rack 1.4.1 → 1.4.2

data/lib/rack/reloader.rb

@@ -101,7 +101,7 @@ module Rack
         return unless file
         stat = ::File.stat(file)
         return file, stat if stat.file?
-      rescue Errno::ENOENT, Errno::ENOTDIR
+      rescue Errno::ENOENT, Errno::ENOTDIR, Errno::ESRCH
         @cache.delete(file) and false
       end
     end

data/lib/rack/request.rb

@@ -260,12 +260,10 @@ module Rack
       #   the Cookie header such that those with more specific Path attributes
       #   precede those with less specific.  Ordering with respect to other
       #   attributes (e.g., Domain) is unspecified.
-      Utils.parse_query(string, ';,').each { |k,v| hash[k] = Array === v ? v.first : v }
+      cookies = Utils.parse_query(string, ';,') { |s| Rack::Utils.unescape(s) rescue s }
+      cookies.each { |k,v| hash[k] = Array === v ? v.first : v }
       @env["rack.request.cookie_string"] = string
       hash
-    rescue => error
-      error.message.replace "cannot parse Cookie header: #{error.message}"
-      raise
     end
 
     def xhr?

data/lib/rack/response.rb

@@ -74,9 +74,10 @@ module Rack
       if [204, 205, 304].include?(status.to_i)
         header.delete "Content-Type"
         header.delete "Content-Length"
+        close
         [status.to_i, header, []]
       else
-        [status.to_i, header, self]
+        [status.to_i, header, BodyProxy.new(self){}]
       end
     end
     alias to_a finish           # For *response

data/lib/rack/server.rb

@@ -26,7 +26,7 @@ module Rack
 
           opts.on("-I", "--include PATH",
                   "specify $LOAD_PATH (may be used more than once)") { |path|
-            options[:include] = path.split(":")
+            (options[:include] ||= []).concat(path.split(":"))
           }
 
           opts.on("-r", "--require LIBRARY",
@@ -247,11 +247,14 @@ module Rack
         pp app
       end
 
+      check_pid! if options[:pid]
+
       # Touch the wrapped app, so that the config.ru is loaded before
       # daemonization (i.e. before chdir, etc).
       wrapped_app
 
       daemonize_app if options[:daemonize]
+
       write_pid if options[:pid]
 
       trap(:INT) do
@@ -274,7 +277,7 @@ module Rack
         options = default_options
 
         # Don't evaluate CGI ISINDEX parameters.
-        # http://hoohoo.ncsa.uiuc.edu/cgi/cl.html
+        # http://www.meb.uni-bonn.de/docs/cgi/cl.html
         args.clear if ENV.include?("REQUEST_METHOD")
 
         options.merge! opt_parser.parse!(args)
@@ -319,5 +322,28 @@ module Rack
         ::File.open(options[:pid], 'w'){ |f| f.write("#{Process.pid}") }
         at_exit { ::File.delete(options[:pid]) if ::File.exist?(options[:pid]) }
       end
+
+      def check_pid!
+        case pidfile_process_status
+        when :running, :not_owned
+          $stderr.puts "A server is already running. Check #{options[:pid]}."
+          exit(1)
+        when :dead
+          ::File.delete(options[:pid])
+        end
+      end
+
+      def pidfile_process_status
+        return :exited unless ::File.exist?(options[:pid])
+
+        pid = ::File.read(options[:pid]).to_i
+        Process.kill(0, pid)
+        :running
+      rescue Errno::ESRCH
+        :dead
+      rescue Errno::EPERM
+        :not_owned
+      end
+
   end
 end

data/lib/rack/session/abstract/id.rb

@@ -116,6 +116,11 @@ module Rack
           super
         end
 
+        def merge!(hash)
+          load_for_write!
+          super
+        end
+
       private
 
         def load_for_read!

data/lib/rack/session/cookie.rb

@@ -82,6 +82,15 @@ module Rack
 
       def initialize(app, options={})
         @secrets = options.values_at(:secret, :old_secret).compact
+        warn <<-MSG unless @secrets.size >= 1
+        SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
+        This poses a security threat. It is strongly recommended that you
+        provide a secret to prevent exploits that may be possible from crafted
+        cookies. This will not be supported in future versions of Rack, and
+        future versions will even invalidate your existing user cookies.
+
+        Called from: #{caller[0]}.
+        MSG
         @coder  = options[:coder] ||= Base64::Marshal.new
         super(app, options.merge!(:cookie_only => true))
       end

data/lib/rack/static.rb

@@ -26,13 +26,58 @@ module Rack
   # directory but uses index.html as default route for "/"
   #
   #     use Rack::Static, :urls => [""], :root => 'public', :index =>
-  #     'public/index.html'
+  #     'index.html'
   #
-  # Set a fixed Cache-Control header for all served files:
+  # Set custom HTTP Headers for based on rules:
   #
-  #     use Rack::Static, :root => 'public', :cache_control => 'public'
+  #     use Rack::Static, :root => 'public',
+  #         :header_rules => [
+  #           [rule, {header_field => content, header_field => content}],
+  #           [rule, {header_field => content}]
+  #         ]
+  #
+  #  Rules for selecting files:
+  #
+  #  1) All files
+  #     Provide the :all symbol
+  #     :all => Matches every file
+  #
+  #  2) Folders
+  #     Provide the folder path as a string
+  #     '/folder' or '/folder/subfolder' => Matches files in a certain folder
+  #
+  #  3) File Extensions
+  #     Provide the file extensions as an array
+  #     ['css', 'js'] or %w(css js) => Matches files ending in .css or .js
+  #
+  #  4) Regular Expressions / Regexp
+  #     Provide a regular expression
+  #     %r{\.(?:css|js)\z} => Matches files ending in .css or .js
+  #     /\.(?:eot|ttf|otf|woff|svg)\z/ => Matches files ending in
+  #       the most common web font formats (.eot, .ttf, .otf, .woff, .svg)
+  #       Note: This Regexp is available as a shortcut, using the :fonts rule
+  #
+  #  5) Font Shortcut
+  #     Provide the :fonts symbol
+  #     :fonts => Uses the Regexp rule stated right above to match all common web font endings
+  #
+  #  Rule Ordering:
+  #    Rules are applied in the order that they are provided.
+  #    List rather general rules above special ones.
+  #
+  #  Complete example use case including HTTP header rules:
+  #
+  #     use Rack::Static, :root => 'public',
+  #         :header_rules => [
+  #           # Cache all static files in public caches (e.g. Rack::Cache)
+  #           #  as well as in the browser
+  #           [:all, {'Cache-Control' => 'public, max-age=31536000'}],
+  #
+  #           # Provide web fonts with cross-origin access-control-headers
+  #           #  Firefox requires this when serving assets using a Content Delivery Network
+  #           [:fonts, {'Access-Control-Allow-Origin' => '*'}]
+  #         ]
   #
-
   class Static
 
     def initialize(app, options={})
@@ -40,12 +85,18 @@ module Rack
       @urls = options[:urls] || ["/favicon.ico"]
       @index = options[:index]
       root = options[:root] || Dir.pwd
-      cache_control = options[:cache_control]
-      @file_server = Rack::File.new(root, cache_control)
+
+      # HTTP Headers
+      @header_rules = options[:header_rules] || []
+      # Allow for legacy :cache_control option while prioritizing global header_rules setting
+      @header_rules.insert(0, [:all, {'Cache-Control' => options[:cache_control]}]) if options[:cache_control]
+      @headers = {}
+
+      @file_server = Rack::File.new(root, @headers)
     end
 
     def overwrite_file_path(path)
-      @urls.kind_of?(Hash) && @urls.key?(path) || @index && path == '/'
+      @urls.kind_of?(Hash) && @urls.key?(path) || @index && path =~ /\/$/
     end
 
     def route_file(path)
@@ -60,12 +111,43 @@ module Rack
       path = env["PATH_INFO"]
 
       if can_serve(path)
-        env["PATH_INFO"] = (path == '/' ? @index : @urls[path]) if overwrite_file_path(path)
+        env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)
+        @path = env["PATH_INFO"]
+        apply_header_rules
         @file_server.call(env)
       else
         @app.call(env)
       end
     end
 
+    # Convert HTTP header rules to HTTP headers
+    def apply_header_rules
+      @header_rules.each do |rule, headers|
+        apply_rule(rule, headers)
+      end
+    end
+
+    def apply_rule(rule, headers)
+      case rule
+      when :all    # All files
+        set_headers(headers)
+      when :fonts  # Fonts Shortcut
+        set_headers(headers) if @path.match(/\.(?:ttf|otf|eot|woff|svg)\z/)
+      when String  # Folder
+        path = ::Rack::Utils.unescape(@path)
+        set_headers(headers) if (path.start_with?(rule) || path.start_with?('/' + rule))
+      when Array   # Extension/Extensions
+        extensions = rule.join('|')
+        set_headers(headers) if @path.match(/\.(#{extensions})\z/)
+      when Regexp  # Flexible Regexp
+        set_headers(headers) if @path.match(rule)
+      else
+      end
+    end
+
+    def set_headers(headers)
+      headers.each { |field, content| @headers[field] = content }
+    end
+
   end
 end

data/lib/rack/utils.rb

@@ -5,11 +5,14 @@ require 'tempfile'
 require 'rack/multipart'
 
 major, minor, patch = RUBY_VERSION.split('.').map { |v| v.to_i }
+ruby_engine = defined?(RUBY_ENGINE) ? RUBY_ENGINE : 'ruby'
 
 if major == 1 && minor < 9
   require 'rack/backports/uri/common_18'
-elsif major == 1 && minor == 9 && patch < 3
+elsif major == 1 && minor == 9 && patch == 2 && RUBY_PATCHLEVEL <= 320 && RUBY_ENGINE != 'jruby'
   require 'rack/backports/uri/common_192'
+elsif major == 1 && minor == 9 && patch == 3 && RUBY_PATCHLEVEL < 125
+  require 'rack/backports/uri/common_193'
 else
   require 'uri/common'
 end
@@ -60,11 +63,15 @@ module Rack
     # and ';' characters.  You can also use this to parse
     # cookies by changing the characters used in the second
     # parameter (which defaults to '&;').
-    def parse_query(qs, d = nil)
+    def parse_query(qs, d = nil, &unescaper)
+      unescaper ||= method(:unescape)
+
       params = KeySpaceConstrainedParams.new
 
       (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
-        k, v = p.split('=', 2).map { |x| unescape(x) }
+        next if p.empty?
+        k, v = p.split('=', 2).map(&unescaper)
+        next unless k || v
 
         if cur = params[k]
           if cur.class == Array
@@ -309,16 +316,16 @@ module Rack
     def byte_ranges(env, size)
       # See <http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35>
       http_range = env['HTTP_RANGE']
-      return nil unless http_range
+      return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
-      http_range.split(/,\s*/).each do |range_spec|
-        matches = range_spec.match(/bytes=(\d*)-(\d*)/)
-        return nil  unless matches
-        r0,r1 = matches[1], matches[2]
+      $1.split(/,\s*/).each do |range_spec|
+        return nil  unless range_spec =~ /(\d*)-(\d*)/
+        r0,r1 = $1, $2
         if r0.empty?
           return nil  if r1.empty?
           # suffix-byte-range-spec, represents trailing suffix of file
-          r0 = [size - r1.to_i, 0].max
+          r0 = size - r1.to_i
+          r0 = 0  if r0 < 0
           r1 = size - 1
         else
           r0 = r0.to_i
@@ -442,7 +449,7 @@ module Rack
       end
 
       def []=(key, value)
-        @size += key.size unless @params.key?(key)
+        @size += key.size if key && !@params.key?(key)
         raise RangeError, 'exceeded available parameter key space' if @size > @limit
         @params[key] = value
       end

data/rack.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = "rack"
-  s.version         = "1.4.1"
+  s.version         = "1.4.2"
   s.platform        = Gem::Platform::RUBY
   s.summary         = "a modular Ruby webserver interface"
 
@@ -11,7 +11,7 @@ the simplest way possible, it unifies and distills the API for web
 servers, web frameworks, and software in between (the so-called
 middleware) into a single method call.
 
-Also see http://rack.rubyforge.org.
+Also see http://rack.github.com/.
 EOF
 
   s.files           = Dir['{bin/*,contrib/*,example/*,lib/**/*,test/**/*}'] +
@@ -24,7 +24,7 @@ EOF
 
   s.author          = 'Christian Neukirchen'
   s.email           = 'chneukirchen@gmail.com'
-  s.homepage        = 'http://rack.rubyforge.org'
+  s.homepage        = 'http://rack.github.com/'
   s.rubyforge_project = 'rack'
 
   s.add_development_dependency 'bacon'

data/test/builder/line.ru

@@ -0,0 +1 @@
+run lambda{ |env| [200, {'Content-Type' => 'text/plain'}, [__LINE__.to_s]] }

data/test/cgi/assets/folder/test.js

@@ -0,0 +1 @@
+### TestFile ###

data/test/cgi/assets/fonts/font.eot

@@ -0,0 +1 @@
+### TestFile ###

data/test/cgi/assets/images/image.png

@@ -0,0 +1 @@
+### TestFile ###

data/test/cgi/assets/index.html

@@ -0,0 +1 @@
+### TestFile ###

data/test/cgi/assets/javascripts/app.js

@@ -0,0 +1 @@
+### TestFile ###

data/test/cgi/assets/stylesheets/app.css

@@ -0,0 +1 @@
+### TestFile ###

data/test/spec_auth_basic.rb

@@ -66,6 +66,14 @@ describe Rack::Auth::Basic do
     end
   end
 
+  should 'return 400 Bad Request for a malformed authorization header' do
+    request 'HTTP_AUTHORIZATION' => '' do |response|
+      response.should.be.a.client_error
+      response.status.should.equal 400
+      response.should.not.include 'WWW-Authenticate'
+    end
+  end
+
   it 'takes realm as optional constructor arg' do
     app = Rack::Auth::Basic.new(unprotected_app, realm) { true }
     realm.should == app.realm

data/test/spec_auth_digest.rb

@@ -153,6 +153,20 @@ describe Rack::Auth::Digest::MD5 do
     end
   end
 
+  should 'not rechallenge if nonce is not stale' do
+    begin
+      Rack::Auth::Digest::Nonce.time_limit = 10
+
+      request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 1 do |response|
+        response.status.should.equal 200
+        response.body.to_s.should.equal 'Hi Alice'
+        response.headers['WWW-Authenticate'].should.not =~ /\bstale=true\b/
+      end
+    ensure
+      Rack::Auth::Digest::Nonce.time_limit = nil
+    end
+  end
+
   should 'rechallenge with stale parameter if nonce is stale' do
     begin
       Rack::Auth::Digest::Nonce.time_limit = 1

data/test/spec_body_proxy.rb

@@ -62,4 +62,8 @@ describe Rack::BodyProxy do
     proxy.close
     closed.should.equal true
   end
+
+  should 'provide an #each method' do
+    Rack::BodyProxy.method_defined?(:each).should.equal true
+  end
 end

data/test/spec_builder.rb

@@ -193,9 +193,15 @@ describe Rack::Builder do
 
     it "requires anything not ending in .ru" do
       $: << File.dirname(__FILE__)
-      app, options = Rack::Builder.parse_file 'builder/anything'
+      app, * = Rack::Builder.parse_file 'builder/anything'
       Rack::MockRequest.new(app).get("/").body.to_s.should.equal 'OK'
       $:.pop
     end
+
+    it "sets __LINE__ correctly" do
+      app, options = Rack::Builder.parse_file config_file('line.ru')
+      options = nil # ignored, prevents warning
+      Rack::MockRequest.new(app).get("/").body.to_s.should.equal '1'
+    end
   end
 end

data/test/spec_cascade.rb

@@ -50,4 +50,12 @@ describe Rack::Cascade do
     cascade << app3
     Rack::MockRequest.new(cascade).get('/foo').should.be.ok
   end
+
+  should "close the body on cascade" do
+    body = StringIO.new
+    closer = lambda { |env| [404, {}, body] }
+    cascade = Rack::Cascade.new([closer, app3], [404])
+    Rack::MockRequest.new(cascade).get("/foo").should.be.ok
+    body.should.be.closed
+  end
 end