rack-utf8_sanitizer 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/rack/utf8_sanitizer.rb +17 -1
- data/rack-utf8_sanitizer.gemspec +1 -1
- data/test/test_utf8_sanitizer.rb +18 -5
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a21608edab6e71fde026d8c9b5fdf6afaeb831ab
|
4
|
+
data.tar.gz: d3648a488dd74a3ea6357d39cc87b1d486af2c1c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8c8c7e485b0ca9584951b2689b090feaf4441eb96c1fb5ee3fd8f7c79bddcb4bf4d005b69e56a1fd0675b1e96de07dca21906ccca4b255e3893007278e819afe
|
7
|
+
data.tar.gz: b8dcdd43af94a1277b978184ba8e5b26c782f269f646805839d102cf216f7e8d1e375a4104ace50357c23c3761afd00acaef441ac13bcc05ae1555e719e71079
|
data/CHANGELOG.md
CHANGED
@@ -10,6 +10,21 @@ Features implemented:
|
|
10
10
|
|
11
11
|
Bugs fixed:
|
12
12
|
|
13
|
+
v1.3.1 (2015-07-09)
|
14
|
+
-------------------------
|
15
|
+
|
16
|
+
Bugs fixed:
|
17
|
+
* Make sure Content-Length is adjusted. (Samuel Cochran, #26)
|
18
|
+
|
19
|
+
v1.3.0 (2015-01-26)
|
20
|
+
-------------------------
|
21
|
+
|
22
|
+
v1.2.4 (2014-11-29)
|
23
|
+
-------------------------
|
24
|
+
|
25
|
+
v1.2.3 (2014-10-08)
|
26
|
+
-------------------------
|
27
|
+
|
13
28
|
v1.2.2 (2014-07-10)
|
14
29
|
-------------------------
|
15
30
|
|
data/lib/rack/utf8_sanitizer.rb
CHANGED
@@ -62,7 +62,13 @@ module Rack
|
|
62
62
|
content_type &&= content_type.downcase
|
63
63
|
return unless SANITIZABLE_CONTENT_TYPES.any? {|type| content_type == type }
|
64
64
|
uri_encoded = URI_ENCODED_CONTENT_TYPES.any? {|type| content_type == type}
|
65
|
-
|
65
|
+
|
66
|
+
if env["rack.input"]
|
67
|
+
sanitized_input = sanitize_io(env['rack.input'], uri_encoded)
|
68
|
+
|
69
|
+
env['rack.input'] = sanitized_input
|
70
|
+
env['CONTENT_LENGTH'] &&= sanitized_input.size.to_s
|
71
|
+
end
|
66
72
|
end
|
67
73
|
|
68
74
|
# Modeled after Rack::RewindableInput
|
@@ -72,18 +78,28 @@ module Rack
|
|
72
78
|
@original_io = original_io
|
73
79
|
@sanitized_io = sanitized_io
|
74
80
|
end
|
81
|
+
|
75
82
|
def gets
|
76
83
|
@sanitized_io.gets
|
77
84
|
end
|
85
|
+
|
78
86
|
def read(*args)
|
79
87
|
@sanitized_io.read(*args)
|
80
88
|
end
|
89
|
+
|
81
90
|
def each(&block)
|
82
91
|
@sanitized_io.each(&block)
|
83
92
|
end
|
93
|
+
|
84
94
|
def rewind
|
85
95
|
@sanitized_io.rewind
|
86
96
|
end
|
97
|
+
|
98
|
+
def size
|
99
|
+
# StringIO#size is bytesize
|
100
|
+
@sanitized_io.size
|
101
|
+
end
|
102
|
+
|
87
103
|
def close
|
88
104
|
@sanitized_io.close
|
89
105
|
@original_io.close if @original_io.respond_to?(:close)
|
data/rack-utf8_sanitizer.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |gem|
|
4
4
|
gem.name = "rack-utf8_sanitizer"
|
5
|
-
gem.version = '1.3.
|
5
|
+
gem.version = '1.3.1'
|
6
6
|
gem.authors = ["Peter Zotov"]
|
7
7
|
gem.email = ["whitequark@whitequark.org"]
|
8
8
|
gem.description = %{Rack::UTF8Sanitizer is a Rack middleware which cleans up } <<
|
data/test/test_utf8_sanitizer.rb
CHANGED
@@ -178,17 +178,20 @@ describe Rack::UTF8Sanitizer do
|
|
178
178
|
"rack.input" => @rack_input,
|
179
179
|
}
|
180
180
|
end
|
181
|
+
|
181
182
|
def sanitize_form_data(request_env = request_env)
|
182
|
-
@uri_input
|
183
|
-
|
184
|
-
sanitized_input =
|
183
|
+
@uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
|
184
|
+
@response_env = @app.(request_env)
|
185
|
+
sanitized_input = @response_env['rack.input'].read
|
186
|
+
|
185
187
|
yield sanitized_input if block_given?
|
186
|
-
|
188
|
+
|
189
|
+
@response_env['rack.input'].rewind
|
187
190
|
behaves_like :does_sanitize_plain
|
188
191
|
behaves_like :does_sanitize_uri
|
189
192
|
behaves_like :identity_plain
|
190
193
|
behaves_like :identity_uri
|
191
|
-
|
194
|
+
@response_env['rack.input'].close
|
192
195
|
end
|
193
196
|
|
194
197
|
it "sanitizes StringIO rack.input" do
|
@@ -288,5 +291,15 @@ describe Rack::UTF8Sanitizer do
|
|
288
291
|
end
|
289
292
|
end
|
290
293
|
|
294
|
+
it "adjusts content-length when replacing input" do
|
295
|
+
input = "foo=bla&quux=bar\xED"
|
296
|
+
@rack_input = StringIO.new input
|
297
|
+
|
298
|
+
env = request_env.update("CONTENT_LENGTH" => input.bytesize)
|
299
|
+
sanitize_form_data(env) do |sanitized_input|
|
300
|
+
sanitized_input.bytesize.should != input.bytesize
|
301
|
+
@response_env["CONTENT_LENGTH"].should == sanitized_input.bytesize.to_s
|
302
|
+
end
|
303
|
+
end
|
291
304
|
end
|
292
305
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-utf8_sanitizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Zotov
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-07-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -103,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
103
|
version: '0'
|
104
104
|
requirements: []
|
105
105
|
rubyforge_project:
|
106
|
-
rubygems_version: 2.4.
|
106
|
+
rubygems_version: 2.4.6
|
107
107
|
signing_key:
|
108
108
|
specification_version: 4
|
109
109
|
summary: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters
|