rack-utf8_sanitizer 1.2.1 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +13 -5
  2. data/CHANGELOG.md +24 -0
  3. data/README.md +1 -1
  4. data/lib/rack/utf8_sanitizer.rb +3 -8
  5. data/rack-utf8_sanitizer.gemspec +2 -1
  6. data/test/test_utf8_sanitizer.rb +11 -0
  7. metadata +27 -12
checksums.yaml CHANGED
@@ -1,7 +1,15 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: be92627f205eac2e80ab554ad5add8ca2a084026
4
- data.tar.gz: 5325281ed65e1e17d74cabbb75df877e0387e2e8
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NzExYTVlMDA4NWYyMTdiMTUzYjVlMjk1N2NjZGRiODQ1NWQ5ZTJmNA==
5
+ data.tar.gz: !binary |-
6
+ MGZjMzRmYTVhZmYwNWMzNGM3YzcyOGMyMzRlMjcyODgyMTE3MmM2Ng==
5
7
  SHA512:
6
- metadata.gz: a3cc3842501b3c7e7bd4da92ae81432a6b6d014ab4af8a828a4269d781554fdb774e6c7fe3dd19ea582d959ea8d3093abc1984882587aede7084bf6e3381c10c
7
- data.tar.gz: 108c557d20ce9c4716ae5d89fcd2878b8eb6ef3cd8a359d3e240a2cef575ef9a69a9cd129f8ab00bbde5628badb5f4d7f3f374badcaa04693162fa2f40531ac0
8
+ metadata.gz: !binary |-
9
+ Y2JiOWI0YjJhN2RkZDhkZGYwMjI5NWQyNDA1OThjOGIwNmY3Nzc3NGUzNTM2
10
+ Mjk1YzlhZjI5NTUwZjhjYWQ3OTNjNGY1YjA2OTc5NTYwODY5MDk0MjMwM2Yy
11
+ NDIyZGUwYTYzNTdhMDBjZmEyMjQxNTYzMzQwYzBmMTI2NzIxZTY=
12
+ data.tar.gz: !binary |-
13
+ NmNlYjBkODg3NzMyZmViYzkwZDg5OWFhNWY0M2UxZmY2YjJiYWY2ZjdiNWE2
14
+ OTkxMDNlMDg0OTQxMzZhNTg0NWM0YmMwYzUwN2Q4MmI1YzVjNzNiNzI5YmI0
15
+ NWYyY2M0MTQxZmRjYjAzNjY3ZmQ5ZjI3N2QxZTZkMjRlNWE5NzY=
data/CHANGELOG.md ADDED
@@ -0,0 +1,24 @@
1
+ Changelog
2
+ =========
3
+
4
+ Master
5
+ -------------------------
6
+
7
+ API modifications:
8
+
9
+ Features implemented:
10
+
11
+ Bugs fixed:
12
+
13
+ v1.2.2 (2014-07-10)
14
+ -------------------------
15
+
16
+ Features implemented:
17
+ * Sanitize request body for all HTTP verbs. (Nathaniel Talbott, #15)
18
+ * Add `application/json` and `text/javascript` as sanitizable content types. (Benjamin Fleischer, #12)
19
+
20
+ Bugs fixed:
21
+ * Ensure Rack::UTF8 Sanitizer is first middleware. (Aaron Renner, #13)
22
+
23
+ v1.2.1 (2014-05-27)
24
+ -------------------------
data/README.md CHANGED
@@ -19,7 +19,7 @@ Or install it yourself as:
19
19
  For Rails, add this to your `application.rb`:
20
20
 
21
21
  ``` ruby
22
- config.middleware.insert_before "Rack::Runtime", Rack::UTF8Sanitizer
22
+ config.middleware.insert 0, Rack::UTF8Sanitizer
23
23
  ```
24
24
 
25
25
  For Rack apps, add this to `config.ru`:
data/lib/rack/utf8_sanitizer.rb CHANGED
@@ -26,17 +26,12 @@ module Rack
26
26
  SANITIZABLE_CONTENT_TYPES = %w(
27
27
  text/plain
28
28
  application/x-www-form-urlencoded
29
+ application/json
30
+ text/javascript
29
31
  )
30
32
 
31
- # MRI-optimization
32
- POST = 'POST'
33
- PUT = 'PUT'
34
-
35
33
  def sanitize(env)
36
- request_method = env['REQUEST_METHOD']
37
- if request_method == POST || request_method == PUT
38
- sanitize_rack_input(env)
39
- end
34
+ sanitize_rack_input(env)
40
35
  env.each do |key, value|
41
36
  if URI_FIELDS.include?(key)
42
37
  env[key] = transfer_frozen(value,
data/rack-utf8_sanitizer.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = "rack-utf8_sanitizer"
5
- gem.version = '1.2.1'
5
+ gem.version = '1.2.2'
6
6
  gem.authors = ["Peter Zotov"]
7
7
  gem.email = ["whitequark@whitequark.org"]
8
8
  gem.description = %{Rack::UTF8Sanitizer is a Rack middleware which cleans up } <<
@@ -21,4 +21,5 @@ Gem::Specification.new do |gem|
21
21
 
22
22
  gem.add_development_dependency "bacon"
23
23
  gem.add_development_dependency "bacon-colored_output"
24
+ gem.add_development_dependency "rake"
24
25
  end
data/test/test_utf8_sanitizer.rb CHANGED
@@ -186,6 +186,17 @@ describe Rack::UTF8Sanitizer do
186
186
  end
187
187
  end
188
188
 
189
+ it "sanitizes StringIO rack.input on GET" do
190
+ input = "foo=bla&quux=bar"
191
+ @rack_input = StringIO.new input
192
+
193
+ sanitize_form_data(request_env.merge("REQUEST_METHOD" => "GET")) do |sanitized_input|
194
+ sanitized_input.encoding.should == Encoding::UTF_8
195
+ sanitized_input.should.be.valid_encoding
196
+ sanitized_input.should == input
197
+ end
198
+ end
199
+
189
200
  it "sanitizes StringIO rack.input with bad encoding" do
190
201
  input = "foo=bla&quux=bar\xED"
191
202
  @rack_input = StringIO.new input
metadata CHANGED
@@ -1,55 +1,69 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-utf8_sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Zotov
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-05-27 00:00:00.000000000 Z
11
+ date: 2014-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ~>
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ~>
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bacon
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - ! '>='
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - ! '>='
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bacon-colored_output
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - ! '>='
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ! '>='
53
67
  - !ruby/object:Gem::Version
54
68
  version: '0'
55
69
  description: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8
@@ -60,8 +74,9 @@ executables: []
60
74
  extensions: []
61
75
  extra_rdoc_files: []
62
76
  files:
63
- - ".gitignore"
64
- - ".travis.yml"
77
+ - .gitignore
78
+ - .travis.yml
79
+ - CHANGELOG.md
65
80
  - Gemfile
66
81
  - LICENSE.txt
67
82
  - README.md
@@ -78,12 +93,12 @@ require_paths:
78
93
  - lib
79
94
  required_ruby_version: !ruby/object:Gem::Requirement
80
95
  requirements:
81
- - - ">="
96
+ - - ! '>='
82
97
  - !ruby/object:Gem::Version
83
98
  version: '1.9'
84
99
  required_rubygems_version: !ruby/object:Gem::Requirement
85
100
  requirements:
86
- - - ">="
101
+ - - ! '>='
87
102
  - !ruby/object:Gem::Version
88
103
  version: '0'
89
104
  requirements: []