = File.open(@path+".new", File::CREAT|File::TRUNC|File::WRONLY, 0600)
           for k,v in @hash
-            f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(Marshal.dump(v)))
+            f.printf "%s=%s\n", CGI.escape(k), CGI.escape(String(Marshal.dump(v)))
           end
           f.close
           File.rename @path+".new", @path

data/lib/cgi/util.rb

@@ -7,7 +7,7 @@ end
 module CGI::Util
   @@accept_charset="UTF-8" unless defined?(@@accept_charset)
   # URL-encode a string.
-  #   url_encoded_string = CGI::escape("'Stop!' said Fred")
+  #   url_encoded_string = CGI.escape("'Stop!' said Fred")
   #      # => "%27Stop%21%27+said+Fred"
   def escape(string)
     encoding = string.encoding
@@ -17,7 +17,7 @@ module CGI::Util
   end
 
   # URL-decode a string with encoding(optional).
-  #   string = CGI::unescape("%27Stop%21%27+said+Fred")
+  #   string = CGI.unescape("%27Stop%21%27+said+Fred")
   #      # => "'Stop!' said Fred"
   def unescape(string,encoding=@@accept_charset)
     str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|
@@ -36,7 +36,7 @@ module CGI::Util
   }
 
   # Escape special characters in HTML, namely '&\"<>
-  #   CGI::escapeHTML('Usage: foo "bar" <baz>')
+  #   CGI.escapeHTML('Usage: foo "bar" <baz>')
   #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
   def escapeHTML(string)
     enc = string.encoding
@@ -49,9 +49,12 @@ module CGI::Util
       table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
       string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
       string.encode!(origenc) if origenc
-      return string
+      string
+    else
+      string = string.b
+      string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
+      string.force_encoding(enc)
     end
-    string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
   end
 
   begin
@@ -60,7 +63,7 @@ module CGI::Util
   end
 
   # Unescape a string that has been HTML-escaped
-  #   CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
+  #   CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
   #      # => "Usage: foo \"bar\" <baz>"
   def unescapeHTML(string)
     enc = string.encoding
@@ -90,7 +93,8 @@ module CGI::Util
                 when Encoding::ISO_8859_1; 256
                 else 128
                 end
-    string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
+    string = string.b
+    string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
       match = $1.dup
       case match
       when 'apos'                then "'"
@@ -116,12 +120,13 @@ module CGI::Util
         "&#{match};"
       end
     end
+    string.force_encoding enc
   end
 
-  # Synonym for CGI::escapeHTML(str)
+  # Synonym for CGI.escapeHTML(str)
   alias escape_html escapeHTML
 
-  # Synonym for CGI::unescapeHTML(str)
+  # Synonym for CGI.unescapeHTML(str)
   alias unescape_html unescapeHTML
 
   # Escape only the tags of certain HTML elements in +string+.
@@ -132,30 +137,30 @@ module CGI::Util
   # The attribute list of the open tag will also be escaped (for
   # instance, the double-quotes surrounding attribute values).
   #
-  #   print CGI::escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
+  #   print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
   #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
   #
-  #   print CGI::escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
+  #   print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
   #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
   def escapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
     unless elements.empty?
       string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
-        CGI::escapeHTML($&)
+        CGI.escapeHTML($&)
       end
     else
       string
     end
   end
 
-  # Undo escaping such as that done by CGI::escapeElement()
+  # Undo escaping such as that done by CGI.escapeElement()
   #
-  #   print CGI::unescapeElement(
-  #           CGI::escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
+  #   print CGI.unescapeElement(
+  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
   #     # "&lt;BR&gt;<A HREF="url"></A>"
   #
-  #   print CGI::unescapeElement(
-  #           CGI::escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
+  #   print CGI.unescapeElement(
+  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
   #     # "&lt;BR&gt;<A HREF="url"></A>"
   def unescapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
@@ -168,27 +173,18 @@ module CGI::Util
     end
   end
 
-  # Synonym for CGI::escapeElement(str)
+  # Synonym for CGI.escapeElement(str)
   alias escape_element escapeElement
 
-  # Synonym for CGI::unescapeElement(str)
+  # Synonym for CGI.unescapeElement(str)
   alias unescape_element unescapeElement
 
-  # Abbreviated day-of-week names specified by RFC 822
-  RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
-
-  # Abbreviated month names specified by RFC 822
-  RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
-
   # Format a +Time+ object as a String using the format specified by RFC 1123.
   #
-  #   CGI::rfc1123_date(Time.now)
+  #   CGI.rfc1123_date(Time.now)
   #     # Sat, 01 Jan 2000 00:00:00 GMT
   def rfc1123_date(time)
-    t = time.clone.gmtime
-    return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
-                  RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
-                  t.hour, t.min, t.sec)
+    time.getgm.strftime("%a, %d %b %Y %T GMT")
   end
 
   # Prettify (indent) an HTML string.
@@ -196,13 +192,13 @@ module CGI::Util
   # +string+ is the HTML string to indent.  +shift+ is the indentation
   # unit to use; it defaults to two spaces.
   #
-  #   print CGI::pretty("<HTML><BODY></BODY></HTML>")
+  #   print CGI.pretty("<HTML><BODY></BODY></HTML>")
   #     # <HTML>
   #     #   <BODY>
   #     #   </BODY>
   #     # </HTML>
   #
-  #   print CGI::pretty("<HTML><BODY></BODY></HTML>", "\t")
+  #   print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")
   #     # <HTML>
   #     #         <BODY>
   #     #         </BODY>

data/lib/cgi.rb

@@ -253,7 +253,7 @@
 #           end
 #         end +
 #         cgi.pre do
-#           CGI::escapeHTML(
+#           CGI.escapeHTML(
 #             "params: #{cgi.params.inspect}\n" +
 #             "cookies: #{cgi.cookies.inspect}\n" +
 #             ENV.collect do |key, value|
@@ -288,6 +288,7 @@
 #
 
 class CGI
+  VERSION = "0.3.1"
 end
 
 require 'cgi/core'

metadata

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification
 name: cgi
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.1
 platform: ruby
 authors:
-- Hiroshi SHIBATA
+- Yukihiro Matsumoto
 autorequire: 
 bindir: exe
 cert_chain: []
@@ -12,13 +12,13 @@ date: 2021-11-24 00:00:00.000000000 Z
 dependencies: []
 description: Support for the Common Gateway Interface protocol.
 email:
-- hsbt@ruby-lang.org
+- matz@ruby-lang.org
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -36,9 +36,9 @@ files:
 - lib/cgi/session.rb
 - lib/cgi/session/pstore.rb
 - lib/cgi/util.rb
-- lib/cgi/version.rb
 homepage: https://github.com/ruby/cgi
 licenses:
+- Ruby
 - BSD-2-Clause
 metadata:
   homepage_uri: https://github.com/ruby/cgi
@@ -51,7 +51,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.3
-before_install: gem install bundler -v 2.0.2

data/lib/cgi/version.rb

@@ -1,3 +0,0 @@
-class CGI
-  VERSION = "0.1.1"
-end