rack-utf8_sanitizer 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8aacddbd472d3669a350a888d96b382340503997
4
- data.tar.gz: 32941a3fd46aef0de4a1bccc0225d39f2761d745
3
+ metadata.gz: a21608edab6e71fde026d8c9b5fdf6afaeb831ab
4
+ data.tar.gz: d3648a488dd74a3ea6357d39cc87b1d486af2c1c
5
5
  SHA512:
6
- metadata.gz: 2a119e6e461f8e7e86616181dc2853197a7352e06547847c5db200d47d6e362169243d258b85a0ea3adffc0fd662d8ad86f2f8ac3cf1f79fc849e22f90f41c65
7
- data.tar.gz: 1c4d8edd9653403602449aee577ff34f2c603d3c920e6f149d728f6dbef4861ff63b92debe1d6be9ba3eb78365afffaa352aaff3f550b3d6b01401f327bc7122
6
+ metadata.gz: 8c8c7e485b0ca9584951b2689b090feaf4441eb96c1fb5ee3fd8f7c79bddcb4bf4d005b69e56a1fd0675b1e96de07dca21906ccca4b255e3893007278e819afe
7
+ data.tar.gz: b8dcdd43af94a1277b978184ba8e5b26c782f269f646805839d102cf216f7e8d1e375a4104ace50357c23c3761afd00acaef441ac13bcc05ae1555e719e71079
@@ -10,6 +10,21 @@ Features implemented:
10
10
 
11
11
  Bugs fixed:
12
12
 
13
+ v1.3.1 (2015-07-09)
14
+ -------------------------
15
+
16
+ Bugs fixed:
17
+ * Make sure Content-Length is adjusted. (Samuel Cochran, #26)
18
+
19
+ v1.3.0 (2015-01-26)
20
+ -------------------------
21
+
22
+ v1.2.4 (2014-11-29)
23
+ -------------------------
24
+
25
+ v1.2.3 (2014-10-08)
26
+ -------------------------
27
+
13
28
  v1.2.2 (2014-07-10)
14
29
  -------------------------
15
30
 
@@ -62,7 +62,13 @@ module Rack
62
62
  content_type &&= content_type.downcase
63
63
  return unless SANITIZABLE_CONTENT_TYPES.any? {|type| content_type == type }
64
64
  uri_encoded = URI_ENCODED_CONTENT_TYPES.any? {|type| content_type == type}
65
- env['rack.input'] &&= sanitize_io(env['rack.input'], uri_encoded)
65
+
66
+ if env["rack.input"]
67
+ sanitized_input = sanitize_io(env['rack.input'], uri_encoded)
68
+
69
+ env['rack.input'] = sanitized_input
70
+ env['CONTENT_LENGTH'] &&= sanitized_input.size.to_s
71
+ end
66
72
  end
67
73
 
68
74
  # Modeled after Rack::RewindableInput
@@ -72,18 +78,28 @@ module Rack
72
78
  @original_io = original_io
73
79
  @sanitized_io = sanitized_io
74
80
  end
81
+
75
82
  def gets
76
83
  @sanitized_io.gets
77
84
  end
85
+
78
86
  def read(*args)
79
87
  @sanitized_io.read(*args)
80
88
  end
89
+
81
90
  def each(&block)
82
91
  @sanitized_io.each(&block)
83
92
  end
93
+
84
94
  def rewind
85
95
  @sanitized_io.rewind
86
96
  end
97
+
98
+ def size
99
+ # StringIO#size is bytesize
100
+ @sanitized_io.size
101
+ end
102
+
87
103
  def close
88
104
  @sanitized_io.close
89
105
  @original_io.close if @original_io.respond_to?(:close)
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = "rack-utf8_sanitizer"
5
- gem.version = '1.3.0'
5
+ gem.version = '1.3.1'
6
6
  gem.authors = ["Peter Zotov"]
7
7
  gem.email = ["whitequark@whitequark.org"]
8
8
  gem.description = %{Rack::UTF8Sanitizer is a Rack middleware which cleans up } <<
@@ -178,17 +178,20 @@ describe Rack::UTF8Sanitizer do
178
178
  "rack.input" => @rack_input,
179
179
  }
180
180
  end
181
+
181
182
  def sanitize_form_data(request_env = request_env)
182
- @uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
183
- env = @app.(request_env)
184
- sanitized_input = env['rack.input'].read
183
+ @uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
184
+ @response_env = @app.(request_env)
185
+ sanitized_input = @response_env['rack.input'].read
186
+
185
187
  yield sanitized_input if block_given?
186
- env['rack.input'].rewind
188
+
189
+ @response_env['rack.input'].rewind
187
190
  behaves_like :does_sanitize_plain
188
191
  behaves_like :does_sanitize_uri
189
192
  behaves_like :identity_plain
190
193
  behaves_like :identity_uri
191
- env['rack.input'].close
194
+ @response_env['rack.input'].close
192
195
  end
193
196
 
194
197
  it "sanitizes StringIO rack.input" do
@@ -288,5 +291,15 @@ describe Rack::UTF8Sanitizer do
288
291
  end
289
292
  end
290
293
 
294
+ it "adjusts content-length when replacing input" do
295
+ input = "foo=bla&quux=bar\xED"
296
+ @rack_input = StringIO.new input
297
+
298
+ env = request_env.update("CONTENT_LENGTH" => input.bytesize)
299
+ sanitize_form_data(env) do |sanitized_input|
300
+ sanitized_input.bytesize.should != input.bytesize
301
+ @response_env["CONTENT_LENGTH"].should == sanitized_input.bytesize.to_s
302
+ end
303
+ end
291
304
  end
292
305
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-utf8_sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Zotov
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-27 00:00:00.000000000 Z
11
+ date: 2015-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -103,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
103
103
  version: '0'
104
104
  requirements: []
105
105
  rubyforge_project:
106
- rubygems_version: 2.4.1
106
+ rubygems_version: 2.4.6
107
107
  signing_key:
108
108
  specification_version: 4
109
109
  summary: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters