cgi 0.3.1 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of cgi might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/cgi/escape/depend +0 -15
- data/ext/cgi/escape/escape.c +209 -155
- data/lib/cgi/session/pstore.rb +2 -14
- data/lib/cgi/session.rb +43 -15
- data/lib/cgi/util.rb +41 -8
- data/lib/cgi.rb +2 -2
- metadata +9 -15
- data/.github/workflows/test.yml +0 -22
- data/.gitignore +0 -12
- data/Gemfile +0 -8
- data/Rakefile +0 -20
- data/bin/console +0 -7
- data/bin/setup +0 -6
- data/cgi.gemspec +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 63cb59228083880bf0b411ca1b8d883fcb8ef938d84468a4c09aa08fe97f7176
|
4
|
+
data.tar.gz: bbb690ec4a13a52d974157db9fa817e7c7ab53a80c0dc4870718bf7468588c63
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 500bc48a86828e9ed8f870826f4ffcaf2a7256c1e63f5d08b8609b667beab3ba5712cb6f0cfc8aec1c5dac9b244486a16cb953cde7ac8e8f6a59675be138bf07
|
7
|
+
data.tar.gz: 71477e7c13e827d38e8be80304e2b9e4f3abd5c770a20173b1931bfa4e9fb7a31caa95a2119d61ba1fa18cfbbfa9987482cfd5e1d2b6ad2c53eafd80fedd219b
|
data/ext/cgi/escape/depend
CHANGED
@@ -1,17 +1,2 @@
|
|
1
|
-
# AUTOGENERATED DEPENDENCIES START
|
2
1
|
escape.o: $(RUBY_EXTCONF_H)
|
3
|
-
escape.o: $(arch_hdrdir)/ruby/config.h
|
4
|
-
escape.o: $(hdrdir)/ruby.h
|
5
|
-
escape.o: $(hdrdir)/ruby/assert.h
|
6
|
-
escape.o: $(hdrdir)/ruby/backward.h
|
7
|
-
escape.o: $(hdrdir)/ruby/defines.h
|
8
|
-
escape.o: $(hdrdir)/ruby/encoding.h
|
9
|
-
escape.o: $(hdrdir)/ruby/intern.h
|
10
|
-
escape.o: $(hdrdir)/ruby/missing.h
|
11
|
-
escape.o: $(hdrdir)/ruby/onigmo.h
|
12
|
-
escape.o: $(hdrdir)/ruby/oniguruma.h
|
13
|
-
escape.o: $(hdrdir)/ruby/ruby.h
|
14
|
-
escape.o: $(hdrdir)/ruby/st.h
|
15
|
-
escape.o: $(hdrdir)/ruby/subst.h
|
16
2
|
escape.o: escape.c
|
17
|
-
# AUTOGENERATED DEPENDENCIES END
|
data/ext/cgi/escape/escape.c
CHANGED
@@ -32,12 +32,21 @@ preserve_original_state(VALUE orig, VALUE dest)
|
|
32
32
|
rb_enc_associate(dest, rb_enc_get(orig));
|
33
33
|
}
|
34
34
|
|
35
|
+
static inline long
|
36
|
+
escaped_length(VALUE str)
|
37
|
+
{
|
38
|
+
const long len = RSTRING_LEN(str);
|
39
|
+
if (len >= LONG_MAX / HTML_ESCAPE_MAX_LEN) {
|
40
|
+
ruby_malloc_size_overflow(len, HTML_ESCAPE_MAX_LEN);
|
41
|
+
}
|
42
|
+
return len * HTML_ESCAPE_MAX_LEN;
|
43
|
+
}
|
44
|
+
|
35
45
|
static VALUE
|
36
46
|
optimized_escape_html(VALUE str)
|
37
47
|
{
|
38
48
|
VALUE vbuf;
|
39
|
-
|
40
|
-
char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
|
49
|
+
char *buf = ALLOCV_N(char, vbuf, escaped_length(str));
|
41
50
|
const char *cstr = RSTRING_PTR(str);
|
42
51
|
const char *end = cstr + RSTRING_LEN(str);
|
43
52
|
|
@@ -72,8 +81,8 @@ optimized_unescape_html(VALUE str)
|
|
72
81
|
enum {UNICODE_MAX = 0x10ffff};
|
73
82
|
rb_encoding *enc = rb_enc_get(str);
|
74
83
|
unsigned long charlimit = (strcasecmp(rb_enc_name(enc), "UTF-8") == 0 ? UNICODE_MAX :
|
75
|
-
|
76
|
-
|
84
|
+
strcasecmp(rb_enc_name(enc), "ISO-8859-1") == 0 ? 256 :
|
85
|
+
128);
|
77
86
|
long i, len, beg = 0;
|
78
87
|
size_t clen, plen;
|
79
88
|
int overflow;
|
@@ -85,89 +94,89 @@ optimized_unescape_html(VALUE str)
|
|
85
94
|
cstr = RSTRING_PTR(str);
|
86
95
|
|
87
96
|
for (i = 0; i < len; i++) {
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
97
|
+
unsigned long cc;
|
98
|
+
char c = cstr[i];
|
99
|
+
if (c != '&') continue;
|
100
|
+
plen = i - beg;
|
101
|
+
if (++i >= len) break;
|
102
|
+
c = (unsigned char)cstr[i];
|
94
103
|
#define MATCH(s) (len - i >= (int)rb_strlen_lit(s) && \
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
104
|
+
memcmp(&cstr[i], s, rb_strlen_lit(s)) == 0 && \
|
105
|
+
(i += rb_strlen_lit(s) - 1, 1))
|
106
|
+
switch (c) {
|
107
|
+
case 'a':
|
108
|
+
++i;
|
109
|
+
if (MATCH("pos;")) {
|
110
|
+
c = '\'';
|
111
|
+
}
|
112
|
+
else if (MATCH("mp;")) {
|
113
|
+
c = '&';
|
114
|
+
}
|
115
|
+
else continue;
|
116
|
+
break;
|
117
|
+
case 'q':
|
118
|
+
++i;
|
119
|
+
if (MATCH("uot;")) {
|
120
|
+
c = '"';
|
121
|
+
}
|
122
|
+
else continue;
|
123
|
+
break;
|
124
|
+
case 'g':
|
125
|
+
++i;
|
126
|
+
if (MATCH("t;")) {
|
127
|
+
c = '>';
|
128
|
+
}
|
129
|
+
else continue;
|
130
|
+
break;
|
131
|
+
case 'l':
|
132
|
+
++i;
|
133
|
+
if (MATCH("t;")) {
|
134
|
+
c = '<';
|
135
|
+
}
|
136
|
+
else continue;
|
137
|
+
break;
|
138
|
+
case '#':
|
139
|
+
if (len - ++i >= 2 && ISDIGIT(cstr[i])) {
|
140
|
+
cc = ruby_scan_digits(&cstr[i], len-i, 10, &clen, &overflow);
|
141
|
+
}
|
142
|
+
else if ((cstr[i] == 'x' || cstr[i] == 'X') && len - ++i >= 2 && ISXDIGIT(cstr[i])) {
|
143
|
+
cc = ruby_scan_digits(&cstr[i], len-i, 16, &clen, &overflow);
|
144
|
+
}
|
145
|
+
else continue;
|
146
|
+
i += clen;
|
147
|
+
if (overflow || cc >= charlimit || cstr[i] != ';') continue;
|
148
|
+
if (!dest) {
|
149
|
+
dest = rb_str_buf_new(len);
|
150
|
+
}
|
151
|
+
rb_str_cat(dest, cstr + beg, plen);
|
152
|
+
if (charlimit > 256) {
|
153
|
+
rb_str_cat(dest, buf, rb_enc_mbcput((OnigCodePoint)cc, buf, enc));
|
154
|
+
}
|
155
|
+
else {
|
156
|
+
c = (unsigned char)cc;
|
157
|
+
rb_str_cat(dest, &c, 1);
|
158
|
+
}
|
159
|
+
beg = i + 1;
|
160
|
+
continue;
|
161
|
+
default:
|
162
|
+
--i;
|
163
|
+
continue;
|
164
|
+
}
|
165
|
+
if (!dest) {
|
166
|
+
dest = rb_str_buf_new(len);
|
167
|
+
}
|
168
|
+
rb_str_cat(dest, cstr + beg, plen);
|
169
|
+
rb_str_cat(dest, &c, 1);
|
170
|
+
beg = i + 1;
|
162
171
|
}
|
163
172
|
|
164
173
|
if (dest) {
|
165
|
-
|
166
|
-
|
167
|
-
|
174
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
175
|
+
preserve_original_state(str, dest);
|
176
|
+
return dest;
|
168
177
|
}
|
169
178
|
else {
|
170
|
-
|
179
|
+
return rb_str_dup(str);
|
171
180
|
}
|
172
181
|
}
|
173
182
|
|
@@ -191,7 +200,7 @@ url_unreserved_char(unsigned char c)
|
|
191
200
|
}
|
192
201
|
|
193
202
|
static VALUE
|
194
|
-
optimized_escape(VALUE str)
|
203
|
+
optimized_escape(VALUE str, int plus_escape)
|
195
204
|
{
|
196
205
|
long i, len, beg = 0;
|
197
206
|
VALUE dest = 0;
|
@@ -202,38 +211,38 @@ optimized_escape(VALUE str)
|
|
202
211
|
cstr = RSTRING_PTR(str);
|
203
212
|
|
204
213
|
for (i = 0; i < len; ++i) {
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
214
|
+
const unsigned char c = (unsigned char)cstr[i];
|
215
|
+
if (!url_unreserved_char(c)) {
|
216
|
+
if (!dest) {
|
217
|
+
dest = rb_str_buf_new(len);
|
218
|
+
}
|
219
|
+
|
220
|
+
rb_str_cat(dest, cstr + beg, i - beg);
|
221
|
+
beg = i + 1;
|
222
|
+
|
223
|
+
if (plus_escape && c == ' ') {
|
224
|
+
rb_str_cat_cstr(dest, "+");
|
225
|
+
}
|
226
|
+
else {
|
227
|
+
buf[1] = upper_hexdigits[(c >> 4) & 0xf];
|
228
|
+
buf[2] = upper_hexdigits[c & 0xf];
|
229
|
+
rb_str_cat(dest, buf, 3);
|
230
|
+
}
|
231
|
+
}
|
223
232
|
}
|
224
233
|
|
225
234
|
if (dest) {
|
226
|
-
|
227
|
-
|
228
|
-
|
235
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
236
|
+
preserve_original_state(str, dest);
|
237
|
+
return dest;
|
229
238
|
}
|
230
239
|
else {
|
231
|
-
|
240
|
+
return rb_str_dup(str);
|
232
241
|
}
|
233
242
|
}
|
234
243
|
|
235
244
|
static VALUE
|
236
|
-
optimized_unescape(VALUE str, VALUE encoding)
|
245
|
+
optimized_unescape(VALUE str, VALUE encoding, int unescape_plus)
|
237
246
|
{
|
238
247
|
long i, len, beg = 0;
|
239
248
|
VALUE dest = 0;
|
@@ -245,52 +254,52 @@ optimized_unescape(VALUE str, VALUE encoding)
|
|
245
254
|
cstr = RSTRING_PTR(str);
|
246
255
|
|
247
256
|
for (i = 0; i < len; ++i) {
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
257
|
+
char buf[1];
|
258
|
+
const char c = cstr[i];
|
259
|
+
int clen = 0;
|
260
|
+
if (c == '%') {
|
261
|
+
if (i + 3 > len) break;
|
262
|
+
if (!ISXDIGIT(cstr[i+1])) continue;
|
263
|
+
if (!ISXDIGIT(cstr[i+2])) continue;
|
264
|
+
buf[0] = ((char_to_number(cstr[i+1]) << 4)
|
265
|
+
| char_to_number(cstr[i+2]));
|
266
|
+
clen = 2;
|
267
|
+
}
|
268
|
+
else if (unescape_plus && c == '+') {
|
269
|
+
buf[0] = ' ';
|
270
|
+
}
|
271
|
+
else {
|
272
|
+
continue;
|
273
|
+
}
|
274
|
+
|
275
|
+
if (!dest) {
|
276
|
+
dest = rb_str_buf_new(len);
|
277
|
+
}
|
278
|
+
|
279
|
+
rb_str_cat(dest, cstr + beg, i - beg);
|
280
|
+
i += clen;
|
281
|
+
beg = i + 1;
|
282
|
+
|
283
|
+
rb_str_cat(dest, buf, 1);
|
275
284
|
}
|
276
285
|
|
277
286
|
if (dest) {
|
278
|
-
|
279
|
-
|
280
|
-
|
287
|
+
rb_str_cat(dest, cstr + beg, len - beg);
|
288
|
+
preserve_original_state(str, dest);
|
289
|
+
cr = ENC_CODERANGE_UNKNOWN;
|
281
290
|
}
|
282
291
|
else {
|
283
|
-
|
284
|
-
|
292
|
+
dest = rb_str_dup(str);
|
293
|
+
cr = ENC_CODERANGE(str);
|
285
294
|
}
|
286
295
|
origenc = rb_enc_get_index(str);
|
287
296
|
if (origenc != encidx) {
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
297
|
+
rb_enc_associate_index(dest, encidx);
|
298
|
+
if (!ENC_CODERANGE_CLEAN_P(rb_enc_str_coderange(dest))) {
|
299
|
+
rb_enc_associate_index(dest, origenc);
|
300
|
+
if (cr != ENC_CODERANGE_UNKNOWN)
|
301
|
+
ENC_CODERANGE_SET(dest, cr);
|
302
|
+
}
|
294
303
|
}
|
295
304
|
return dest;
|
296
305
|
}
|
@@ -308,10 +317,10 @@ cgiesc_escape_html(VALUE self, VALUE str)
|
|
308
317
|
StringValue(str);
|
309
318
|
|
310
319
|
if (rb_enc_str_asciicompat_p(str)) {
|
311
|
-
|
320
|
+
return optimized_escape_html(str);
|
312
321
|
}
|
313
322
|
else {
|
314
|
-
|
323
|
+
return rb_call_super(1, &str);
|
315
324
|
}
|
316
325
|
}
|
317
326
|
|
@@ -328,10 +337,10 @@ cgiesc_unescape_html(VALUE self, VALUE str)
|
|
328
337
|
StringValue(str);
|
329
338
|
|
330
339
|
if (rb_enc_str_asciicompat_p(str)) {
|
331
|
-
|
340
|
+
return optimized_unescape_html(str);
|
332
341
|
}
|
333
342
|
else {
|
334
|
-
|
343
|
+
return rb_call_super(1, &str);
|
335
344
|
}
|
336
345
|
}
|
337
346
|
|
@@ -339,7 +348,7 @@ cgiesc_unescape_html(VALUE self, VALUE str)
|
|
339
348
|
* call-seq:
|
340
349
|
* CGI.escape(string) -> string
|
341
350
|
*
|
342
|
-
* Returns URL-escaped string.
|
351
|
+
* Returns URL-escaped string (+application/x-www-form-urlencoded+).
|
343
352
|
*
|
344
353
|
*/
|
345
354
|
static VALUE
|
@@ -348,10 +357,10 @@ cgiesc_escape(VALUE self, VALUE str)
|
|
348
357
|
StringValue(str);
|
349
358
|
|
350
359
|
if (rb_enc_str_asciicompat_p(str)) {
|
351
|
-
|
360
|
+
return optimized_escape(str, 1);
|
352
361
|
}
|
353
362
|
else {
|
354
|
-
|
363
|
+
return rb_call_super(1, &str);
|
355
364
|
}
|
356
365
|
}
|
357
366
|
|
@@ -359,7 +368,7 @@ static VALUE
|
|
359
368
|
accept_charset(int argc, VALUE *argv, VALUE self)
|
360
369
|
{
|
361
370
|
if (argc > 0)
|
362
|
-
|
371
|
+
return argv[0];
|
363
372
|
return rb_cvar_get(CLASS_OF(self), id_accept_charset);
|
364
373
|
}
|
365
374
|
|
@@ -367,7 +376,7 @@ accept_charset(int argc, VALUE *argv, VALUE self)
|
|
367
376
|
* call-seq:
|
368
377
|
* CGI.unescape(string, encoding=@@accept_charset) -> string
|
369
378
|
*
|
370
|
-
* Returns URL-unescaped string.
|
379
|
+
* Returns URL-unescaped string (+application/x-www-form-urlencoded+).
|
371
380
|
*
|
372
381
|
*/
|
373
382
|
static VALUE
|
@@ -378,11 +387,54 @@ cgiesc_unescape(int argc, VALUE *argv, VALUE self)
|
|
378
387
|
StringValue(str);
|
379
388
|
|
380
389
|
if (rb_enc_str_asciicompat_p(str)) {
|
381
|
-
|
382
|
-
|
390
|
+
VALUE enc = accept_charset(argc-1, argv+1, self);
|
391
|
+
return optimized_unescape(str, enc, 1);
|
392
|
+
}
|
393
|
+
else {
|
394
|
+
return rb_call_super(argc, argv);
|
395
|
+
}
|
396
|
+
}
|
397
|
+
|
398
|
+
/*
|
399
|
+
* call-seq:
|
400
|
+
* CGI.escapeURIComponent(string) -> string
|
401
|
+
*
|
402
|
+
* Returns URL-escaped string following RFC 3986.
|
403
|
+
*
|
404
|
+
*/
|
405
|
+
static VALUE
|
406
|
+
cgiesc_escape_uri_component(VALUE self, VALUE str)
|
407
|
+
{
|
408
|
+
StringValue(str);
|
409
|
+
|
410
|
+
if (rb_enc_str_asciicompat_p(str)) {
|
411
|
+
return optimized_escape(str, 0);
|
412
|
+
}
|
413
|
+
else {
|
414
|
+
return rb_call_super(1, &str);
|
415
|
+
}
|
416
|
+
}
|
417
|
+
|
418
|
+
/*
|
419
|
+
* call-seq:
|
420
|
+
* CGI.unescapeURIComponent(string, encoding=@@accept_charset) -> string
|
421
|
+
*
|
422
|
+
* Returns URL-unescaped string following RFC 3986.
|
423
|
+
*
|
424
|
+
*/
|
425
|
+
static VALUE
|
426
|
+
cgiesc_unescape_uri_component(int argc, VALUE *argv, VALUE self)
|
427
|
+
{
|
428
|
+
VALUE str = (rb_check_arity(argc, 1, 2), argv[0]);
|
429
|
+
|
430
|
+
StringValue(str);
|
431
|
+
|
432
|
+
if (rb_enc_str_asciicompat_p(str)) {
|
433
|
+
VALUE enc = accept_charset(argc-1, argv+1, self);
|
434
|
+
return optimized_unescape(str, enc, 0);
|
383
435
|
}
|
384
436
|
else {
|
385
|
-
|
437
|
+
return rb_call_super(argc, argv);
|
386
438
|
}
|
387
439
|
}
|
388
440
|
|
@@ -405,6 +457,8 @@ InitVM_escape(void)
|
|
405
457
|
rb_mUtil = rb_define_module_under(rb_cCGI, "Util");
|
406
458
|
rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
|
407
459
|
rb_define_method(rb_mEscape, "unescapeHTML", cgiesc_unescape_html, 1);
|
460
|
+
rb_define_method(rb_mEscape, "escapeURIComponent", cgiesc_escape_uri_component, 1);
|
461
|
+
rb_define_method(rb_mEscape, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
|
408
462
|
rb_define_method(rb_mEscape, "escape", cgiesc_escape, 1);
|
409
463
|
rb_define_method(rb_mEscape, "unescape", cgiesc_unescape, -1);
|
410
464
|
rb_prepend_module(rb_mUtil, rb_mEscape);
|
data/lib/cgi/session/pstore.rb
CHANGED
@@ -44,20 +44,8 @@ class CGI
|
|
44
44
|
# This session's PStore file will be created if it does
|
45
45
|
# not exist, or opened if it does.
|
46
46
|
def initialize(session, option={})
|
47
|
-
|
48
|
-
|
49
|
-
id = session.session_id
|
50
|
-
require 'digest/md5'
|
51
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
52
|
-
path = dir+"/"+prefix+md5
|
53
|
-
if File::exist?(path)
|
54
|
-
@hash = nil
|
55
|
-
else
|
56
|
-
unless session.new_session
|
57
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
58
|
-
end
|
59
|
-
@hash = {}
|
60
|
-
end
|
47
|
+
option = {'suffix'=>''}.update(option)
|
48
|
+
path, @hash = session.new_store_file(option)
|
61
49
|
@p = ::PStore.new(path)
|
62
50
|
@p.transaction do |p|
|
63
51
|
File.chmod(0600, p.path)
|
data/lib/cgi/session.rb
CHANGED
@@ -189,6 +189,47 @@ class CGI
|
|
189
189
|
end
|
190
190
|
private :create_new_id
|
191
191
|
|
192
|
+
|
193
|
+
# Create a new file to store the session data.
|
194
|
+
#
|
195
|
+
# This file will be created if it does not exist, or opened if it
|
196
|
+
# does.
|
197
|
+
#
|
198
|
+
# This path is generated under _tmpdir_ from _prefix_, the
|
199
|
+
# digested session id, and _suffix_.
|
200
|
+
#
|
201
|
+
# +option+ is a hash of options for the initializer. The
|
202
|
+
# following options are recognised:
|
203
|
+
#
|
204
|
+
# tmpdir:: the directory to use for storing the FileStore
|
205
|
+
# file. Defaults to Dir::tmpdir (generally "/tmp"
|
206
|
+
# on Unix systems).
|
207
|
+
# prefix:: the prefix to add to the session id when generating
|
208
|
+
# the filename for this session's FileStore file.
|
209
|
+
# Defaults to "cgi_sid_".
|
210
|
+
# suffix:: the prefix to add to the session id when generating
|
211
|
+
# the filename for this session's FileStore file.
|
212
|
+
# Defaults to the empty string.
|
213
|
+
def new_store_file(option={}) # :nodoc:
|
214
|
+
dir = option['tmpdir'] || Dir::tmpdir
|
215
|
+
prefix = option['prefix']
|
216
|
+
suffix = option['suffix']
|
217
|
+
require 'digest/md5'
|
218
|
+
md5 = Digest::MD5.hexdigest(session_id)[0,16]
|
219
|
+
path = dir+"/"
|
220
|
+
path << prefix if prefix
|
221
|
+
path << md5
|
222
|
+
path << suffix if suffix
|
223
|
+
if File::exist? path
|
224
|
+
hash = nil
|
225
|
+
elsif new_session
|
226
|
+
hash = {}
|
227
|
+
else
|
228
|
+
raise NoSession, "uninitialized session"
|
229
|
+
end
|
230
|
+
return path, hash
|
231
|
+
end
|
232
|
+
|
192
233
|
# Create a new CGI::Session object for +request+.
|
193
234
|
#
|
194
235
|
# +request+ is an instance of the +CGI+ class (see cgi.rb).
|
@@ -373,21 +414,8 @@ class CGI
|
|
373
414
|
# This session's FileStore file will be created if it does
|
374
415
|
# not exist, or opened if it does.
|
375
416
|
def initialize(session, option={})
|
376
|
-
|
377
|
-
|
378
|
-
suffix = option['suffix'] || ''
|
379
|
-
id = session.session_id
|
380
|
-
require 'digest/md5'
|
381
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
382
|
-
@path = dir+"/"+prefix+md5+suffix
|
383
|
-
if File::exist? @path
|
384
|
-
@hash = nil
|
385
|
-
else
|
386
|
-
unless session.new_session
|
387
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
388
|
-
end
|
389
|
-
@hash = {}
|
390
|
-
end
|
417
|
+
option = {'prefix' => 'cgi_sid_'}.update(option)
|
418
|
+
@path, @hash = session.new_store_file(option)
|
391
419
|
end
|
392
420
|
|
393
421
|
# Restore session state from the session's FileStore file.
|
data/lib/cgi/util.rb
CHANGED
@@ -5,24 +5,57 @@ class CGI
|
|
5
5
|
extend Util
|
6
6
|
end
|
7
7
|
module CGI::Util
|
8
|
-
@@accept_charset=
|
9
|
-
|
8
|
+
@@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
|
9
|
+
|
10
|
+
# URL-encode a string into application/x-www-form-urlencoded.
|
11
|
+
# Space characters (+" "+) are encoded with plus signs (+"+"+)
|
10
12
|
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
11
13
|
# # => "%27Stop%21%27+said+Fred"
|
12
14
|
def escape(string)
|
13
15
|
encoding = string.encoding
|
14
|
-
string.b
|
16
|
+
buffer = string.b
|
17
|
+
buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
|
15
18
|
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
16
|
-
end
|
19
|
+
end
|
20
|
+
buffer.tr!(' ', '+')
|
21
|
+
buffer.force_encoding(encoding)
|
17
22
|
end
|
18
23
|
|
19
|
-
# URL-decode
|
24
|
+
# URL-decode an application/x-www-form-urlencoded string with encoding(optional).
|
20
25
|
# string = CGI.unescape("%27Stop%21%27+said+Fred")
|
21
26
|
# # => "'Stop!' said Fred"
|
22
|
-
def unescape(string,encoding
|
23
|
-
str=string.tr('+', ' ')
|
27
|
+
def unescape(string, encoding = @@accept_charset)
|
28
|
+
str = string.tr('+', ' ')
|
29
|
+
str = str.b
|
30
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
31
|
+
[m.delete('%')].pack('H*')
|
32
|
+
end
|
33
|
+
str.force_encoding(encoding)
|
34
|
+
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
35
|
+
end
|
36
|
+
|
37
|
+
# URL-encode a string following RFC 3986
|
38
|
+
# Space characters (+" "+) are encoded with (+"%20"+)
|
39
|
+
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
40
|
+
# # => "%27Stop%21%27%20said%20Fred"
|
41
|
+
def escapeURIComponent(string)
|
42
|
+
encoding = string.encoding
|
43
|
+
buffer = string.b
|
44
|
+
buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
|
45
|
+
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
46
|
+
end
|
47
|
+
buffer.force_encoding(encoding)
|
48
|
+
end
|
49
|
+
|
50
|
+
# URL-decode a string following RFC 3986 with encoding(optional).
|
51
|
+
# string = CGI.unescape("%27Stop%21%27+said%20Fred")
|
52
|
+
# # => "'Stop!'+said Fred"
|
53
|
+
def unescapeURIComponent(string, encoding = @@accept_charset)
|
54
|
+
str = string.b
|
55
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
24
56
|
[m.delete('%')].pack('H*')
|
25
|
-
end
|
57
|
+
end
|
58
|
+
str.force_encoding(encoding)
|
26
59
|
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
27
60
|
end
|
28
61
|
|
data/lib/cgi.rb
CHANGED
@@ -162,7 +162,7 @@
|
|
162
162
|
# cgi.has_key?('field_name')
|
163
163
|
# cgi.include?('field_name')
|
164
164
|
#
|
165
|
-
# CAUTION! cgi['field_name'] returned an Array with the old
|
165
|
+
# CAUTION! <code>cgi['field_name']</code> returned an Array with the old
|
166
166
|
# cgi.rb(included in Ruby 1.6)
|
167
167
|
#
|
168
168
|
# === Get form values as hash
|
@@ -288,7 +288,7 @@
|
|
288
288
|
#
|
289
289
|
|
290
290
|
class CGI
|
291
|
-
VERSION = "0.3.
|
291
|
+
VERSION = "0.3.3"
|
292
292
|
end
|
293
293
|
|
294
294
|
require 'cgi/core'
|
metadata
CHANGED
@@ -1,31 +1,25 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yukihiro Matsumoto
|
8
|
-
autorequire:
|
9
|
-
bindir:
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-09-22 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|
15
15
|
- matz@ruby-lang.org
|
16
16
|
executables: []
|
17
|
-
extensions:
|
17
|
+
extensions:
|
18
|
+
- ext/cgi/escape/extconf.rb
|
18
19
|
extra_rdoc_files: []
|
19
20
|
files:
|
20
|
-
- ".github/workflows/test.yml"
|
21
|
-
- ".gitignore"
|
22
|
-
- Gemfile
|
23
21
|
- LICENSE.txt
|
24
22
|
- README.md
|
25
|
-
- Rakefile
|
26
|
-
- bin/console
|
27
|
-
- bin/setup
|
28
|
-
- cgi.gemspec
|
29
23
|
- ext/cgi/escape/depend
|
30
24
|
- ext/cgi/escape/escape.c
|
31
25
|
- ext/cgi/escape/extconf.rb
|
@@ -43,7 +37,7 @@ licenses:
|
|
43
37
|
metadata:
|
44
38
|
homepage_uri: https://github.com/ruby/cgi
|
45
39
|
source_code_uri: https://github.com/ruby/cgi
|
46
|
-
post_install_message:
|
40
|
+
post_install_message:
|
47
41
|
rdoc_options: []
|
48
42
|
require_paths:
|
49
43
|
- lib
|
@@ -58,8 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
52
|
- !ruby/object:Gem::Version
|
59
53
|
version: '0'
|
60
54
|
requirements: []
|
61
|
-
rubygems_version: 3.
|
62
|
-
signing_key:
|
55
|
+
rubygems_version: 3.4.0.dev
|
56
|
+
signing_key:
|
63
57
|
specification_version: 4
|
64
58
|
summary: Support for the Common Gateway Interface protocol.
|
65
59
|
test_files: []
|
data/.github/workflows/test.yml
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
name: test
|
2
|
-
|
3
|
-
on: [push, pull_request]
|
4
|
-
|
5
|
-
jobs:
|
6
|
-
build:
|
7
|
-
name: build (${{ matrix.ruby }} / ${{ matrix.os }})
|
8
|
-
strategy:
|
9
|
-
matrix:
|
10
|
-
ruby: [ '3.0', 2.7, 2.6, 2.5, head ]
|
11
|
-
os: [ ubuntu-latest, macos-latest ]
|
12
|
-
runs-on: ${{ matrix.os }}
|
13
|
-
steps:
|
14
|
-
- uses: actions/checkout@v2
|
15
|
-
- name: Set up Ruby
|
16
|
-
uses: ruby/setup-ruby@v1
|
17
|
-
with:
|
18
|
-
ruby-version: ${{ matrix.ruby }}
|
19
|
-
- name: Install dependencies
|
20
|
-
run: bundle install
|
21
|
-
- name: Run test
|
22
|
-
run: rake test
|
data/.gitignore
DELETED
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
require "bundler/gem_tasks"
|
2
|
-
require "rake/testtask"
|
3
|
-
|
4
|
-
Rake::TestTask.new(:test) do |t|
|
5
|
-
t.libs << "test/lib"
|
6
|
-
t.ruby_opts << "-rhelper"
|
7
|
-
t.test_files = FileList['test/**/test_*.rb']
|
8
|
-
end
|
9
|
-
|
10
|
-
require 'rake/extensiontask'
|
11
|
-
Rake::ExtensionTask.new("cgi/escape")
|
12
|
-
|
13
|
-
task :sync_tool do
|
14
|
-
require 'fileutils'
|
15
|
-
FileUtils.cp "../ruby/tool/lib/core_assertions.rb", "./test/lib"
|
16
|
-
FileUtils.cp "../ruby/tool/lib/envutil.rb", "./test/lib"
|
17
|
-
FileUtils.cp "../ruby/tool/lib/find_executable.rb", "./test/lib"
|
18
|
-
end
|
19
|
-
|
20
|
-
task :default => :test
|
data/bin/console
DELETED
data/bin/setup
DELETED
data/cgi.gemspec
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
name = File.basename(__FILE__, ".gemspec")
|
4
|
-
version = ["lib", Array.new(name.count("-")+1, "..").join("/")].find do |dir|
|
5
|
-
break File.foreach(File.join(__dir__, dir, "#{name.tr('-', '/')}.rb")) do |line|
|
6
|
-
/^\s*VERSION\s*=\s*"(.*)"/ =~ line and break $1
|
7
|
-
end rescue nil
|
8
|
-
end
|
9
|
-
|
10
|
-
Gem::Specification.new do |spec|
|
11
|
-
spec.name = name
|
12
|
-
spec.version = version
|
13
|
-
spec.authors = ["Yukihiro Matsumoto"]
|
14
|
-
spec.email = ["matz@ruby-lang.org"]
|
15
|
-
|
16
|
-
spec.summary = %q{Support for the Common Gateway Interface protocol.}
|
17
|
-
spec.description = %q{Support for the Common Gateway Interface protocol.}
|
18
|
-
spec.homepage = "https://github.com/ruby/cgi"
|
19
|
-
spec.licenses = ["Ruby", "BSD-2-Clause"]
|
20
|
-
spec.required_ruby_version = ">= 2.5.0"
|
21
|
-
|
22
|
-
spec.metadata["homepage_uri"] = spec.homepage
|
23
|
-
spec.metadata["source_code_uri"] = spec.homepage
|
24
|
-
|
25
|
-
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
26
|
-
`git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
27
|
-
end
|
28
|
-
spec.bindir = "exe"
|
29
|
-
spec.executables = []
|
30
|
-
spec.require_paths = ["lib"]
|
31
|
-
end
|