RubyGems - rack - Versions diffs - 1.4.7 → 2.1.4 - Mend

rack 1.4.7 → 2.1.4

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (183) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +77 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +122 -456
data/Rakefile +32 -31
data/SPEC +119 -29
data/bin/rackup +1 -0
data/contrib/rack_logo.svg +164 -111
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +4 -2
data/example/protectedlobster.ru +3 -1
data/lib/rack/auth/abstract/handler.rb +7 -5
data/lib/rack/auth/abstract/request.rb +8 -6
data/lib/rack/auth/basic.rb +5 -2
data/lib/rack/auth/digest/md5.rb +10 -8
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +5 -4
data/lib/rack/auth/digest/request.rb +4 -2
data/lib/rack/body_proxy.rb +11 -9
data/lib/rack/builder.rb +63 -20
data/lib/rack/cascade.rb +10 -9
data/lib/rack/chunked.rb +45 -11
data/lib/rack/{commonlogger.rb → common_logger.rb} +24 -15
data/lib/rack/{conditionalget.rb → conditional_get.rb} +20 -6
data/lib/rack/config.rb +7 -0
data/lib/rack/content_length.rb +12 -6
data/lib/rack/content_type.rb +4 -2
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +73 -42
data/lib/rack/directory.rb +77 -56
data/lib/rack/etag.rb +25 -13
data/lib/rack/events.rb +156 -0
data/lib/rack/file.rb +4 -143
data/lib/rack/files.rb +178 -0
data/lib/rack/handler/cgi.rb +18 -17
data/lib/rack/handler/fastcgi.rb +21 -17
data/lib/rack/handler/lsws.rb +14 -12
data/lib/rack/handler/scgi.rb +27 -21
data/lib/rack/handler/thin.rb +19 -5
data/lib/rack/handler/webrick.rb +66 -24
data/lib/rack/handler.rb +29 -19
data/lib/rack/head.rb +21 -14
data/lib/rack/lint.rb +259 -65
data/lib/rack/lobster.rb +17 -10
data/lib/rack/lock.rb +19 -10
data/lib/rack/logger.rb +4 -2
data/lib/rack/media_type.rb +43 -0
data/lib/rack/method_override.rb +52 -0
data/lib/rack/mime.rb +43 -6
data/lib/rack/mock.rb +109 -44
data/lib/rack/multipart/generator.rb +11 -12
data/lib/rack/multipart/parser.rb +302 -115
data/lib/rack/multipart/uploaded_file.rb +4 -3
data/lib/rack/multipart.rb +40 -9
data/lib/rack/null_logger.rb +39 -0
data/lib/rack/query_parser.rb +218 -0
data/lib/rack/recursive.rb +14 -11
data/lib/rack/reloader.rb +12 -5
data/lib/rack/request.rb +484 -270
data/lib/rack/response.rb +196 -77
data/lib/rack/rewindable_input.rb +5 -14
data/lib/rack/runtime.rb +13 -6
data/lib/rack/sendfile.rb +44 -20
data/lib/rack/server.rb +175 -61
data/lib/rack/session/abstract/id.rb +276 -133
data/lib/rack/session/cookie.rb +75 -40
data/lib/rack/session/memcache.rb +4 -87
data/lib/rack/session/pool.rb +24 -18
data/lib/rack/show_exceptions.rb +392 -0
data/lib/rack/{showstatus.rb → show_status.rb} +11 -9
data/lib/rack/static.rb +65 -38
data/lib/rack/tempfile_reaper.rb +24 -0
data/lib/rack/urlmap.rb +40 -15
data/lib/rack/utils.rb +316 -285
data/lib/rack.rb +78 -23
data/rack.gemspec +26 -19
metadata +44 -209
data/KNOWN-ISSUES +0 -30
data/lib/rack/backports/uri/common_18.rb +0 -56
data/lib/rack/backports/uri/common_192.rb +0 -52
data/lib/rack/backports/uri/common_193.rb +0 -29
data/lib/rack/handler/evented_mongrel.rb +0 -8
data/lib/rack/handler/mongrel.rb +0 -100
data/lib/rack/handler/swiftiplied_mongrel.rb +0 -8
data/lib/rack/methodoverride.rb +0 -33
data/lib/rack/nulllogger.rb +0 -18
data/lib/rack/showexceptions.rb +0 -378
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/lighttpd.errors +0 -1
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -8
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth.rb +0 -57
data/test/spec_auth_basic.rb +0 -81
data/test/spec_auth_digest.rb +0 -259
data/test/spec_body_proxy.rb +0 -69
data/test/spec_builder.rb +0 -207
data/test/spec_cascade.rb +0 -61
data/test/spec_cgi.rb +0 -102
data/test/spec_chunked.rb +0 -87
data/test/spec_commonlogger.rb +0 -57
data/test/spec_conditionalget.rb +0 -102
data/test/spec_config.rb +0 -22
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -45
data/test/spec_deflater.rb +0 -187
data/test/spec_directory.rb +0 -88
data/test/spec_etag.rb +0 -98
data/test/spec_fastcgi.rb +0 -107
data/test/spec_file.rb +0 -200
data/test/spec_handler.rb +0 -59
data/test/spec_head.rb +0 -48
data/test/spec_lint.rb +0 -515
data/test/spec_lobster.rb +0 -58
data/test/spec_lock.rb +0 -167
data/test/spec_logger.rb +0 -23
data/test/spec_methodoverride.rb +0 -72
data/test/spec_mock.rb +0 -269
data/test/spec_mongrel.rb +0 -182
data/test/spec_multipart.rb +0 -479
data/test/spec_nulllogger.rb +0 -23
data/test/spec_recursive.rb +0 -72
data/test/spec_request.rb +0 -955
data/test/spec_response.rb +0 -313
data/test/spec_rewindable_input.rb +0 -118
data/test/spec_runtime.rb +0 -49
data/test/spec_sendfile.rb +0 -90
data/test/spec_server.rb +0 -121
data/test/spec_session_abstract_id.rb +0 -43
data/test/spec_session_cookie.rb +0 -361
data/test/spec_session_memcache.rb +0 -321
data/test/spec_session_pool.rb +0 -209
data/test/spec_showexceptions.rb +0 -92
data/test/spec_showstatus.rb +0 -84
data/test/spec_static.rb +0 -145
data/test/spec_thin.rb +0 -86
data/test/spec_urlmap.rb +0 -213
data/test/spec_utils.rb +0 -554
data/test/spec_webrick.rb +0 -143
data/test/static/another/index.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/show_exceptions.rb ADDED Viewed

@@ -0,0 +1,392 @@
+# frozen_string_literal: true
+require 'ostruct'
+require 'erb'
+require 'rack/request'
+require 'rack/utils'
+module Rack
+  # Rack::ShowExceptions catches all exceptions raised from the app it
+  # wraps.  It shows a useful backtrace with the sourcefile and
+  # clickable context, the whole Rack environment and the request
+  # data.
+  #
+  # Be careful when you use this on public-facing sites as it could
+  # reveal information helpful to attackers.
+  class ShowExceptions
+    CONTEXT = 7
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      @app.call(env)
+    rescue StandardError, LoadError, SyntaxError => e
+      exception_string = dump_exception(e)
+      env[RACK_ERRORS].puts(exception_string)
+      env[RACK_ERRORS].flush
+      if accepts_html?(env)
+        content_type = "text/html"
+        body = pretty(env, e)
+      else
+        content_type = "text/plain"
+        body = exception_string
+      end
+      [
+        500,
+        {
+          CONTENT_TYPE => content_type,
+          CONTENT_LENGTH => body.bytesize.to_s,
+        },
+        [body],
+      ]
+    end
+    def prefers_plaintext?(env)
+      !accepts_html?(env)
+    end
+    def accepts_html?(env)
+      Rack::Utils.best_q_match(env["HTTP_ACCEPT"], %w[text/html])
+    end
+    private :accepts_html?
+    def dump_exception(exception)
+      string = "#{exception.class}: #{exception.message}\n".dup
+      string << exception.backtrace.map { |l| "\t#{l}" }.join("\n")
+      string
+    end
+    def pretty(env, exception)
+      req = Rack::Request.new(env)
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      path = path = (req.script_name + req.path_info).squeeze("/")
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      frames = frames = exception.backtrace.map { |line|
+        frame = OpenStruct.new
+        if line =~ /(.*?):(\d+)(:in `(.*)')?/
+          frame.filename = $1
+          frame.lineno = $2.to_i
+          frame.function = $4
+          begin
+            lineno = frame.lineno - 1
+            lines = ::File.readlines(frame.filename)
+            frame.pre_context_lineno = [lineno - CONTEXT, 0].max
+            frame.pre_context = lines[frame.pre_context_lineno...lineno]
+            frame.context_line = lines[lineno].chomp
+            frame.post_context_lineno = [lineno + CONTEXT, lines.size].min
+            frame.post_context = lines[lineno + 1..frame.post_context_lineno]
+          rescue
+          end
+          frame
+        else
+          nil
+        end
+      }.compact
+      template.result(binding)
+    end
+    def template
+      TEMPLATE
+    end
+    def h(obj)                  # :nodoc:
+      case obj
+      when String
+        Utils.escape_html(obj)
+      else
+        Utils.escape_html(obj.inspect)
+      end
+    end
+    # :stopdoc:
+    # adapted from Django <www.djangoproject.com>
+    # Copyright (c) Django Software Foundation and individual contributors.
+    # Used under the modified BSD license:
+    # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
+    TEMPLATE = ERB.new(<<-'HTML'.gsub(/^      /, ''))
+      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+      <html lang="en">
+      <head>
+        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+        <meta name="robots" content="NONE,NOARCHIVE" />
+        <title><%=h exception.class %> at <%=h path %></title>
+        <style type="text/css">
+          html * { padding:0; margin:0; }
+          body * { padding:10px 20px; }
+          body * * { padding:0; }
+          body { font:small sans-serif; }
+          body>div { border-bottom:1px solid #ddd; }
+          h1 { font-weight:normal; }
+          h2 { margin-bottom:.8em; }
+          h2 span { font-size:80%; color:#666; font-weight:normal; }
+          h3 { margin:1em 0 .5em 0; }
+          h4 { margin:0 0 .5em 0; font-weight: normal; }
+          table {
+              border:1px solid #ccc; border-collapse: collapse; background:white; }
+          tbody td, tbody th { vertical-align:top; padding:2px 3px; }
+          thead th {
+              padding:1px 6px 1px 3px; background:#fefefe; text-align:left;
+              font-weight:normal; font-size:11px; border:1px solid #ddd; }
+          tbody th { text-align:right; color:#666; padding-right:.5em; }
+          table.vars { margin:5px 0 2px 40px; }
+          table.vars td, table.req td { font-family:monospace; }
+          table td.code { width:100%;}
+          table td.code div { overflow:hidden; }
+          table.source th { color:#666; }
+          table.source td {
+              font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
+          ul.traceback { list-style-type:none; }
+          ul.traceback li.frame { margin-bottom:1em; }
+          div.context { margin: 10px 0; }
+          div.context ol {
+              padding-left:30px; margin:0 10px; list-style-position: inside; }
+          div.context ol li {
+              font-family:monospace; white-space:pre; color:#666; cursor:pointer; }
+          div.context ol.context-line li { color:black; background-color:#ccc; }
+          div.context ol.context-line li span { float: right; }
+          div.commands { margin-left: 40px; }
+          div.commands a { color:black; text-decoration:none; }
+          #summary { background: #ffc; }
+          #summary h2 { font-weight: normal; color: #666; }
+          #summary ul#quicklinks { list-style-type: none; margin-bottom: 2em; }
+          #summary ul#quicklinks li { float: left; padding: 0 1em; }
+          #summary ul#quicklinks>li+li { border-left: 1px #666 solid; }
+          #explanation { background:#eee; }
+          #template, #template-not-exist { background:#f6f6f6; }
+          #template-not-exist ul { margin: 0 0 0 20px; }
+          #traceback { background:#eee; }
+          #requestinfo { background:#f6f6f6; padding-left:120px; }
+          #summary table { border:none; background:transparent; }
+          #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
+          #requestinfo h3 { margin-bottom:-1em; }
+          .error { background: #ffc; }
+          .specific { color:#cc3300; font-weight:bold; }
+        </style>
+        <script type="text/javascript">
+        //<!--
+          function getElementsByClassName(oElm, strTagName, strClassName){
+              // Written by Jonathan Snook, http://www.snook.ca/jon;
+              // Add-ons by Robert Nyman, http://www.robertnyman.com
+              var arrElements = (strTagName == "*" && document.all)? document.all :
+              oElm.getElementsByTagName(strTagName);
+              var arrReturnElements = new Array();
+              strClassName = strClassName.replace(/\-/g, "\\-");
+              var oRegExp = new RegExp("(^|\\s)" + strClassName + "(\\s|$$)");
+              var oElement;
+              for(var i=0; i<arrElements.length; i++){
+                  oElement = arrElements[i];
+                  if(oRegExp.test(oElement.className)){
+                      arrReturnElements.push(oElement);
+                  }
+              }
+              return (arrReturnElements)
+          }
+          function hideAll(elems) {
+            for (var e = 0; e < elems.length; e++) {
+              elems[e].style.display = 'none';
+            }
+          }
+          window.onload = function() {
+            hideAll(getElementsByClassName(document, 'table', 'vars'));
+            hideAll(getElementsByClassName(document, 'ol', 'pre-context'));
+            hideAll(getElementsByClassName(document, 'ol', 'post-context'));
+          }
+          function toggle() {
+            for (var i = 0; i < arguments.length; i++) {
+              var e = document.getElementById(arguments[i]);
+              if (e) {
+                e.style.display = e.style.display == 'none' ? 'block' : 'none';
+              }
+            }
+            return false;
+          }
+          function varToggle(link, id) {
+            toggle('v' + id);
+            var s = link.getElementsByTagName('span')[0];
+            var uarr = String.fromCharCode(0x25b6);
+            var darr = String.fromCharCode(0x25bc);
+            s.innerHTML = s.innerHTML == uarr ? darr : uarr;
+            return false;
+          }
+          //-->
+        </script>
+      </head>
+      <body>
+      <div id="summary">
+        <h1><%=h exception.class %> at <%=h path %></h1>
+        <h2><%=h exception.message %></h2>
+        <table><tr>
+          <th>Ruby</th>
+          <td>
+      <% if first = frames.first %>
+            <code><%=h first.filename %></code>: in <code><%=h first.function %></code>, line <%=h frames.first.lineno %>
+      <% else %>
+            unknown location
+      <% end %>
+          </td>
+        </tr><tr>
+          <th>Web</th>
+          <td><code><%=h req.request_method %> <%=h(req.host + path)%></code></td>
+        </tr></table>
+        <h3>Jump to:</h3>
+        <ul id="quicklinks">
+          <li><a href="#get-info">GET</a></li>
+          <li><a href="#post-info">POST</a></li>
+          <li><a href="#cookie-info">Cookies</a></li>
+          <li><a href="#env-info">ENV</a></li>
+        </ul>
+      </div>
+      <div id="traceback">
+        <h2>Traceback <span>(innermost first)</span></h2>
+        <ul class="traceback">
+      <% frames.each { |frame| %>
+            <li class="frame">
+              <code><%=h frame.filename %></code>: in <code><%=h frame.function %></code>
+                <% if frame.context_line %>
+                <div class="context" id="c<%=h frame.object_id %>">
+                    <% if frame.pre_context %>
+                    <ol start="<%=h frame.pre_context_lineno+1 %>" class="pre-context" id="pre<%=h frame.object_id %>">
+                      <% frame.pre_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+                  <ol start="<%=h frame.lineno %>" class="context-line">
+                    <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h frame.context_line %><span>...</span></li></ol>
+                    <% if frame.post_context %>
+                    <ol start='<%=h frame.lineno+1 %>' class="post-context" id="post<%=h frame.object_id %>">
+                      <% frame.post_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+                </div>
+                <% end %>
+            </li>
+      <% } %>
+        </ul>
+      </div>
+      <div id="requestinfo">
+        <h2>Request information</h2>
+        <h3 id="get-info">GET</h3>
+        <% if req.GET and not req.GET.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No GET data.</p>
+        <% end %>
+        <h3 id="post-info">POST</h3>
+        <% if req.POST and not req.POST.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No POST data.</p>
+        <% end %>
+        <h3 id="cookie-info">COOKIES</h3>
+        <% unless req.cookies.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+              <% req.cookies.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+              <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No cookie data.</p>
+        <% end %>
+        <h3 id="env-info">Rack ENV</h3>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+      </div>
+      <div id="explanation">
+        <p>
+          You're seeing this error because you use <code>Rack::ShowExceptions</code>.
+        </p>
+      </div>
+      </body>
+      </html>
+    HTML
+    # :startdoc:
+  end
+end

data/lib/rack/{showstatus.rb → show_status.rb} RENAMED Viewed

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
 require 'erb'
 require 'rack/request'
 require 'rack/utils'
 module Rack
-  # Rack::ShowStatus catches all empty responses and replaces them
+  # Rack::ShowStatus catches all empty responses and replaces them
   # with a site explaining the error.
   #
   # Additional details can be put into <tt>rack.showstatus.detail</tt>
@@ -19,10 +21,10 @@ module Rack
     def call(env)
       status, headers, body = @app.call(env)
       headers = Utils::HeaderHash.new(headers)
-      empty = headers['Content-Length'].to_i <= 0
+      empty = headers[CONTENT_LENGTH].to_i <= 0
       # client or server error, or explicit message
-      if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
+      if (status.to_i >= 400 && empty) || env[RACK_SHOWSTATUS_DETAIL]
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
         req = req = Rack::Request.new(env)
@@ -31,11 +33,11 @@ module Rack
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
-        detail = detail = env["rack.showstatus.detail"] || message
+        detail = detail = env[RACK_SHOWSTATUS_DETAIL] || message
         body = @template.result(binding)
-        size = Rack::Utils.bytesize(body)
-        [status, headers.merge("Content-Type" => "text/html", "Content-Length" => size.to_s), [body]]
+        size = body.bytesize
+        [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]]
       else
         [status, headers, body]
       end
@@ -52,8 +54,8 @@ module Rack
     # :stopdoc:
-# adapted from Django <djangoproject.com>
-# Copyright (c) 2005, the Lawrence Journal-World
+# adapted from Django <www.djangoproject.com>
+# Copyright (c) Django Software Foundation and individual contributors.
 # Used under the modified BSD license:
 # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
 TEMPLATE = <<'HTML'
@@ -96,7 +98,7 @@ TEMPLATE = <<'HTML'
     </table>
   </div>
   <div id="info">
-    <p><%= detail %></p>
+    <p><%=h detail %></p>
   </div>
   <div id="explanation">

data/lib/rack/static.rb CHANGED Viewed

@@ -1,8 +1,15 @@
+# frozen_string_literal: true
+require "rack/files"
+require "rack/utils"
+require_relative 'core_ext/regexp'
 module Rack
   # The Rack::Static middleware intercepts requests for static files
   # (javascript files, images, stylesheets, etc) based on the url prefixes or
-  # route mappings passed in the options, and serves them using a Rack::File
+  # route mappings passed in the options, and serves them using a Rack::Files
   # object. This allows a Rack stack to serve both static and dynamic content.
   #
   # Examples:
@@ -53,8 +60,8 @@ module Rack
   #  4) Regular Expressions / Regexp
   #     Provide a regular expression
   #     %r{\.(?:css|js)\z} => Matches files ending in .css or .js
-  #     /\.(?:eot|ttf|otf|woff|svg)\z/ => Matches files ending in
-  #       the most common web font formats (.eot, .ttf, .otf, .woff, .svg)
+  #     /\.(?:eot|ttf|otf|woff2|woff|svg)\z/ => Matches files ending in
+  #       the most common web font formats (.eot, .ttf, .otf, .woff2, .woff, .svg)
   #       Note: This Regexp is available as a shortcut, using the :fonts rule
   #
   #  5) Font Shortcut
@@ -79,24 +86,29 @@ module Rack
   #         ]
   #
   class Static
+    using ::Rack::RegexpExtensions
-    def initialize(app, options={})
+    def initialize(app, options = {})
       @app = app
       @urls = options[:urls] || ["/favicon.ico"]
       @index = options[:index]
+      @gzip = options[:gzip]
       root = options[:root] || Dir.pwd
       # HTTP Headers
       @header_rules = options[:header_rules] || []
       # Allow for legacy :cache_control option while prioritizing global header_rules setting
-      @header_rules.insert(0, [:all, {'Cache-Control' => options[:cache_control]}]) if options[:cache_control]
-      @headers = {}
+      @header_rules.unshift([:all, { CACHE_CONTROL => options[:cache_control] }]) if options[:cache_control]
+      @file_server = Rack::Files.new(root)
+    end
-      @file_server = Rack::File.new(root, @headers)
+    def add_index_root?(path)
+      @index && route_file(path) && path.end_with?('/')
     end
     def overwrite_file_path(path)
-      @urls.kind_of?(Hash) && @urls.key?(path) || @index && path =~ /\/$/
+      @urls.kind_of?(Hash) && @urls.key?(path) || add_index_root?(path)
     end
     def route_file(path)
@@ -108,46 +120,61 @@ module Rack
     end
     def call(env)
-      path = env["PATH_INFO"]
+      path = env[PATH_INFO]
       if can_serve(path)
-        env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)
-        @path = env["PATH_INFO"]
-        apply_header_rules
-        @file_server.call(env)
+        if overwrite_file_path(path)
+          env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
+        elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING'])
+          path = env[PATH_INFO]
+          env[PATH_INFO] += '.gz'
+          response = @file_server.call(env)
+          env[PATH_INFO] = path
+          if response[0] == 404
+            response = nil
+          else
+            if mime_type = Mime.mime_type(::File.extname(path), 'text/plain')
+              response[1][CONTENT_TYPE] = mime_type
+            end
+            response[1]['Content-Encoding'] = 'gzip'
+          end
+        end
+        path = env[PATH_INFO]
+        response ||= @file_server.call(env)
+        headers = response[1]
+        applicable_rules(path).each do |rule, new_headers|
+          new_headers.each { |field, content| headers[field] = content }
+        end
+        response
       else
         @app.call(env)
       end
     end
     # Convert HTTP header rules to HTTP headers
-    def apply_header_rules
-      @header_rules.each do |rule, headers|
-        apply_rule(rule, headers)
+    def applicable_rules(path)
+      @header_rules.find_all do |rule, new_headers|
+        case rule
+        when :all
+          true
+        when :fonts
+          /\.(?:ttf|otf|eot|woff2|woff|svg)\z/.match?(path)
+        when String
+          path = ::Rack::Utils.unescape(path)
+          path.start_with?(rule) || path.start_with?('/' + rule)
+        when Array
+          /\.(#{rule.join('|')})\z/.match?(path)
+        when Regexp
+          rule.match?(path)
+        else
+          false
+        end
       end
     end
-    def apply_rule(rule, headers)
-      case rule
-      when :all    # All files
-        set_headers(headers)
-      when :fonts  # Fonts Shortcut
-        set_headers(headers) if @path.match(/\.(?:ttf|otf|eot|woff|svg)\z/)
-      when String  # Folder
-        path = ::Rack::Utils.unescape(@path)
-        set_headers(headers) if (path.start_with?(rule) || path.start_with?('/' + rule))
-      when Array   # Extension/Extensions
-        extensions = rule.join('|')
-        set_headers(headers) if @path.match(/\.(#{extensions})\z/)
-      when Regexp  # Flexible Regexp
-        set_headers(headers) if @path.match(rule)
-      else
-      end
-    end
-    def set_headers(headers)
-      headers.each { |field, content| @headers[field] = content }
-    end
   end
 end

data/lib/rack/tempfile_reaper.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require 'rack/body_proxy'
+module Rack
+  # Middleware tracks and cleans Tempfiles created throughout a request (i.e. Rack::Multipart)
+  # Ideas/strategy based on posts by Eric Wong and Charles Oliver Nutter
+  # https://groups.google.com/forum/#!searchin/rack-devel/temp/rack-devel/brK8eh-MByw/sw61oJJCGRMJ
+  class TempfileReaper
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      env[RACK_TEMPFILES] ||= []
+      status, headers, body = @app.call(env)
+      body_proxy = BodyProxy.new(body) do
+        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?
+      end
+      [status, headers, body_proxy]
+    end
+  end
+end