RubyGems - rack - Versions diffs - 1.4.7 → 2.1.4 - Mend

rack 1.4.7 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +77 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +122 -456
data/Rakefile +32 -31
data/SPEC +119 -29
data/bin/rackup +1 -0
data/contrib/rack_logo.svg +164 -111
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +4 -2
data/example/protectedlobster.ru +3 -1
data/lib/rack/auth/abstract/handler.rb +7 -5
data/lib/rack/auth/abstract/request.rb +8 -6
data/lib/rack/auth/basic.rb +5 -2
data/lib/rack/auth/digest/md5.rb +10 -8
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +5 -4
data/lib/rack/auth/digest/request.rb +4 -2
data/lib/rack/body_proxy.rb +11 -9
data/lib/rack/builder.rb +63 -20
data/lib/rack/cascade.rb +10 -9
data/lib/rack/chunked.rb +45 -11
data/lib/rack/{commonlogger.rb → common_logger.rb} +24 -15
data/lib/rack/{conditionalget.rb → conditional_get.rb} +20 -6
data/lib/rack/config.rb +7 -0
data/lib/rack/content_length.rb +12 -6
data/lib/rack/content_type.rb +4 -2
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +73 -42
data/lib/rack/directory.rb +77 -56
data/lib/rack/etag.rb +25 -13
data/lib/rack/events.rb +156 -0
data/lib/rack/file.rb +4 -143
data/lib/rack/files.rb +178 -0
data/lib/rack/handler/cgi.rb +18 -17
data/lib/rack/handler/fastcgi.rb +21 -17
data/lib/rack/handler/lsws.rb +14 -12
data/lib/rack/handler/scgi.rb +27 -21
data/lib/rack/handler/thin.rb +19 -5
data/lib/rack/handler/webrick.rb +66 -24
data/lib/rack/handler.rb +29 -19
data/lib/rack/head.rb +21 -14
data/lib/rack/lint.rb +259 -65
data/lib/rack/lobster.rb +17 -10
data/lib/rack/lock.rb +19 -10
data/lib/rack/logger.rb +4 -2
data/lib/rack/media_type.rb +43 -0
data/lib/rack/method_override.rb +52 -0
data/lib/rack/mime.rb +43 -6
data/lib/rack/mock.rb +109 -44
data/lib/rack/multipart/generator.rb +11 -12
data/lib/rack/multipart/parser.rb +302 -115
data/lib/rack/multipart/uploaded_file.rb +4 -3
data/lib/rack/multipart.rb +40 -9
data/lib/rack/null_logger.rb +39 -0
data/lib/rack/query_parser.rb +218 -0
data/lib/rack/recursive.rb +14 -11
data/lib/rack/reloader.rb +12 -5
data/lib/rack/request.rb +484 -270
data/lib/rack/response.rb +196 -77
data/lib/rack/rewindable_input.rb +5 -14
data/lib/rack/runtime.rb +13 -6
data/lib/rack/sendfile.rb +44 -20
data/lib/rack/server.rb +175 -61
data/lib/rack/session/abstract/id.rb +276 -133
data/lib/rack/session/cookie.rb +75 -40
data/lib/rack/session/memcache.rb +4 -87
data/lib/rack/session/pool.rb +24 -18
data/lib/rack/show_exceptions.rb +392 -0
data/lib/rack/{showstatus.rb → show_status.rb} +11 -9
data/lib/rack/static.rb +65 -38
data/lib/rack/tempfile_reaper.rb +24 -0
data/lib/rack/urlmap.rb +40 -15
data/lib/rack/utils.rb +316 -285
data/lib/rack.rb +78 -23
data/rack.gemspec +26 -19
metadata +44 -209
data/KNOWN-ISSUES +0 -30
data/lib/rack/backports/uri/common_18.rb +0 -56
data/lib/rack/backports/uri/common_192.rb +0 -52
data/lib/rack/backports/uri/common_193.rb +0 -29
data/lib/rack/handler/evented_mongrel.rb +0 -8
data/lib/rack/handler/mongrel.rb +0 -100
data/lib/rack/handler/swiftiplied_mongrel.rb +0 -8
data/lib/rack/methodoverride.rb +0 -33
data/lib/rack/nulllogger.rb +0 -18
data/lib/rack/showexceptions.rb +0 -378
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/lighttpd.errors +0 -1
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -8
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth.rb +0 -57
data/test/spec_auth_basic.rb +0 -81
data/test/spec_auth_digest.rb +0 -259
data/test/spec_body_proxy.rb +0 -69
data/test/spec_builder.rb +0 -207
data/test/spec_cascade.rb +0 -61
data/test/spec_cgi.rb +0 -102
data/test/spec_chunked.rb +0 -87
data/test/spec_commonlogger.rb +0 -57
data/test/spec_conditionalget.rb +0 -102
data/test/spec_config.rb +0 -22
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -45
data/test/spec_deflater.rb +0 -187
data/test/spec_directory.rb +0 -88
data/test/spec_etag.rb +0 -98
data/test/spec_fastcgi.rb +0 -107
data/test/spec_file.rb +0 -200
data/test/spec_handler.rb +0 -59
data/test/spec_head.rb +0 -48
data/test/spec_lint.rb +0 -515
data/test/spec_lobster.rb +0 -58
data/test/spec_lock.rb +0 -167
data/test/spec_logger.rb +0 -23
data/test/spec_methodoverride.rb +0 -72
data/test/spec_mock.rb +0 -269
data/test/spec_mongrel.rb +0 -182
data/test/spec_multipart.rb +0 -479
data/test/spec_nulllogger.rb +0 -23
data/test/spec_recursive.rb +0 -72
data/test/spec_request.rb +0 -955
data/test/spec_response.rb +0 -313
data/test/spec_rewindable_input.rb +0 -118
data/test/spec_runtime.rb +0 -49
data/test/spec_sendfile.rb +0 -90
data/test/spec_server.rb +0 -121
data/test/spec_session_abstract_id.rb +0 -43
data/test/spec_session_cookie.rb +0 -361
data/test/spec_session_memcache.rb +0 -321
data/test/spec_session_pool.rb +0 -209
data/test/spec_showexceptions.rb +0 -92
data/test/spec_showstatus.rb +0 -84
data/test/spec_static.rb +0 -145
data/test/spec_thin.rb +0 -86
data/test/spec_urlmap.rb +0 -213
data/test/spec_utils.rb +0 -554
data/test/spec_webrick.rb +0 -143
data/test/static/another/index.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/multipart/parser.rb CHANGED Viewed

@@ -1,184 +1,371 @@
+# frozen_string_literal: true
 require 'rack/utils'
+require 'strscan'
+require 'rack/core_ext/regexp'
 module Rack
   module Multipart
-    class MultipartLimitError < Errno::EMFILE; end
+    class MultipartPartLimitError < Errno::EMFILE; end
     class Parser
-      BUFSIZE = 16384
+      using ::Rack::RegexpExtensions
-      def initialize(env)
-        @env = env
-      end
+      BUFSIZE = 1_048_576
+      TEXT_PLAIN = "text/plain"
+      TEMPFILE_FACTORY = lambda { |filename, content_type|
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
+      }
+      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
-      def parse
-        return nil unless setup_parse
+      class BoundedIO # :nodoc:
+        def initialize(io, content_length)
+          @io             = io
+          @content_length = content_length
+          @cursor = 0
+        end
-        fast_forward_to_first_boundary
+        def read(size, outbuf = nil)
+          return if @cursor >= @content_length
-        opened_files = 0
-        loop do
+          left = @content_length - @cursor
-          head, filename, content_type, name, body =
-            get_current_head_and_filename_and_content_type_and_name_and_body
+          str = if left < size
+                  @io.read left, outbuf
+                else
+                  @io.read size, outbuf
+                end
-          if Utils.multipart_part_limit > 0
-            opened_files += 1 if filename
-            raise MultipartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+          if str
+            @cursor += str.bytesize
+          else
+            # Raise an error for mismatching Content-Length and actual contents
+            raise EOFError, "bad content body"
           end
-          # Save the rest.
-          if i = @buf.index(rx)
-            body << @buf.slice!(0, i)
-            @buf.slice!(0, @boundary_size+2)
+          str
+        end
+        def rewind
+          @io.rewind
+        end
+      end
+      MultipartInfo = Struct.new :params, :tmp_files
+      EMPTY         = MultipartInfo.new(nil, [])
+      def self.parse_boundary(content_type)
+        return unless content_type
+        data = content_type.match(MULTIPART)
+        return unless data
+        data[1]
+      end
+      def self.parse(io, content_length, content_type, tmpfile, bufsize, qp)
+        return EMPTY if 0 == content_length
+        boundary = parse_boundary content_type
+        return EMPTY unless boundary
+        io = BoundedIO.new(io, content_length) if content_length
+        outbuf = String.new
+        parser = new(boundary, tmpfile, bufsize, qp)
+        parser.on_read io.read(bufsize, outbuf)
+        loop do
+          break if parser.state == :DONE
+          parser.on_read io.read(bufsize, outbuf)
+        end
+        io.rewind
+        parser.result
+      end
+      class Collector
+        class MimePart < Struct.new(:body, :head, :filename, :content_type, :name)
+          def get_data
+            data = body
+            if filename == ""
+              # filename is blank which means no file has been selected
+              return
+            elsif filename
+              body.rewind if body.respond_to?(:rewind)
+              # Take the basename of the upload's original filename.
+              # This handles the full Windows paths given by Internet Explorer
+              # (and perhaps other broken user agents) without affecting
+              # those which give the lone filename.
+              fn = filename.split(/[\/\\]/).last
+              data = { filename: fn, type: content_type,
+                      name: name, tempfile: body, head: head }
+            elsif !filename && content_type && body.is_a?(IO)
+              body.rewind
+              # Generic multipart cases, not coming from a form
+              data = { type: content_type,
+                      name: name, tempfile: body, head: head }
+            end
-            @content_length = -1  if $1 == "--"
+            yield data
           end
+        end
-          filename, data = get_data(filename, body, content_type, name, head)
+        class BufferPart < MimePart
+          def file?; false; end
+          def close; end
+        end
-          Utils.normalize_params(@params, name, data) unless data.nil?
+        class TempfilePart < MimePart
+          def file?; true; end
+          def close; body.close; end
+        end
-          # break if we're at the end of a buffer, but not if it is the end of a field
-          break if (@buf.empty? && $1 != EOL) || @content_length == -1
+        include Enumerable
+        def initialize tempfile
+          @tempfile = tempfile
+          @mime_parts = []
+          @open_files = 0
         end
-        @io.rewind
+        def each
+          @mime_parts.each { |part| yield part }
+        end
-        @params.to_params_hash
-      end
+        def on_mime_head mime_index, head, filename, content_type, name
+          if filename
+            body = @tempfile.call(filename, content_type)
+            body.binmode if body.respond_to?(:binmode)
+            klass = TempfilePart
+            @open_files += 1
+          else
+            body = String.new
+            klass = BufferPart
+          end
-      private
-      def setup_parse
-        return false unless @env['CONTENT_TYPE'] =~ MULTIPART
+          @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
-        @boundary = "--#{$1}"
+          check_open_files
+        end
-        @buf = ""
-        @params = Utils::KeySpaceConstrainedParams.new
+        def on_mime_body mime_index, content
+          @mime_parts[mime_index].body << content
+        end
-        @io = @env['rack.input']
-        @io.rewind
+        def on_mime_finish mime_index
+        end
-        @boundary_size = Utils.bytesize(@boundary) + EOL.size
+        private
-        if @content_length = @env['CONTENT_LENGTH']
-          @content_length = @content_length.to_i
-          @content_length -= @boundary_size
+        def check_open_files
+          if Utils.multipart_part_limit > 0
+            if @open_files >= Utils.multipart_part_limit
+              @mime_parts.each(&:close)
+              raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
+            end
+          end
         end
-        true
       end
-      def full_boundary
-        @boundary + EOL
-      end
+      attr_reader :state
+      def initialize(boundary, tempfile, bufsize, query_parser)
+        @query_parser   = query_parser
+        @params         = query_parser.make_params
+        @boundary       = "--#{boundary}"
+        @bufsize        = bufsize
-      def rx
-        @rx ||= /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
+        @full_boundary = @boundary
+        @end_boundary = @boundary + '--'
+        @state = :FAST_FORWARD
+        @mime_index = 0
+        @collector = Collector.new tempfile
+        @sbuf = StringScanner.new("".dup)
+        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @head_regex = /(.*?#{EOL})#{EOL}/m
       end
-      def fast_forward_to_first_boundary
-        loop do
-          content = @io.read(BUFSIZE)
-          raise EOFError, "bad content body" unless content
-          @buf << content
+      def on_read content
+        handle_empty_content!(content)
+        @sbuf.concat content
+        run_parser
+      end
-          while @buf.gsub!(/\A([^\n]*\n)/, '')
-            read_buffer = $1
-            return if read_buffer == full_boundary
+      def result
+        @collector.each do |part|
+          part.get_data do |data|
+            tag_multipart_encoding(part.filename, part.content_type, part.name, data)
+            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
           end
-          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= BUFSIZE
         end
+        MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
       end
-      def get_current_head_and_filename_and_content_type_and_name_and_body
-        head = nil
-        body = ''
-        filename = content_type = name = nil
-        content = nil
+      private
-        until head && @buf =~ rx
-          if !head && i = @buf.index(EOL+EOL)
-            head = @buf.slice!(0, i+2) # First \r\n
+      def run_parser
+        loop do
+          case @state
+          when :FAST_FORWARD
+            break if handle_fast_forward == :want_read
+          when :CONSUME_TOKEN
+            break if handle_consume_token == :want_read
+          when :MIME_HEAD
+            break if handle_mime_head == :want_read
+          when :MIME_BODY
+            break if handle_mime_body == :want_read
+          when :DONE
+            break
+          end
+        end
+      end
-            @buf.slice!(0, 2)          # Second \r\n
+      def handle_fast_forward
+        if consume_boundary
+          @state = :MIME_HEAD
+        else
+          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
+          :want_read
+        end
+      end
-            content_type = head[MULTIPART_CONTENT_TYPE, 1]
-            name = head[MULTIPART_CONTENT_DISPOSITION, 1] || head[MULTIPART_CONTENT_ID, 1]
+      def handle_consume_token
+        tok = consume_boundary
+        # break if we're at the end of a buffer, but not if it is the end of a field
+        @state = if tok == :END_BOUNDARY || (@sbuf.eos? && tok != :BOUNDARY)
+          :DONE
+        else
+          :MIME_HEAD
+        end
+      end
-            filename = get_filename(head)
+      def handle_mime_head
+        if @sbuf.scan_until(@head_regex)
+          head = @sbuf[1]
+          content_type = head[MULTIPART_CONTENT_TYPE, 1]
+          if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
+            name = Rack::Auth::Digest::Params::dequote(name)
+          else
+            name = head[MULTIPART_CONTENT_ID, 1]
+          end
-            if filename
-              body = Tempfile.new("RackMultipart")
-              body.binmode  if body.respond_to?(:binmode)
-            end
+          filename = get_filename(head)
-            next
+          if name.nil? || name.empty?
+            name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
-          # Save the read body part.
-          if head && (@boundary_size+4 < @buf.size)
-            body << @buf.slice!(0, @buf.size - (@boundary_size+4))
+          @collector.on_mime_head @mime_index, head, filename, content_type, name
+          @state = :MIME_BODY
+        else
+          :want_read
+        end
+      end
+      def handle_mime_body
+        if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
+          body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
+          @collector.on_mime_body @mime_index, body
+          @sbuf.pos += body.length + 2 # skip \r\n after the content
+          @state = :CONSUME_TOKEN
+          @mime_index += 1
+        else
+          # Save what we have so far
+          if @rx_max_size < @sbuf.rest_size
+            delta = @sbuf.rest_size - @rx_max_size
+            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
+            @sbuf.pos += delta
+            @sbuf.string = @sbuf.rest
           end
+          :want_read
+        end
+      end
-          content = @io.read(@content_length && BUFSIZE >= @content_length ? @content_length : BUFSIZE)
-          raise EOFError, "bad content body"  if content.nil? || content.empty?
+      def full_boundary; @full_boundary; end
-          @buf << content
-          @content_length -= content.size if @content_length
+      def consume_boundary
+        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
+          case read_buffer.strip
+          when full_boundary then return :BOUNDARY
+          when @end_boundary then return :END_BOUNDARY
+          end
+          return if @sbuf.eos?
         end
-        [head, filename, content_type, name, body]
       end
       def get_filename(head)
         filename = nil
-        if head =~ RFC2183
-          filename = Hash[head.scan(DISPPARM)]['filename']
-          filename = $1 if filename and filename =~ /^"(.*)"$/
-        elsif head =~ BROKEN_QUOTED
-          filename = $1
-        elsif head =~ BROKEN_UNQUOTED
+        case head
+        when RFC2183
+          params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
+          if filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
+          elsif filename = params['filename*']
+            encoding, _, filename = filename.split("'", 3)
+          end
+        when BROKEN_QUOTED, BROKEN_UNQUOTED
           filename = $1
         end
-        if filename && filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
-          filename = Utils.unescape(filename)
+        return unless filename
+        if filename.scan(/%.?.?/).all? { |s| /%[0-9a-fA-F]{2}/.match?(s) }
+          filename = Utils.unescape_path(filename)
         end
-        if filename && filename !~ /\\[^\\"]/
+        filename.scrub!
+        if filename !~ /\\[^\\"]/
           filename = filename.gsub(/\\(.)/, '\1')
         end
+        if encoding
+          filename.force_encoding ::Encoding.find(encoding)
+        end
         filename
       end
-      def get_data(filename, body, content_type, name, head)
-        data = nil
-        if filename == ""
-          # filename is blank which means no file has been selected
-          return data
-        elsif filename
-          body.rewind
-          # Take the basename of the upload's original filename.
-          # This handles the full Windows paths given by Internet Explorer
-          # (and perhaps other broken user agents) without affecting
-          # those which give the lone filename.
-          filename = filename.split(/[\/\\]/).last
-          data = {:filename => filename, :type => content_type,
-                  :name => name, :tempfile => body, :head => head}
-        elsif !filename && content_type && body.is_a?(IO)
-          body.rewind
-          # Generic multipart cases, not coming from a form
-          data = {:type => content_type,
-                  :name => name, :tempfile => body, :head => head}
-        else
-          data = body
+      CHARSET = "charset"
+      def tag_multipart_encoding(filename, content_type, name, body)
+        name = name.to_s
+        encoding = Encoding::UTF_8
+        name.force_encoding(encoding)
+        return if filename
+        if content_type
+          list         = content_type.split(';')
+          type_subtype = list.first
+          type_subtype.strip!
+          if TEXT_PLAIN == type_subtype
+            rest         = list.drop 1
+            rest.each do |param|
+              k, v = param.split('=', 2)
+              k.strip!
+              v.strip!
+              v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
+              encoding = Encoding.find v if k == CHARSET
+            end
+          end
         end
-        [filename, data]
+        name.force_encoding(encoding)
+        body.force_encoding(encoding)
+      end
+      def handle_empty_content!(content)
+        if content.nil? || content.empty?
+          raise EOFError
+        end
       end
     end
   end

data/lib/rack/multipart/uploaded_file.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Rack
   module Multipart
     class UploadedFile
@@ -11,8 +13,7 @@ module Rack
         raise "#{path} file does not exist" unless ::File.exist?(path)
         @content_type = content_type
         @original_filename = ::File.basename(path)
-        @tempfile = Tempfile.new(@original_filename)
-        @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding)
+        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY)
         @tempfile.binmode if binary
         FileUtils.copy_file(path, @tempfile.path)
       end
@@ -31,4 +32,4 @@ module Rack
       end
     end
   end
-end
+end

data/lib/rack/multipart.rb CHANGED Viewed

@@ -1,28 +1,59 @@
+# frozen_string_literal: true
+require 'rack/multipart/parser'
 module Rack
   # A multipart form data parser, adapted from IOWA.
   #
   # Usually, Rack::Request#POST takes care of calling this.
   module Multipart
     autoload :UploadedFile, 'rack/multipart/uploaded_file'
-    autoload :Parser, 'rack/multipart/parser'
     autoload :Generator, 'rack/multipart/generator'
     EOL = "\r\n"
     MULTIPART_BOUNDARY = "AaB03x"
-    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|n
+    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
-    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
-    BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
-    BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
+    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+    BROKEN_QUOTED = /^#{CONDISP}.*;\s*filename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
+    BROKEN_UNQUOTED = /^#{CONDISP}.*;\s*filename=(#{TOKEN})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name="?([^\";]*)"?/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    # Updated definitions from RFC 2231
+    ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}
+    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
+    SECTION = /\*[0-9]+/
+    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
+    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
+    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
+    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
+    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
+    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
+    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
+    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
+    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
+    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
+    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
     class << self
-      def parse_multipart(env)
-        Parser.new(env).parse
+      def parse_multipart(env, params = Rack::Utils.default_query_parser)
+        extract_multipart Rack::Request.new(env), params
+      end
+      def extract_multipart(req, params = Rack::Utils.default_query_parser)
+        io = req.get_header(RACK_INPUT)
+        io.rewind
+        content_length = req.content_length
+        content_length = content_length.to_i if content_length
+        tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY
+        bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE
+        info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params
+        req.set_header(RACK_TEMPFILES, info.tmp_files)
+        info.params
       end
       def build_multipart(params, first = true)

data/lib/rack/null_logger.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module Rack
+  class NullLogger
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      env[RACK_LOGGER] = self
+      @app.call(env)
+    end
+    def info(progname = nil, &block); end
+    def debug(progname = nil, &block); end
+    def warn(progname = nil, &block); end
+    def error(progname = nil, &block); end
+    def fatal(progname = nil, &block); end
+    def unknown(progname = nil, &block); end
+    def info? ;  end
+    def debug? ; end
+    def warn? ;  end
+    def error? ; end
+    def fatal? ; end
+    def level ; end
+    def progname ; end
+    def datetime_format ; end
+    def formatter ; end
+    def sev_threshold ; end
+    def level=(level); end
+    def progname=(progname); end
+    def datetime_format=(datetime_format); end
+    def formatter=(formatter); end
+    def sev_threshold=(sev_threshold); end
+    def close ; end
+    def add(severity, message = nil, progname = nil, &block); end
+    def <<(msg); end
+  end
+end