cgi 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cgi/escape/escape.c +1 -1
- data/lib/cgi/cookie.rb +36 -8
- data/lib/cgi/core.rb +28 -17
- data/lib/cgi.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ace24be8534275d31cbc0f26323f6240fe2bad4e848a0bf299ab0c7b3ef4f23c
|
4
|
+
data.tar.gz: d2e454f42196b2bda9a5923014d4d067a3429d414c1c9445fed80fc4a7cc0773
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: edaff93f2331fb886bdbd1dd5a03b1a53ae07af4d42136cf8852ab717aa4d458a96fe459ba07869072e0d580aa083ae8ac47fac5aea0cabc2a347afbf38ac4db
|
7
|
+
data.tar.gz: 0fa14edc91fe176241d0efc71bd4dfd834135f093507cb2b2410934f469bd19a4538664651a86aa9fc2ae035e7efd6a159cf1752beffef01d57327cab4d76500
|
data/ext/cgi/escape/escape.c
CHANGED
data/lib/cgi/cookie.rb
CHANGED
@@ -40,6 +40,10 @@ class CGI
|
|
40
40
|
class Cookie < Array
|
41
41
|
@@accept_charset="UTF-8" unless defined?(@@accept_charset)
|
42
42
|
|
43
|
+
TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
|
44
|
+
PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
|
45
|
+
DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
|
46
|
+
|
43
47
|
# Create a new CGI::Cookie object.
|
44
48
|
#
|
45
49
|
# :call-seq:
|
@@ -72,8 +76,8 @@ class CGI
|
|
72
76
|
@domain = nil
|
73
77
|
@expires = nil
|
74
78
|
if name.kind_of?(String)
|
75
|
-
|
76
|
-
|
79
|
+
self.name = name
|
80
|
+
self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
77
81
|
@secure = false
|
78
82
|
@httponly = false
|
79
83
|
return super(value)
|
@@ -84,11 +88,11 @@ class CGI
|
|
84
88
|
raise ArgumentError, "`name' required"
|
85
89
|
end
|
86
90
|
|
87
|
-
|
91
|
+
self.name = options["name"]
|
88
92
|
value = Array(options["value"])
|
89
93
|
# simple support for IE
|
90
|
-
|
91
|
-
|
94
|
+
self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
95
|
+
self.domain = options["domain"]
|
92
96
|
@expires = options["expires"]
|
93
97
|
@secure = options["secure"] == true
|
94
98
|
@httponly = options["httponly"] == true
|
@@ -97,11 +101,35 @@ class CGI
|
|
97
101
|
end
|
98
102
|
|
99
103
|
# Name of this cookie, as a +String+
|
100
|
-
|
104
|
+
attr_reader :name
|
105
|
+
# Set name of this cookie
|
106
|
+
def name=(str)
|
107
|
+
if str and !TOKEN_RE.match?(str)
|
108
|
+
raise ArgumentError, "invalid name: #{str.dump}"
|
109
|
+
end
|
110
|
+
@name = str
|
111
|
+
end
|
112
|
+
|
101
113
|
# Path for which this cookie applies, as a +String+
|
102
|
-
|
114
|
+
attr_reader :path
|
115
|
+
# Set path for which this cookie applies
|
116
|
+
def path=(str)
|
117
|
+
if str and !PATH_VALUE_RE.match?(str)
|
118
|
+
raise ArgumentError, "invalid path: #{str.dump}"
|
119
|
+
end
|
120
|
+
@path = str
|
121
|
+
end
|
122
|
+
|
103
123
|
# Domain for which this cookie applies, as a +String+
|
104
|
-
|
124
|
+
attr_reader :domain
|
125
|
+
# Set domain for which this cookie applies
|
126
|
+
def domain=(str)
|
127
|
+
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
|
128
|
+
raise ArgumentError, "invalid domain: #{str.dump}"
|
129
|
+
end
|
130
|
+
@domain = str
|
131
|
+
end
|
132
|
+
|
105
133
|
# Time at which this cookie expires, as a +Time+
|
106
134
|
attr_accessor :expires
|
107
135
|
# True if this cookie is secure; false otherwise
|
data/lib/cgi/core.rb
CHANGED
@@ -188,17 +188,28 @@ class CGI
|
|
188
188
|
# Using #header with the HTML5 tag maker will create a <header> element.
|
189
189
|
alias :header :http_header
|
190
190
|
|
191
|
+
def _no_crlf_check(str)
|
192
|
+
if str
|
193
|
+
str = str.to_s
|
194
|
+
raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
|
195
|
+
str
|
196
|
+
else
|
197
|
+
nil
|
198
|
+
end
|
199
|
+
end
|
200
|
+
private :_no_crlf_check
|
201
|
+
|
191
202
|
def _header_for_string(content_type) #:nodoc:
|
192
203
|
buf = ''.dup
|
193
204
|
if nph?()
|
194
|
-
buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
|
205
|
+
buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
|
195
206
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
196
|
-
buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
|
207
|
+
buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
|
197
208
|
buf << "Connection: close#{EOL}"
|
198
209
|
end
|
199
|
-
buf << "Content-Type: #{content_type}#{EOL}"
|
210
|
+
buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
|
200
211
|
if @output_cookies
|
201
|
-
@output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
|
212
|
+
@output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
|
202
213
|
end
|
203
214
|
return buf
|
204
215
|
end # _header_for_string
|
@@ -213,9 +224,9 @@ class CGI
|
|
213
224
|
## NPH
|
214
225
|
options.delete('nph') if defined?(MOD_RUBY)
|
215
226
|
if options.delete('nph') || nph?()
|
216
|
-
protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
|
227
|
+
protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
|
217
228
|
status = options.delete('status')
|
218
|
-
status = HTTP_STATUS[status] || status || '200 OK'
|
229
|
+
status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
|
219
230
|
buf << "#{protocol} #{status}#{EOL}"
|
220
231
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
221
232
|
options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
|
@@ -223,38 +234,38 @@ class CGI
|
|
223
234
|
end
|
224
235
|
## common headers
|
225
236
|
status = options.delete('status')
|
226
|
-
buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
|
237
|
+
buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
|
227
238
|
server = options.delete('server')
|
228
|
-
buf << "Server: #{server}#{EOL}" if server
|
239
|
+
buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
|
229
240
|
connection = options.delete('connection')
|
230
|
-
buf << "Connection: #{connection}#{EOL}" if connection
|
241
|
+
buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
|
231
242
|
type = options.delete('type')
|
232
|
-
buf << "Content-Type: #{type}#{EOL}" #if type
|
243
|
+
buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
|
233
244
|
length = options.delete('length')
|
234
|
-
buf << "Content-Length: #{length}#{EOL}" if length
|
245
|
+
buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
|
235
246
|
language = options.delete('language')
|
236
|
-
buf << "Content-Language: #{language}#{EOL}" if language
|
247
|
+
buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
|
237
248
|
expires = options.delete('expires')
|
238
249
|
buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
|
239
250
|
## cookie
|
240
251
|
if cookie = options.delete('cookie')
|
241
252
|
case cookie
|
242
253
|
when String, Cookie
|
243
|
-
buf << "Set-Cookie: #{cookie}#{EOL}"
|
254
|
+
buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
|
244
255
|
when Array
|
245
256
|
arr = cookie
|
246
|
-
arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
257
|
+
arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
247
258
|
when Hash
|
248
259
|
hash = cookie
|
249
|
-
hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
260
|
+
hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
250
261
|
end
|
251
262
|
end
|
252
263
|
if @output_cookies
|
253
|
-
@output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
264
|
+
@output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
254
265
|
end
|
255
266
|
## other headers
|
256
267
|
options.each do |key, value|
|
257
|
-
buf << "#{key}: #{value}#{EOL}"
|
268
|
+
buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
|
258
269
|
end
|
259
270
|
return buf
|
260
271
|
end # _header_for_hash
|
data/lib/cgi.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yukihiro Matsumoto
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|
@@ -43,7 +43,7 @@ licenses:
|
|
43
43
|
metadata:
|
44
44
|
homepage_uri: https://github.com/ruby/cgi
|
45
45
|
source_code_uri: https://github.com/ruby/cgi
|
46
|
-
post_install_message:
|
46
|
+
post_install_message:
|
47
47
|
rdoc_options: []
|
48
48
|
require_paths:
|
49
49
|
- lib
|
@@ -58,8 +58,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
58
|
- !ruby/object:Gem::Version
|
59
59
|
version: '0'
|
60
60
|
requirements: []
|
61
|
-
rubygems_version: 3.
|
62
|
-
signing_key:
|
61
|
+
rubygems_version: 3.4.0.dev
|
62
|
+
signing_key:
|
63
63
|
specification_version: 4
|
64
64
|
summary: Support for the Common Gateway Interface protocol.
|
65
65
|
test_files: []
|