cgi 0.3.3 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of cgi might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/cgi/cookie.rb +36 -8
- data/lib/cgi/core.rb +28 -17
- data/lib/cgi.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c729ba6567e82959f2b4e23b717b7a8aa9847d48a863f7c9dc1e8a24f9fba9e3
|
4
|
+
data.tar.gz: f8eb5772591c3cb006a0bb7a8b400fa991cbe85bb139d14fe320e2225e32f4e0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 19d8d04c3b83b7580e136d95481a18ff2cd58ed2db8231c1685af3b28aa1e7e2a1c440ebedb6e51f10d85279769d70c479e749cbb631402d838c3a58348c34f2
|
7
|
+
data.tar.gz: f51658936fd8a598f0036d2ec0b2b1d6554d27073aaace7581c303dbc0b43c775b205741b41dab2aeaf573cc9f3d61917687ad7b9a5f972a3f73c4aaf7b0cbe5
|
data/lib/cgi/cookie.rb
CHANGED
@@ -40,6 +40,10 @@ class CGI
|
|
40
40
|
class Cookie < Array
|
41
41
|
@@accept_charset="UTF-8" unless defined?(@@accept_charset)
|
42
42
|
|
43
|
+
TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
|
44
|
+
PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
|
45
|
+
DOMAIN_VALUE_RE = %r"\A(?<label>[A-Za-z][-A-Za-z0-9]*[A-Za-z0-9])(?:\.\g<label>)*\z"
|
46
|
+
|
43
47
|
# Create a new CGI::Cookie object.
|
44
48
|
#
|
45
49
|
# :call-seq:
|
@@ -72,8 +76,8 @@ class CGI
|
|
72
76
|
@domain = nil
|
73
77
|
@expires = nil
|
74
78
|
if name.kind_of?(String)
|
75
|
-
|
76
|
-
|
79
|
+
self.name = name
|
80
|
+
self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
77
81
|
@secure = false
|
78
82
|
@httponly = false
|
79
83
|
return super(value)
|
@@ -84,11 +88,11 @@ class CGI
|
|
84
88
|
raise ArgumentError, "`name' required"
|
85
89
|
end
|
86
90
|
|
87
|
-
|
91
|
+
self.name = options["name"]
|
88
92
|
value = Array(options["value"])
|
89
93
|
# simple support for IE
|
90
|
-
|
91
|
-
|
94
|
+
self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
|
95
|
+
self.domain = options["domain"]
|
92
96
|
@expires = options["expires"]
|
93
97
|
@secure = options["secure"] == true
|
94
98
|
@httponly = options["httponly"] == true
|
@@ -97,11 +101,35 @@ class CGI
|
|
97
101
|
end
|
98
102
|
|
99
103
|
# Name of this cookie, as a +String+
|
100
|
-
|
104
|
+
attr_reader :name
|
105
|
+
# Set name of this cookie
|
106
|
+
def name=(str)
|
107
|
+
if str and !TOKEN_RE.match?(str)
|
108
|
+
raise ArgumentError, "invalid name: #{str.dump}"
|
109
|
+
end
|
110
|
+
@name = str
|
111
|
+
end
|
112
|
+
|
101
113
|
# Path for which this cookie applies, as a +String+
|
102
|
-
|
114
|
+
attr_reader :path
|
115
|
+
# Set path for which this cookie applies
|
116
|
+
def path=(str)
|
117
|
+
if str and !PATH_VALUE_RE.match?(str)
|
118
|
+
raise ArgumentError, "invalid path: #{str.dump}"
|
119
|
+
end
|
120
|
+
@path = str
|
121
|
+
end
|
122
|
+
|
103
123
|
# Domain for which this cookie applies, as a +String+
|
104
|
-
|
124
|
+
attr_reader :domain
|
125
|
+
# Set domain for which this cookie applies
|
126
|
+
def domain=(str)
|
127
|
+
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
|
128
|
+
raise ArgumentError, "invalid domain: #{str.dump}"
|
129
|
+
end
|
130
|
+
@domain = str
|
131
|
+
end
|
132
|
+
|
105
133
|
# Time at which this cookie expires, as a +Time+
|
106
134
|
attr_accessor :expires
|
107
135
|
# True if this cookie is secure; false otherwise
|
data/lib/cgi/core.rb
CHANGED
@@ -188,17 +188,28 @@ class CGI
|
|
188
188
|
# Using #header with the HTML5 tag maker will create a <header> element.
|
189
189
|
alias :header :http_header
|
190
190
|
|
191
|
+
def _no_crlf_check(str)
|
192
|
+
if str
|
193
|
+
str = str.to_s
|
194
|
+
raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
|
195
|
+
str
|
196
|
+
else
|
197
|
+
nil
|
198
|
+
end
|
199
|
+
end
|
200
|
+
private :_no_crlf_check
|
201
|
+
|
191
202
|
def _header_for_string(content_type) #:nodoc:
|
192
203
|
buf = ''.dup
|
193
204
|
if nph?()
|
194
|
-
buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
|
205
|
+
buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
|
195
206
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
196
|
-
buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
|
207
|
+
buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
|
197
208
|
buf << "Connection: close#{EOL}"
|
198
209
|
end
|
199
|
-
buf << "Content-Type: #{content_type}#{EOL}"
|
210
|
+
buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
|
200
211
|
if @output_cookies
|
201
|
-
@output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
|
212
|
+
@output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
|
202
213
|
end
|
203
214
|
return buf
|
204
215
|
end # _header_for_string
|
@@ -213,9 +224,9 @@ class CGI
|
|
213
224
|
## NPH
|
214
225
|
options.delete('nph') if defined?(MOD_RUBY)
|
215
226
|
if options.delete('nph') || nph?()
|
216
|
-
protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
|
227
|
+
protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
|
217
228
|
status = options.delete('status')
|
218
|
-
status = HTTP_STATUS[status] || status || '200 OK'
|
229
|
+
status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
|
219
230
|
buf << "#{protocol} #{status}#{EOL}"
|
220
231
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
221
232
|
options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
|
@@ -223,38 +234,38 @@ class CGI
|
|
223
234
|
end
|
224
235
|
## common headers
|
225
236
|
status = options.delete('status')
|
226
|
-
buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
|
237
|
+
buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
|
227
238
|
server = options.delete('server')
|
228
|
-
buf << "Server: #{server}#{EOL}" if server
|
239
|
+
buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
|
229
240
|
connection = options.delete('connection')
|
230
|
-
buf << "Connection: #{connection}#{EOL}" if connection
|
241
|
+
buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
|
231
242
|
type = options.delete('type')
|
232
|
-
buf << "Content-Type: #{type}#{EOL}" #if type
|
243
|
+
buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
|
233
244
|
length = options.delete('length')
|
234
|
-
buf << "Content-Length: #{length}#{EOL}" if length
|
245
|
+
buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
|
235
246
|
language = options.delete('language')
|
236
|
-
buf << "Content-Language: #{language}#{EOL}" if language
|
247
|
+
buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
|
237
248
|
expires = options.delete('expires')
|
238
249
|
buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
|
239
250
|
## cookie
|
240
251
|
if cookie = options.delete('cookie')
|
241
252
|
case cookie
|
242
253
|
when String, Cookie
|
243
|
-
buf << "Set-Cookie: #{cookie}#{EOL}"
|
254
|
+
buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
|
244
255
|
when Array
|
245
256
|
arr = cookie
|
246
|
-
arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
257
|
+
arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
247
258
|
when Hash
|
248
259
|
hash = cookie
|
249
|
-
hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
260
|
+
hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
250
261
|
end
|
251
262
|
end
|
252
263
|
if @output_cookies
|
253
|
-
@output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
264
|
+
@output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
254
265
|
end
|
255
266
|
## other headers
|
256
267
|
options.each do |key, value|
|
257
|
-
buf << "#{key}: #{value}#{EOL}"
|
268
|
+
buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
|
258
269
|
end
|
259
270
|
return buf
|
260
271
|
end # _header_for_hash
|
data/lib/cgi.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yukihiro Matsumoto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|