dalli 3.2.2 → 3.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 539a5ec7700d7d96bece70021727ff422d24202ab9e89fd07afc623dc3480502
-  data.tar.gz: ba9231846477125fd3ed77f5a60f0df3445e3cda12c1736cd71f6b299213accb
+  metadata.gz: f0ef39f4ff4e9e465b2522707f3c4eea85a94373ba0d3de4b9d940830001b118
+  data.tar.gz: 35cb362ec6075818f062106769481e92c90752936ecaf9a00fae25725ee4ea94
 SHA512:
-  metadata.gz: 4039d6ce807dc60351f5781438ae84a0d2a147d5af567607653fcfb943ca3d3e0bcfd231cc67dbf4b761a5f0797ba4e5c99e9441d8d1e738eeb356805d139b89
-  data.tar.gz: 5c31e6bc0d5b4b35280f7fd6747172838a8b037209d365906830634b32109a16c0301f732418c2ca99480ff3a37d9247a401c61e1d887ecf11a45dd4448d162b
+  metadata.gz: 0c6b2b205551fb10fb2e49ab7c3c3eba3c552c0bc4b8132783b51f6cdc7a9ddd4c272bd24ed13f9d78e29353e3b84daec001b2691ad630bdfd517bb7af86fd54
+  data.tar.gz: 6ef9f6733d8e6d5f8a6bf8fb7d782e99c450494e03d4e5fe46037b77665682df63eaa9a3eb05007d1720b175564c8e91524c0df92d0856dc1f68066501732a06

data/{History.md → CHANGELOG.md}

@@ -4,10 +4,19 @@ Dalli Changelog
 Unreleased
 ==========
 
+3.2.3
+==========
+
+- Sanitize CAS inputs to ensure additional commands are not passed to memcached (xhzeem / petergoldstein)
+- Sanitize input to flush command to ensure additional commands are not passed to memcached (xhzeem / petergoldstein)
+- Namespaces passed as procs are now evaluated every time, as opposed to just on initialization (nrw505)
+- Fix missing require of uri in ServerConfigParser (adam12)
+- Fix link to the CHANGELOG.md file in README.md (rud)
+
 3.2.2
 ==========
 
-- Ensure apps are resilient against old session ids
+- Ensure apps are resilient against old session ids (kbrock)
 
 3.2.1
 ==========

data/README.md

@@ -27,7 +27,7 @@ The name is a variant of Salvador Dali for his famous painting [The Persistence
 
 ## Contributing
 
-If you have a fix you wish to provide, please fork the code, fix in your local project and then send a pull request on github.  Please ensure that you include a test which verifies your fix and update `History.md` with a one sentence description of your fix so you get credit as a contributor.
+If you have a fix you wish to provide, please fork the code, fix in your local project and then send a pull request on github.  Please ensure that you include a test which verifies your fix and update the [changelog](CHANGELOG.md) with a one sentence description of your fix so you get credit as a contributor.
 
 ## Appreciation
 

data/lib/dalli/key_manager.rb

@@ -61,7 +61,7 @@ module Dalli
     def key_with_namespace(key)
       return key if namespace.nil?
 
-      "#{namespace}#{NAMESPACE_SEPARATOR}#{key}"
+      "#{evaluate_namespace}#{NAMESPACE_SEPARATOR}#{key}"
     end
 
     def key_without_namespace(key)
@@ -75,6 +75,8 @@ module Dalli
     end
 
     def namespace_regexp
+      return /\A#{Regexp.escape(evaluate_namespace)}:/ if namespace.is_a?(Proc)
+
       @namespace_regexp ||= /\A#{Regexp.escape(namespace)}:/.freeze unless namespace.nil?
     end
 
@@ -87,9 +89,15 @@ module Dalli
     def namespace_from_options
       raw_namespace = @key_options[:namespace]
       return nil unless raw_namespace
-      return raw_namespace.call.to_s if raw_namespace.is_a?(Proc)
+      return raw_namespace.to_s unless raw_namespace.is_a?(Proc)
+
+      raw_namespace
+    end
+
+    def evaluate_namespace
+      return namespace.call.to_s if namespace.is_a?(Proc)
 
-      raw_namespace.to_s
+      namespace
     end
 
     ##

data/lib/dalli/pipelined_getter.rb

@@ -167,7 +167,7 @@ module Dalli
       groups = @ring.keys_grouped_by_server(keys)
       if (unfound_keys = groups.delete(nil))
         Dalli.logger.debug do
-          "unable to get keys for #{unfound_keys.length} keys "\
+          "unable to get keys for #{unfound_keys.length} keys " \
             'because no matching server was found'
         end
       end

data/lib/dalli/protocol/meta/request_formatter.rb

@@ -31,7 +31,7 @@ module Dalli
           cmd << ' c' unless %i[append prepend].include?(mode)
           cmd << ' b' if base64
           cmd << " F#{bitflags}" if bitflags
-          cmd << " C#{cas}" if cas && !cas.zero?
+          cmd << cas_string(cas)
           cmd << " T#{ttl}" if ttl
           cmd << " M#{mode_to_token(mode)}"
           cmd << ' q' if quiet
@@ -43,7 +43,7 @@ module Dalli
         def self.meta_delete(key:, cas: nil, ttl: nil, base64: false, quiet: false)
           cmd = "md #{key}"
           cmd << ' b' if base64
-          cmd << " C#{cas}" if cas && !cas.zero?
+          cmd << cas_string(cas)
           cmd << " T#{ttl}" if ttl
           cmd << ' q' if quiet
           cmd + TERMINATOR
@@ -54,8 +54,9 @@ module Dalli
           cmd << ' b' if base64
           cmd << " D#{delta}" if delta
           cmd << " J#{initial}" if initial
-          cmd << " C#{cas}" if cas && !cas.zero?
-          cmd << " N#{ttl}" if ttl
+          # Always set a TTL if an initial value is specified
+          cmd << " N#{ttl || 0}" if ttl || initial
+          cmd << cas_string(cas)
           cmd << ' q' if quiet
           cmd << " M#{incr ? 'I' : 'D'}"
           cmd + TERMINATOR
@@ -75,7 +76,7 @@ module Dalli
 
         def self.flush(delay: nil, quiet: false)
           cmd = +'flush_all'
-          cmd << " #{delay}" if delay
+          cmd << " #{parse_to_64_bit_int(delay, 0)}" if delay
           cmd << ' noreply' if quiet
           cmd + TERMINATOR
         end
@@ -102,6 +103,18 @@ module Dalli
           end
         end
         # rubocop:enable Metrics/MethodLength
+
+        def self.cas_string(cas)
+          cas = parse_to_64_bit_int(cas, nil)
+          cas.nil? || cas.zero? ? '' : " C#{cas}"
+        end
+
+        def self.parse_to_64_bit_int(val, default)
+          val.nil? ? nil : Integer(val)
+        rescue ArgumentError
+          # Sanitize to default if it isn't parsable as an integer
+          default
+        end
       end
     end
   end

data/lib/dalli/protocol/meta.rb

@@ -44,6 +44,7 @@ module Dalli
       end
 
       def touch(key, ttl)
+        ttl = TtlSanitizer.sanitize(ttl)
         encoded_key, base64 = KeyRegularizer.encode(key)
         req = RequestFormatter.meta_get(key: encoded_key, ttl: ttl, value: false, base64: base64)
         write(req)

data/lib/dalli/protocol/server_config_parser.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'uri'
+
 module Dalli
   module Protocol
     ##

data/lib/dalli/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Dalli
-  VERSION = '3.2.2'
+  VERSION = '3.2.3'
 
   MIN_SUPPORTED_MEMCACHED_VERSION = '1.4'
 end

data/lib/rack/session/dalli.rb

@@ -170,7 +170,7 @@ module Rack
       def ensure_connection_pool_added!
         require 'connection_pool'
       rescue LoadError => e
-        warn "You don't have connection_pool installed in your application. "\
+        warn "You don't have connection_pool installed in your application. " \
              'Please add it to your Gemfile and run bundle install'
         raise e
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dalli
 version: !ruby/object:Gem::Version
-  version: 3.2.2
+  version: 3.2.3
 platform: ruby
 authors:
 - Peter M. Goldstein
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-15 00:00:00.000000000 Z
+date: 2022-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: connection_pool
@@ -151,8 +151,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - Gemfile
-- History.md
 - LICENSE
 - README.md
 - lib/dalli.rb
@@ -206,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.16
+rubygems_version: 3.3.24
 signing_key:
 specification_version: 4
 summary: High performance memcached client for Ruby