cgi 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4807bd75c56012fd4b219cd83c6b0fb76006483f176b9a7b19b2658606b11503
-  data.tar.gz: b49eebc85d48ac1f068dda9fd36570dbb83d2ee787d6d458680996d29554d8ce
+  metadata.gz: 0f7c88bb08e51fd6b7abd1855b87d05c8af6b8f4e89865f0315f512badcddcb9
+  data.tar.gz: fbe294b63d488ae16c123d325b2251a9561da5b474105a0ecbb1ecd880c4cdb6
 SHA512:
-  metadata.gz: c85c60cdefbe541dd68ebc7c82be5a62635bb3861e7a717d828cff5e2072c583bdb0722d85eb36d18a6f1a28255cad60f8d2879d302c10c94f4c7e2c3100103f
-  data.tar.gz: c7a7fccaf06fed4326df4fb5dc1bcab429e4c1430bffb010f5a3c46a4c1b53c102c32b7142b6bdda1a090d6c152da34cdc76e4f5a1d67e1bd37a6df6fc7b5f8e
+  metadata.gz: 9d4837752a514f02e88f8f3673fa0b0b9a31195df062d79c9d5b51175288f5053409fc337b1613ad27393b92c4394663d4cfd355d30c555b565f79a9102e2feb
+  data.tar.gz: 0c465bae726d291b6829b6f0bf9f86d05976bf61529dc8190da4fd73022b37924c7901c3b29fb3cddb7760829aa24ac5cd6999c1f1ad9b4ec825fe0afc63ef19

data/ext/cgi/escape/escape.c

@@ -45,6 +45,7 @@ escaped_length(VALUE str)
 static VALUE
 optimized_escape_html(VALUE str)
 {
+    VALUE escaped;
     VALUE vbuf;
     char *buf = ALLOCV_N(char, vbuf, escaped_length(str));
     const char *cstr = RSTRING_PTR(str);
@@ -63,7 +64,6 @@ optimized_escape_html(VALUE str)
         }
     }
 
-    VALUE escaped;
     if (RSTRING_LEN(str) < (dest - buf)) {
         escaped = rb_str_new(buf, dest - buf);
         preserve_original_state(str, escaped);

data/lib/cgi/cookie.rb

@@ -40,9 +40,11 @@ class CGI
   class Cookie < Array
     @@accept_charset="UTF-8" unless defined?(@@accept_charset)
 
+    # :stopdoc:
     TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
     PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
     DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
+    # :startdoc:
 
     # Create a new CGI::Cookie object.
     #

data/lib/cgi/core.rb

@@ -384,11 +384,14 @@ class CGI
     stdoutput.print(*options)
   end
 
-  # Parse an HTTP query string into a hash of key=>value pairs.
+  # :call-seq:
+  #    CGI.parse(query_string) -> hash
+  #
+  # Returns a new hash built from name/value pairs in the given +query_string+:
   #
-  #   params = CGI.parse("query_string")
-  #     # {"name1" => ["value1", "value2", ...],
-  #     #  "name2" => ["value1", "value2", ...], ... }
+  #   query = 'foo=0&bar=1&foo=2&bar=3'
+  #   CGI.parse(query)
+  #   # => {"foo" => ["0", "2"], "bar" => ["1", "3"]}
   #
   def self.parse(query)
     params = {}
@@ -629,8 +632,8 @@ class CGI
       string = unless ARGV.empty?
         ARGV.join(' ')
       else
-        if STDIN.tty?
-          STDERR.print(
+        if stdinput.tty?
+          $stderr.print(
             %|(offline mode: enter name=value pairs on standard input)\n|
           )
         end
@@ -778,75 +781,152 @@ class CGI
   #
   @@max_multipart_length= 128 * 1024 * 1024
 
-  # Create a new CGI instance.
-  #
   # :call-seq:
-  #   CGI.new(tag_maker) { block }
-  #   CGI.new(options_hash = {}) { block }
+  #   CGI.new(options = {}) -> new_cgi
+  #   CGI.new(tag_maker) -> new_cgi
+  #   CGI.new(options = {}) {|name, value| ... } -> new_cgi
+  #   CGI.new(tag_maker) {|name, value| ... } -> new_cgi
+  #
+  # Returns a new \CGI object.
+  #
+  # The behavior of this method depends _strongly_ on whether it is called
+  # within a standard \CGI call environment;
+  # that is, whether <tt>ENV['REQUEST_METHOD']</tt> is defined.
+  #
+  # <b>Within a Standard Call Environment</b>
+  #
+  # This section assumes that <tt>ENV['REQUEST_METHOD']</tt> is defined;
+  # for example:
+  #
+  #   ENV['REQUEST_METHOD'] # => "GET"
+  #
+  # With no argument and no block given, returns a new \CGI object with default values:
+  #
+  #   cgi = CGI.new
+  #   puts cgi.pretty_inspect
+  #   #<CGI:0x000002b0ea237bc8
+  #   @accept_charset=#<Encoding:UTF-8>,
+  #   @accept_charset_error_block=nil,
+  #   @cookies={},
+  #   @max_multipart_length=134217728,
+  #   @multipart=false,
+  #   @output_cookies=nil,
+  #   @output_hidden=nil,
+  #   @params={}>
+  #
+  # With hash argument +options+ given and no block given,
+  # returns a new \CGI object with the given options.
+  #
+  # The options may be:
+  #
+  # - <tt>accept_charset: _encoding_</tt>:
+  #   specifies the encoding of the received query string.
+  #
+  #   Value  _encoding_ may be
+  #   an {Encoding object}[https://docs.ruby-lang.org/en/master/encodings_rdoc.html#label-Encoding+Objects]
+  #   or an {encoding name}[https://docs.ruby-lang.org/en/master/encodings_rdoc.html#label-Names+and+Aliases]:
+  #
+  #     CGI.new(accept_charset: 'EUC-JP')
+  #
+  #   If the option is not given,
+  #   the default value is the class default encoding.
+  #
+  #   <em>Note:</em> The <tt>accept_charset</tt> method returns the HTTP Accept-Charset
+  #   header value, not the configured encoding. The configured encoding is used
+  #   internally for query string parsing.
+  #
+  # - <tt>max_multipart_length: _size_</tt>:
+  #   specifies maximum size (in bytes) of multipart data.
+  #
+  #   The _size_ may be:
+  #
+  #   - A positive integer.
+  #
+  #       CGI.new(max_multipart_length: 1024 * 1024)
+  #
+  #
+  #   - A lambda to be evaluated when the request is parsed.
+  #     This is useful when determining whether to accept multipart data
+  #     (e.g. by consulting a registered user's upload allowance).
+  #
+  #       CGI.new(max_multipart_length: -> {check_filesystem})
+  #
+  #   If the option is not given, the default is +134217728+, specifying a maximum size of 128 megabytes.
+#
+#   <em>Note:</em> This option configures internal behavior only.
+#   There is no public method to retrieve this value after initialization.
+  #
+  # - <tt>tag_maker: _html_version_</tt>:
+  #   specifies which version of HTML to use in generating tags.
+  #
+  #   Value _html_version_ may be one of:
+  #
+  #   - <tt>'html3'</tt>: {HTML version 3}[https://en.wikipedia.org/wiki/HTML#HTML_3].
+  #   - <tt>'html4'</tt>: {HTML version 4}[https://en.wikipedia.org/wiki/HTML#HTML_4].
+  #   - <tt>'html4Tr'</tt>: HTML 4.0 Transitional.
+  #   - <tt>'html4Fr'</tt>: HTML 4.0 with Framesets.
+  #   - <tt>'html5'</tt>: {HTML version 5}[https://en.wikipedia.org/wiki/HTML#HTML_5].
   #
+  #   Example:
   #
-  # <tt>tag_maker</tt>::
-  #   This is the same as using the +options_hash+ form with the value <tt>{
-  #   :tag_maker => tag_maker }</tt> Note that it is recommended to use the
-  #   +options_hash+ form, since it also allows you specify the charset you
-  #   will accept.
-  # <tt>options_hash</tt>::
-  #   A Hash that recognizes three options:
+  #     CGI.new(tag_maker: 'html5')
   #
-  #   <tt>:accept_charset</tt>::
-  #     specifies encoding of received query string.  If omitted,
-  #     <tt>@@accept_charset</tt> is used.  If the encoding is not valid, a
-  #     CGI::InvalidEncoding will be raised.
+  #   If the option is not given,
+  #   no HTML generation methods are loaded.
   #
-  #     Example. Suppose <tt>@@accept_charset</tt> is "UTF-8"
+  # With string argument +tag_maker+ given as _tag_maker_ and no block given,
+  # equivalent to <tt>CGI.new(tag_maker: _tag_maker_)</tt>:
   #
-  #     when not specified:
+  #   CGI.new('html5')
   #
-  #         cgi=CGI.new      # @accept_charset # => "UTF-8"
+  # <b>Outside a Standard Call Environment</b>
   #
-  #     when specified as "EUC-JP":
+  # This section assumes that <tt>ENV['REQUEST_METHOD']</tt> is not defined;
+  # for example:
   #
-  #         cgi=CGI.new(:accept_charset => "EUC-JP") # => "EUC-JP"
+  #   ENV['REQUEST_METHOD'] # => nil
   #
-  #   <tt>:tag_maker</tt>::
-  #     String that specifies which version of the HTML generation methods to
-  #     use.  If not specified, no HTML generation methods will be loaded.
+  # In this mode, the method reads its parameters
+  # from the command line or (failing that) from standard input;
+  # returns a new \CGI object.
   #
-  #     The following values are supported:
+  # Otherwise, cookies and other parameters are parsed automatically from the standard CGI locations,
+  # which vary according to the request method.
   #
-  #     "html3":: HTML 3.x
-  #     "html4":: HTML 4.0
-  #     "html4Tr":: HTML 4.0 Transitional
-  #     "html4Fr":: HTML 4.0 with Framesets
-  #     "html5":: HTML 5
+  # <b>Options vs Public Methods</b>
   #
-  #   <tt>:max_multipart_length</tt>::
-  #     Specifies maximum length of multipart data. Can be an Integer scalar or
-  #     a lambda, that will be evaluated when the request is parsed. This
-  #     allows more complex logic to be set when determining whether to accept
-  #     multipart data (e.g. consult a registered users upload allowance)
+  # Some initialization options configure internal behavior only and do not provide
+  # corresponding public getter methods:
   #
-  #     Default is 128 * 1024 * 1024 bytes
+  # - <tt>accept_charset</tt>: Configures internal encoding for parsing.
+  #   The <tt>accept_charset</tt> method returns the HTTP Accept-Charset header.
+  # - <tt>max_multipart_length</tt>: Configures internal multipart size limits.
+  #   No public getter method is available.
+  # - <tt>tag_maker</tt>: Loads HTML generation methods (publicly accessible).
   #
-  #         cgi=CGI.new(:max_multipart_length => 268435456) # simple scalar
+  # <b>Block</b>
   #
-  #         cgi=CGI.new(:max_multipart_length => -> {check_filesystem}) # lambda
+  # If a block is given, its code is stored as a Proc;
+  # whenever CGI::InvalidEncoding would be raised, the proc is called instead.
   #
-  # <tt>block</tt>::
-  #   If provided, the block is called when an invalid encoding is
-  #   encountered. For example:
+  # In this example, the proc simply saves the error:
   #
-  #     encoding_errors={}
-  #     cgi=CGI.new(:accept_charset=>"EUC-JP") do |name,value|
-  #       encoding_errors[name] = value
-  #     end
+  #   encoding_errors={}
+  #   CGI.new(accept_charset: 'EUC-JP') do |name,value|
+  #     encoding_errors[name] = value
+  #   end
+  #   # =>
+  #   #<CGI:0x000002b0ec11bcd8
+  #    @accept_charset="EUC-JP",
+  #    @accept_charset_error_block=#<Proc:0x000002b0ed2ee190 (irb):146>,
+  #    @cookies={},
+  #    @max_multipart_length=134217728,
+  #    @multipart=false,
+  #    @options={accept_charset: "EUC-JP", max_multipart_length: 134217728},
+  #    @output_cookies=nil,
+  #    @output_hidden=nil,
+  #    @params={}>
   #
-  # Finally, if the CGI object is not created in a standard CGI call
-  # environment (that is, it can't locate REQUEST_METHOD in its environment),
-  # then it will run in "offline" mode.  In this mode, it reads its parameters
-  # from the command line or (failing that) from standard input.  Otherwise,
-  # cookies and other parameters are parsed automatically from the standard
-  # CGI locations, which varies according to the REQUEST_METHOD.
   def initialize(options = {}, &block) # :yields: name, value
     @accept_charset_error_block = block_given? ? block : nil
     @options={

data/lib/cgi/escape.rb

@@ -1,11 +1,15 @@
 # frozen_string_literal: true
 
+# :stopdoc
 class CGI
   module Escape; end
   include Escape
   extend Escape
+  module EscapeExt; end # :nodoc:
 end
+# :startdoc:
 
+# Escape/unescape for CGI, HTML, URI.
 module CGI::Escape
   @@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
 

data/lib/cgi/html.rb

@@ -1006,27 +1006,32 @@ class CGI
 
   end # Html5
 
+  # HTML version 3 generation class.
   class HTML3
     include Html3
     include HtmlExtension
   end
 
+  # HTML version 4 generation class.
   class HTML4
     include Html4
     include HtmlExtension
   end
 
+  # HTML version 4 transitional generation class.
   class HTML4Tr
     include Html4Tr
     include HtmlExtension
   end
 
+  # HTML version 4 with framesets generation class.
   class HTML4Fr
     include Html4Tr
     include Html4Fr
     include HtmlExtension
   end
 
+  # HTML version 5 generation class.
   class HTML5
     include Html5
     include HtmlExtension

data/lib/cgi/session.rb

@@ -214,11 +214,11 @@ class CGI
       dir = option['tmpdir'] || Dir::tmpdir
       prefix = option['prefix']
       suffix = option['suffix']
-      require 'digest/md5'
-      md5 = Digest::MD5.hexdigest(session_id)[0,16]
+      require 'digest'
+      sha256 = Digest::SHA256.hexdigest(session_id)[0,16]
       path = dir+"/"
       path << prefix if prefix
-      path << md5
+      path << sha256
       path << suffix if suffix
       if File::exist? path
         hash = nil

data/lib/cgi/util.rb

@@ -5,6 +5,7 @@ class CGI
   extend Util
 end
 
+# Utility methods for CGI.
 module CGI::Util
   # Format a +Time+ object as a String using the format specified by RFC 1123.
   #

data/lib/cgi.rb

@@ -42,6 +42,17 @@
 #
 # Read on for more details.  Examples are provided at the bottom.
 #
+# == About the Examples
+#
+# Examples on this page assume that \CGI has been required:
+#
+#   require 'cgi'
+#
+# Unless otherwise stated, examples also assume that environment variable 'REQUEST_METHOD' exists
+# (which prevents CGI.new from entering its online mode):
+#
+#   ENV.include?('REQUEST_METHOD') # => true
+#
 # == Queries
 #
 # The CGI class dynamically mixes in parameter and cookie-parsing
@@ -148,59 +159,62 @@
 # Escape and unescape methods are defined in cgi/escape.rb.
 # And when include, you can use utility methods like a function.
 #
-# == Examples of use
+# == Examples of Use
 #
-# === Get form values
+# === Form Values
 #
-#   require "cgi"
-#   cgi = CGI.new
-#   value = cgi['field_name']   # <== value string for 'field_name'
-#     # if not 'field_name' included, then return "".
-#   fields = cgi.keys            # <== array of field names
-#
-#   # returns true if form has 'field_name'
-#   cgi.has_key?('field_name')
-#   cgi.has_key?('field_name')
-#   cgi.include?('field_name')
+# ==== Get Form Values
 #
-# CAUTION! <code>cgi['field_name']</code> returned an Array with the old
-# cgi.rb(included in Ruby 1.6)
+# You can use method +cgi.params+ to retrieve form values
+# in a {Hash}[https://docs.ruby-lang.org/en/3.4/Hash.html]:
 #
-# === Get form values as hash
-#
-#   require "cgi"
+#   ENV.update(
+#    'REQUEST_METHOD' => 'GET',
+#    'QUERY_STRING'   => 'a=111&&b=222&c&d='
+#   )
 #   cgi = CGI.new
-#   params = cgi.params
-#
-# cgi.params is a hash.
-#
-#   cgi.params['new_field_name'] = ["value"]  # add new param
-#   cgi.params['field_name'] = ["new_value"]  # change value
-#   cgi.params.delete('field_name')           # delete param
-#   cgi.params.clear                          # delete all params
-#
-#
-# === Save form values to file
-#
-#   require "pstore"
-#   db = PStore.new("query.db")
-#   db.transaction do
-#     db["params"] = cgi.params
+#   cgi.params.class # => Hash
+#   cgi.params       # => {"a" => ["111"], "b" => ["222"], "c" => [], "d" => [""]}
+#   cgi.params.keys  # => ["a", "b", "c", "d"]
+#   cgi.params['a']  # => ["111"]  # Returns an array.
+#   cgi.params['d']  # => [""]     # Returns empty string in array if no value.
+#   cgi.params['x']  # => []       # Returns empty array if no key.
+#
+# A \CGI instance has these convenience methods:
+#
+#   # Convenience method for cgi.params.keys.
+#   cgi.keys          # => ["a", "b", "c", "d"]
+#   # Convenience method for cgi.params[key].first.
+#   cgi['a']          # => "111"  # Returns string, not array.
+#   cgi['d']          # => ""     # Returns empty string if no value.
+#   cgi['x']          # => ""     # Returns empty string if no key.
+#   # Convenience method for cgi.params.include?.
+#   cgi.include?('a') # => true
+#   cgi.include?('x') # => false
+#
+# ==== Save and Restore Form Values
+#
+# This example uses {Pstore}[https://docs.ruby-lang.org/en/3.4/PStore.html]
+# to store and retrieve form values:
+#
+#   ENV.update(
+#    'REQUEST_METHOD' => 'GET',
+#    'QUERY_STRING'   => 'a=111&&b=222&c&d='
+#   )
+#   cgi = CGI.new
+#   require 'pstore'
+#   store = PStore.new('params.store')
+#   store.transaction do
+#     store['params'] = cgi.params
 #   end
-#
-#
-# === Restore form values from file
-#
-#   require "pstore"
-#   db = PStore.new("query.db")
-#   db.transaction do
-#     cgi.params = db["params"]
+#   cgi.params.clear # Oops! Lost my params!
+#   store.transaction do
+#     cgi.params = store['params']
 #   end
+#   cgi.params # => {"a" => ["111"], "b" => ["222"], "c" => [], "d" => [""]}
 #
+# ==== Get multipart form values
 #
-# === Get multipart form values
-#
-#   require "cgi"
 #   cgi = CGI.new
 #   value = cgi['field_name']   # <== value string for 'field_name'
 #   value.read                  # <== body of value
@@ -212,7 +226,6 @@
 #
 # === Get cookie values
 #
-#   require "cgi"
 #   cgi = CGI.new
 #   values = cgi.cookies['name']  # <== array of 'name'
 #     # if not 'name' included, then return [].
@@ -222,7 +235,6 @@
 #
 # === Get cookie objects
 #
-#   require "cgi"
 #   cgi = CGI.new
 #   for name, cookie in cgi.cookies
 #     cookie.expires = Time.now + 30
@@ -231,14 +243,12 @@
 #
 #   cgi.cookies # { "name1" => cookie1, "name2" => cookie2, ... }
 #
-#   require "cgi"
 #   cgi = CGI.new
 #   cgi.cookies['name'].expires = Time.now + 30
 #   cgi.out("cookie" => cgi.cookies['name']) {"string"}
 #
 # === Print http header and html string to $DEFAULT_OUTPUT ($>)
 #
-#   require "cgi"
 #   cgi = CGI.new("html4")  # add HTML generation methods
 #   cgi.out do
 #     cgi.html do
@@ -289,7 +299,8 @@
 #
 
 class CGI
-  VERSION = "0.5.0"
+  # The version string
+  VERSION = "0.5.1"
 end
 
 require 'cgi/util'

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: cgi
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Yukihiro Matsumoto
 bindir: bin
 cert_chain: []
-date: 2025-06-04 00:00:00.000000000 Z
+date: 2025-12-10 00:00:00.000000000 Z
 dependencies: []
 description: Support for the Common Gateway Interface protocol.
 email: