rack-utf8_sanitizer 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/rack/utf8_sanitizer.rb +17 -1
- data/rack-utf8_sanitizer.gemspec +1 -1
- data/test/test_utf8_sanitizer.rb +18 -5
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a21608edab6e71fde026d8c9b5fdf6afaeb831ab
|
|
4
|
+
data.tar.gz: d3648a488dd74a3ea6357d39cc87b1d486af2c1c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8c8c7e485b0ca9584951b2689b090feaf4441eb96c1fb5ee3fd8f7c79bddcb4bf4d005b69e56a1fd0675b1e96de07dca21906ccca4b255e3893007278e819afe
|
|
7
|
+
data.tar.gz: b8dcdd43af94a1277b978184ba8e5b26c782f269f646805839d102cf216f7e8d1e375a4104ace50357c23c3761afd00acaef441ac13bcc05ae1555e719e71079
|
data/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,21 @@ Features implemented:
|
|
|
10
10
|
|
|
11
11
|
Bugs fixed:
|
|
12
12
|
|
|
13
|
+
v1.3.1 (2015-07-09)
|
|
14
|
+
-------------------------
|
|
15
|
+
|
|
16
|
+
Bugs fixed:
|
|
17
|
+
* Make sure Content-Length is adjusted. (Samuel Cochran, #26)
|
|
18
|
+
|
|
19
|
+
v1.3.0 (2015-01-26)
|
|
20
|
+
-------------------------
|
|
21
|
+
|
|
22
|
+
v1.2.4 (2014-11-29)
|
|
23
|
+
-------------------------
|
|
24
|
+
|
|
25
|
+
v1.2.3 (2014-10-08)
|
|
26
|
+
-------------------------
|
|
27
|
+
|
|
13
28
|
v1.2.2 (2014-07-10)
|
|
14
29
|
-------------------------
|
|
15
30
|
|
data/lib/rack/utf8_sanitizer.rb
CHANGED
|
@@ -62,7 +62,13 @@ module Rack
|
|
|
62
62
|
content_type &&= content_type.downcase
|
|
63
63
|
return unless SANITIZABLE_CONTENT_TYPES.any? {|type| content_type == type }
|
|
64
64
|
uri_encoded = URI_ENCODED_CONTENT_TYPES.any? {|type| content_type == type}
|
|
65
|
-
|
|
65
|
+
|
|
66
|
+
if env["rack.input"]
|
|
67
|
+
sanitized_input = sanitize_io(env['rack.input'], uri_encoded)
|
|
68
|
+
|
|
69
|
+
env['rack.input'] = sanitized_input
|
|
70
|
+
env['CONTENT_LENGTH'] &&= sanitized_input.size.to_s
|
|
71
|
+
end
|
|
66
72
|
end
|
|
67
73
|
|
|
68
74
|
# Modeled after Rack::RewindableInput
|
|
@@ -72,18 +78,28 @@ module Rack
|
|
|
72
78
|
@original_io = original_io
|
|
73
79
|
@sanitized_io = sanitized_io
|
|
74
80
|
end
|
|
81
|
+
|
|
75
82
|
def gets
|
|
76
83
|
@sanitized_io.gets
|
|
77
84
|
end
|
|
85
|
+
|
|
78
86
|
def read(*args)
|
|
79
87
|
@sanitized_io.read(*args)
|
|
80
88
|
end
|
|
89
|
+
|
|
81
90
|
def each(&block)
|
|
82
91
|
@sanitized_io.each(&block)
|
|
83
92
|
end
|
|
93
|
+
|
|
84
94
|
def rewind
|
|
85
95
|
@sanitized_io.rewind
|
|
86
96
|
end
|
|
97
|
+
|
|
98
|
+
def size
|
|
99
|
+
# StringIO#size is bytesize
|
|
100
|
+
@sanitized_io.size
|
|
101
|
+
end
|
|
102
|
+
|
|
87
103
|
def close
|
|
88
104
|
@sanitized_io.close
|
|
89
105
|
@original_io.close if @original_io.respond_to?(:close)
|
data/rack-utf8_sanitizer.gemspec
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |gem|
|
|
4
4
|
gem.name = "rack-utf8_sanitizer"
|
|
5
|
-
gem.version = '1.3.
|
|
5
|
+
gem.version = '1.3.1'
|
|
6
6
|
gem.authors = ["Peter Zotov"]
|
|
7
7
|
gem.email = ["whitequark@whitequark.org"]
|
|
8
8
|
gem.description = %{Rack::UTF8Sanitizer is a Rack middleware which cleans up } <<
|
data/test/test_utf8_sanitizer.rb
CHANGED
|
@@ -178,17 +178,20 @@ describe Rack::UTF8Sanitizer do
|
|
|
178
178
|
"rack.input" => @rack_input,
|
|
179
179
|
}
|
|
180
180
|
end
|
|
181
|
+
|
|
181
182
|
def sanitize_form_data(request_env = request_env)
|
|
182
|
-
@uri_input
|
|
183
|
-
|
|
184
|
-
sanitized_input =
|
|
183
|
+
@uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
|
|
184
|
+
@response_env = @app.(request_env)
|
|
185
|
+
sanitized_input = @response_env['rack.input'].read
|
|
186
|
+
|
|
185
187
|
yield sanitized_input if block_given?
|
|
186
|
-
|
|
188
|
+
|
|
189
|
+
@response_env['rack.input'].rewind
|
|
187
190
|
behaves_like :does_sanitize_plain
|
|
188
191
|
behaves_like :does_sanitize_uri
|
|
189
192
|
behaves_like :identity_plain
|
|
190
193
|
behaves_like :identity_uri
|
|
191
|
-
|
|
194
|
+
@response_env['rack.input'].close
|
|
192
195
|
end
|
|
193
196
|
|
|
194
197
|
it "sanitizes StringIO rack.input" do
|
|
@@ -288,5 +291,15 @@ describe Rack::UTF8Sanitizer do
|
|
|
288
291
|
end
|
|
289
292
|
end
|
|
290
293
|
|
|
294
|
+
it "adjusts content-length when replacing input" do
|
|
295
|
+
input = "foo=bla&quux=bar\xED"
|
|
296
|
+
@rack_input = StringIO.new input
|
|
297
|
+
|
|
298
|
+
env = request_env.update("CONTENT_LENGTH" => input.bytesize)
|
|
299
|
+
sanitize_form_data(env) do |sanitized_input|
|
|
300
|
+
sanitized_input.bytesize.should != input.bytesize
|
|
301
|
+
@response_env["CONTENT_LENGTH"].should == sanitized_input.bytesize.to_s
|
|
302
|
+
end
|
|
303
|
+
end
|
|
291
304
|
end
|
|
292
305
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-utf8_sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Zotov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-07-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -103,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
103
|
version: '0'
|
|
104
104
|
requirements: []
|
|
105
105
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.4.
|
|
106
|
+
rubygems_version: 2.4.6
|
|
107
107
|
signing_key:
|
|
108
108
|
specification_version: 4
|
|
109
109
|
summary: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters
|