cgi 0.3.3-java → 0.3.5-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4310af39d77c46fa21525427237ec1d2502a4f251d67e9bae174b56b86200626
4
- data.tar.gz: 39fc4fcd330a596032ceeae0b0fda7941e392f3e2d33a26692cc27a90cea715f
3
+ metadata.gz: 7ab630b1ee63c28d102b256a4562207d7f3db48b69b70637a2bef8ea3e5278c9
4
+ data.tar.gz: 233320549bd6842398a5dfd401b671713dd9f9af75a4c7eb4a6e8ab760a192d4
5
5
  SHA512:
6
- metadata.gz: f9b7a469b0d91eb6bf898714c8ede902fd964ef275388700d123a52d079a735617e368060e22620c7718af1d777b749f3a2a0d5e95b4016b0768627f03ca6051
7
- data.tar.gz: c6bddae3dfbd7fa5d0eaeec5a2fb3dc52ab0808aba5a029f4653c30b46fb9446542e6017bf94c858522dd650c572fcdd44488a650f23e6ba2e136bd9100d2a1d
6
+ metadata.gz: 9f14f7ffa4c17c1f5fb170bf1f2a35ee679f4b5dfe76fbe4396984da5f06f3a192aecb91be1cc84d1c9fdd2cc8ee9850627c1dbd6e9853f7397d5edadaa5fb7d
7
+ data.tar.gz: 57e0626a276c44d062a9f2279b4e28a3dca19abe50885fd4bd9a38e7bc93fa8cb1710ae18d1b33d4040630c57fa56eb52ed55fbf4cd8f557c0ef3838b571bbc5
data/lib/cgi/cookie.rb CHANGED
@@ -40,6 +40,10 @@ class CGI
40
40
  class Cookie < Array
41
41
  @@accept_charset="UTF-8" unless defined?(@@accept_charset)
42
42
 
43
+ TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
44
+ PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
45
+ DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
46
+
43
47
  # Create a new CGI::Cookie object.
44
48
  #
45
49
  # :call-seq:
@@ -72,8 +76,8 @@ class CGI
72
76
  @domain = nil
73
77
  @expires = nil
74
78
  if name.kind_of?(String)
75
- @name = name
76
- @path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
79
+ self.name = name
80
+ self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
77
81
  @secure = false
78
82
  @httponly = false
79
83
  return super(value)
@@ -84,11 +88,11 @@ class CGI
84
88
  raise ArgumentError, "`name' required"
85
89
  end
86
90
 
87
- @name = options["name"]
91
+ self.name = options["name"]
88
92
  value = Array(options["value"])
89
93
  # simple support for IE
90
- @path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
91
- @domain = options["domain"]
94
+ self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
95
+ self.domain = options["domain"]
92
96
  @expires = options["expires"]
93
97
  @secure = options["secure"] == true
94
98
  @httponly = options["httponly"] == true
@@ -97,11 +101,35 @@ class CGI
97
101
  end
98
102
 
99
103
  # Name of this cookie, as a +String+
100
- attr_accessor :name
104
+ attr_reader :name
105
+ # Set name of this cookie
106
+ def name=(str)
107
+ if str and !TOKEN_RE.match?(str)
108
+ raise ArgumentError, "invalid name: #{str.dump}"
109
+ end
110
+ @name = str
111
+ end
112
+
101
113
  # Path for which this cookie applies, as a +String+
102
- attr_accessor :path
114
+ attr_reader :path
115
+ # Set path for which this cookie applies
116
+ def path=(str)
117
+ if str and !PATH_VALUE_RE.match?(str)
118
+ raise ArgumentError, "invalid path: #{str.dump}"
119
+ end
120
+ @path = str
121
+ end
122
+
103
123
  # Domain for which this cookie applies, as a +String+
104
- attr_accessor :domain
124
+ attr_reader :domain
125
+ # Set domain for which this cookie applies
126
+ def domain=(str)
127
+ if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
128
+ raise ArgumentError, "invalid domain: #{str.dump}"
129
+ end
130
+ @domain = str
131
+ end
132
+
105
133
  # Time at which this cookie expires, as a +Time+
106
134
  attr_accessor :expires
107
135
  # True if this cookie is secure; false otherwise
data/lib/cgi/core.rb CHANGED
@@ -188,17 +188,28 @@ class CGI
188
188
  # Using #header with the HTML5 tag maker will create a <header> element.
189
189
  alias :header :http_header
190
190
 
191
+ def _no_crlf_check(str)
192
+ if str
193
+ str = str.to_s
194
+ raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
195
+ str
196
+ else
197
+ nil
198
+ end
199
+ end
200
+ private :_no_crlf_check
201
+
191
202
  def _header_for_string(content_type) #:nodoc:
192
203
  buf = ''.dup
193
204
  if nph?()
194
- buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
205
+ buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
195
206
  buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
196
- buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
207
+ buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
197
208
  buf << "Connection: close#{EOL}"
198
209
  end
199
- buf << "Content-Type: #{content_type}#{EOL}"
210
+ buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
200
211
  if @output_cookies
201
- @output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
212
+ @output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
202
213
  end
203
214
  return buf
204
215
  end # _header_for_string
@@ -213,9 +224,9 @@ class CGI
213
224
  ## NPH
214
225
  options.delete('nph') if defined?(MOD_RUBY)
215
226
  if options.delete('nph') || nph?()
216
- protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
227
+ protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
217
228
  status = options.delete('status')
218
- status = HTTP_STATUS[status] || status || '200 OK'
229
+ status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
219
230
  buf << "#{protocol} #{status}#{EOL}"
220
231
  buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
221
232
  options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
@@ -223,38 +234,38 @@ class CGI
223
234
  end
224
235
  ## common headers
225
236
  status = options.delete('status')
226
- buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
237
+ buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
227
238
  server = options.delete('server')
228
- buf << "Server: #{server}#{EOL}" if server
239
+ buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
229
240
  connection = options.delete('connection')
230
- buf << "Connection: #{connection}#{EOL}" if connection
241
+ buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
231
242
  type = options.delete('type')
232
- buf << "Content-Type: #{type}#{EOL}" #if type
243
+ buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
233
244
  length = options.delete('length')
234
- buf << "Content-Length: #{length}#{EOL}" if length
245
+ buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
235
246
  language = options.delete('language')
236
- buf << "Content-Language: #{language}#{EOL}" if language
247
+ buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
237
248
  expires = options.delete('expires')
238
249
  buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
239
250
  ## cookie
240
251
  if cookie = options.delete('cookie')
241
252
  case cookie
242
253
  when String, Cookie
243
- buf << "Set-Cookie: #{cookie}#{EOL}"
254
+ buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
244
255
  when Array
245
256
  arr = cookie
246
- arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
257
+ arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
247
258
  when Hash
248
259
  hash = cookie
249
- hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
260
+ hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
250
261
  end
251
262
  end
252
263
  if @output_cookies
253
- @output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
264
+ @output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
254
265
  end
255
266
  ## other headers
256
267
  options.each do |key, value|
257
- buf << "#{key}: #{value}#{EOL}"
268
+ buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
258
269
  end
259
270
  return buf
260
271
  end # _header_for_hash
data/lib/cgi/escape.jar CHANGED
Binary file
data/lib/cgi.rb CHANGED
@@ -288,7 +288,7 @@
288
288
  #
289
289
 
290
290
  class CGI
291
- VERSION = "0.3.3"
291
+ VERSION = "0.3.5"
292
292
  end
293
293
 
294
294
  require 'cgi/core'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cgi
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.3
4
+ version: 0.3.5
5
5
  platform: java
6
6
  authors:
7
7
  - Yukihiro Matsumoto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-22 00:00:00.000000000 Z
11
+ date: 2022-11-22 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Support for the Common Gateway Interface protocol.
14
14
  email:
@@ -51,7 +51,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
51
51
  - !ruby/object:Gem::Version
52
52
  version: '0'
53
53
  requirements: []
54
- rubygems_version: 3.2.29
54
+ rubygems_version: 3.2.33
55
55
  signing_key:
56
56
  specification_version: 4
57
57
  summary: Support for the Common Gateway Interface protocol.