rack 1.5.5 → 1.6.0.beta

data/lib/rack/lint.rb

@@ -102,7 +102,17 @@ module Rack
       ##                         follows the <tt>?</tt>, if any. May be
       ##                         empty, but is always required!
 
-      ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>:: When combined with <tt>SCRIPT_NAME</tt> and <tt>PATH_INFO</tt>, these variables can be used to complete the URL. Note, however, that <tt>HTTP_HOST</tt>, if present, should be used in preference to <tt>SERVER_NAME</tt> for reconstructing the request URL.  <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt> can never be empty strings, and so are always required.
+      ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
+      ##                        When combined with <tt>SCRIPT_NAME</tt> and
+      ##                        <tt>PATH_INFO</tt>, these variables can be
+      ##                        used to complete the URL. Note, however,
+      ##                        that <tt>HTTP_HOST</tt>, if present,
+      ##                        should be used in preference to
+      ##                        <tt>SERVER_NAME</tt> for reconstructing
+      ##                        the request URL.
+      ##                        <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
+      ##                        can never be empty strings, and so
+      ##                        are always required.
 
       ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
       ##                            client-supplied HTTP request
@@ -112,29 +122,60 @@ module Rack
       ##                            variables should correspond with
       ##                            the presence or absence of the
       ##                            appropriate HTTP header in the
-      ##                            request. See <a href="https://tools.ietf.org/html/rfc3875#section-4.1.18">
-      ##                            RFC3875 section 4.1.18</a> for specific behavior.
+      ##                            request. See
+      ##                            <a href="https://tools.ietf.org/html/rfc3875#section-4.1.18">
+      ##                            RFC3875 section 4.1.18</a> for
+      ##                            specific behavior.
 
       ## In addition to this, the Rack environment must include these
       ## Rack-specific variables:
 
-      ## <tt>rack.version</tt>:: The Array representing this version of Rack. See Rack::VERSION, that corresponds to the version of this SPEC.
-      ## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the request URL.
+      ## <tt>rack.version</tt>:: The Array representing this version of Rack
+      ##                         See Rack::VERSION, that corresponds to
+      ##                         the version of this SPEC.
+
+      ## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the
+      ##                            request URL.
+
       ## <tt>rack.input</tt>:: See below, the input stream.
+
       ## <tt>rack.errors</tt>:: See below, the error stream.
-      ## <tt>rack.multithread</tt>:: true if the application object may be simultaneously invoked by another thread in the same process, false otherwise.
-      ## <tt>rack.multiprocess</tt>:: true if an equivalent application object may be simultaneously invoked by another process, false otherwise.
-      ## <tt>rack.run_once</tt>:: true if the server expects (but does not guarantee!) that the application will only be invoked this one time during the life of its containing process. Normally, this will only be true for a server based on CGI (or something similar).
-      ## <tt>rack.hijack?</tt>:: present and true if the server supports connection hijacking. See below, hijacking.
-      ## <tt>rack.hijack</tt>:: an object responding to #call that must be called at least once before using rack.hijack_io. It is recommended #call return rack.hijack_io as well as setting it in env if necessary.
-      ## <tt>rack.hijack_io</tt>:: if rack.hijack? is true, and rack.hijack has received #call, this will contain an object resembling an IO. See hijacking.
-      ##
+
+      ## <tt>rack.multithread</tt>:: true if the application object may be
+      ##                             simultaneously invoked by another thread
+      ##                             in the same process, false otherwise.
+
+      ## <tt>rack.multiprocess</tt>:: true if an equivalent application object
+      ##                              may be simultaneously invoked by another
+      ##                              process, false otherwise.
+
+      ## <tt>rack.run_once</tt>:: true if the server expects
+      ##                          (but does not guarantee!) that the
+      ##                          application will only be invoked this one
+      ##                          time during the life of its containing
+      ##                          process. Normally, this will only be true
+      ##                          for a server based on CGI
+      ##                          (or something similar).
+
+      ## <tt>rack.hijack?</tt>:: present and true if the server supports
+      ##                         connection hijacking. See below, hijacking.
+
+      ## <tt>rack.hijack</tt>:: an object responding to #call that must be
+      ##                        called at least once before using
+      ##                        rack.hijack_io.
+      ##                        It is recommended #call return rack.hijack_io
+      ##                        as well as setting it in env if necessary.
+
+      ## <tt>rack.hijack_io</tt>:: if rack.hijack? is true, and rack.hijack
+      ##                           has received #call, this will contain
+      ##                           an object resembling an IO. See hijacking.
 
       ## Additional environment specifications have approved to
       ## standardized middleware APIs.  None of these are required to
       ## be implemented by the server.
 
-      ## <tt>rack.session</tt>:: A hash like interface for storing request session data.
+      ## <tt>rack.session</tt>:: A hash like interface for storing
+      ##                         request session data.
       ##                         The store must implement:
       if session = env['rack.session']
         ##                         store(key, value)         (aliased as []=);
@@ -218,7 +259,6 @@ module Rack
         }
       }
 
-      ##
       ## There are the following restrictions:
 
       ## * <tt>rack.version</tt> must be an array of Integers.
@@ -311,15 +351,23 @@ module Rack
         v
       end
 
-      ## * +read+ behaves like IO#read. Its signature is <tt>read([length, [buffer]])</tt>.
-      ##   If given, +length+ must be a non-negative Integer (>= 0) or +nil+, and +buffer+ must
-      ##   be a String and may not be nil. If +length+ is given and not nil, then this method
-      ##   reads at most +length+ bytes from the input stream. If +length+ is not given or nil,
-      ##   then this method reads all data until EOF.
-      ##   When EOF is reached, this method returns nil if +length+ is given and not nil, or ""
-      ##   if +length+ is not given or is nil.
-      ##   If +buffer+ is given, then the read data will be placed into +buffer+ instead of a
-      ##   newly created String object.
+      ## * +read+ behaves like IO#read.
+      ##   Its signature is <tt>read([length, [buffer]])</tt>.
+      ##
+      ##   If given, +length+ must be a non-negative Integer (>= 0) or +nil+,
+      ##   and +buffer+ must be a String and may not be nil.
+      ##
+      ##   If +length+ is given and not nil, then this method reads at most
+      ##   +length+ bytes from the input stream.
+      ##
+      ##   If +length+ is not given or nil, then this method reads
+      ##   all data until EOF.
+      ##
+      ##   When EOF is reached, this method returns nil if +length+ is given
+      ##   and not nil, or "" if +length+ is not given or is nil.
+      ##
+      ##   If +buffer+ is given, then the read data will be placed
+      ##   into +buffer+ instead of a newly created String object.
       def read(*args)
         assert("rack.input#read called with too many arguments") {
           args.size <= 2
@@ -584,7 +632,7 @@ module Rack
         assert("a header value must be a String, but the value of " +
           "'#{key}' is a #{value.class}") { value.kind_of? String }
         ## consisting of lines (for multiple header values, e.g. multiple
-        ## <tt>Set-Cookie</tt> values) seperated by "\n".
+        ## <tt>Set-Cookie</tt> values) separated by "\\n".
         value.split("\n").each { |item|
           ## The lines must not contain characters below 037.
           assert("invalid header value #{key}: #{item.inspect}") {
@@ -660,7 +708,7 @@ module Rack
       ##
       ## If the Body responds to +close+, it will be called after iteration. If
       ## the body is replaced by a middleware after action, the original body
-      ## must be closed first, if it repsonds to close.
+      ## must be closed first, if it responds to close.
       # XXX howto: assert("Body has not been closed") { @closed }
 
 

data/lib/rack/lobster.rb

@@ -32,9 +32,14 @@ module Rack
     def call(env)
       req = Request.new(env)
       if req.GET["flip"] == "left"
-        lobster = LobsterString.split("\n").
-          map { |line| line.ljust(42).reverse }.
-          join("\n")
+        lobster = LobsterString.split("\n").map do |line|
+          line.ljust(42).reverse.
+            gsub('\\', 'TEMP').
+            gsub('/', '\\').
+            gsub('TEMP', '/').
+            gsub('{','}').
+            gsub('(',')')
+        end.join("\n")
         href = "?flip=right"
       elsif req.GET["flip"] == "crash"
         raise "Lobster crashed"

data/lib/rack/methodoverride.rb

@@ -1,16 +1,17 @@
 module Rack
   class MethodOverride
-    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS PATCH)
+    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK)
 
     METHOD_OVERRIDE_PARAM_KEY = "_method".freeze
     HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE".freeze
+    ALLOWED_METHODS = ["POST"]
 
     def initialize(app)
       @app = app
     end
 
     def call(env)
-      if env["REQUEST_METHOD"] == "POST"
+      if allowed_methods.include?(env["REQUEST_METHOD"])
         method = method_override(env)
         if HTTP_METHODS.include?(method)
           env["rack.methodoverride.original_method"] = env["REQUEST_METHOD"]
@@ -23,9 +24,19 @@ module Rack
 
     def method_override(env)
       req = Request.new(env)
-      method = req.POST[METHOD_OVERRIDE_PARAM_KEY] ||
+      method = method_override_param(req) ||
         env[HTTP_METHOD_OVERRIDE_HEADER]
       method.to_s.upcase
     end
+
+    private
+
+    def allowed_methods
+      ALLOWED_METHODS
+    end
+
+    def method_override_param(req)
+      req.POST[METHOD_OVERRIDE_PARAM_KEY]
+    end
   end
 end

data/lib/rack/mime.rb

@@ -29,21 +29,7 @@ module Rack
       v1, v2 = value.split('/', 2)
       m1, m2 = matcher.split('/', 2)
 
-      if m1 == '*'
-        if m2.nil? || m2 == '*'
-          return true
-        elsif m2 == v2
-          return true
-        else
-          return false
-        end
-      end
-
-      return false if v1 != m1
-
-      return true if m2.nil? || m2 == '*'
-
-      m2 == v2
+      (m1 == '*' || v1 == m1) && (m2.nil? || m2 == '*' || m2 == v2)
     end
     module_function :match?
 

data/lib/rack/mock.rb

@@ -53,12 +53,13 @@ module Rack
       @app = app
     end
 
-    def get(uri, opts={})    request("GET", uri, opts)    end
-    def post(uri, opts={})   request("POST", uri, opts)   end
-    def put(uri, opts={})    request("PUT", uri, opts)    end
-    def patch(uri, opts={})  request("PATCH", uri, opts)    end
-    def delete(uri, opts={}) request("DELETE", uri, opts) end
-    def head(uri, opts={})   request("HEAD", uri, opts)   end
+    def get(uri, opts={})     request("GET", uri, opts)     end
+    def post(uri, opts={})    request("POST", uri, opts)    end
+    def put(uri, opts={})     request("PUT", uri, opts)     end
+    def patch(uri, opts={})   request("PATCH", uri, opts)   end
+    def delete(uri, opts={})  request("DELETE", uri, opts)  end
+    def head(uri, opts={})    request("HEAD", uri, opts)    end
+    def options(uri, opts={}) request("OPTIONS", uri, opts) end
 
     def request(method="GET", uri="", opts={})
       env = self.class.env_for(uri, opts.merge(:method => method))
@@ -76,9 +77,16 @@ module Rack
       body.close if body.respond_to?(:close)
     end
 
+    # For historical reasons, we're pinning to RFC 2396. It's easier for users
+    # and we get support from ruby 1.8 to 2.2 using this method.
+    def self.parse_uri_rfc2396(uri)
+      @parser ||= defined?(URI::RFC2396_Parser) ? URI::RFC2396_Parser.new : URI
+      @parser.parse(uri)
+    end
+
     # Return the Rack environment used for a request to +uri+.
     def self.env_for(uri="", opts={})
-      uri = URI(uri)
+      uri = parse_uri_rfc2396(uri)
       uri.path = "/#{uri.path}" unless uri.path[0] == ?/
 
       env = DEFAULT_ENV.dup

data/lib/rack/multipart.rb

@@ -9,7 +9,7 @@ module Rack
 
     EOL = "\r\n"
     MULTIPART_BOUNDARY = "AaB03x"
-    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|n
+    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
     DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
@@ -22,7 +22,7 @@ module Rack
 
     class << self
       def parse_multipart(env)
-        Parser.new(env).parse
+        Parser.create(env).parse
       end
 
       def build_multipart(params, first = true)

data/lib/rack/multipart/parser.rb

@@ -2,31 +2,52 @@ require 'rack/utils'
 
 module Rack
   module Multipart
-    class MultipartLimitError < Errno::EMFILE; end
-
     class Parser
       BUFSIZE = 16384
 
-      def initialize(env)
+      DUMMY = Struct.new(:parse).new
+
+      def self.create(env)
+        return DUMMY unless env['CONTENT_TYPE'] =~ MULTIPART
+
+        io = env['rack.input']
+        io.rewind
+
+        content_length = env['CONTENT_LENGTH']
+        content_length = content_length.to_i if content_length
+
+        new($1, io, content_length, env)
+      end
+
+      def initialize(boundary, io, content_length, env)
+        @buf            = ""
+
+        if @buf.respond_to? :force_encoding
+          @buf.force_encoding Encoding::ASCII_8BIT
+        end
+
+        @params         = Utils::KeySpaceConstrainedParams.new
+        @boundary       = "--#{boundary}"
+        @io             = io
+        @content_length = content_length
+        @boundary_size  = Utils.bytesize(@boundary) + EOL.size
         @env = env
+
+        if @content_length
+          @content_length -= @boundary_size
+        end
+
+        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
+        @full_boundary = @boundary + EOL
       end
 
       def parse
-        return nil unless setup_parse
-
         fast_forward_to_first_boundary
 
-        opened_files = 0
         loop do
-
           head, filename, content_type, name, body =
             get_current_head_and_filename_and_content_type_and_name_and_body
 
-          if Utils.multipart_part_limit > 0
-            opened_files += 1 if filename
-            raise MultipartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
-          end
-
           # Save the rest.
           if i = @buf.index(rx)
             body << @buf.slice!(0, i)
@@ -35,9 +56,11 @@ module Rack
             @content_length = -1  if $1 == "--"
           end
 
-          filename, data = get_data(filename, body, content_type, name, head)
+          get_data(filename, body, content_type, name, head) do |data|
+            tag_multipart_encoding(filename, content_type, name, data)
 
-          Utils.normalize_params(@params, name, data) unless data.nil?
+            Utils.normalize_params(@params, name, data)
+          end
 
           # break if we're at the end of a buffer, but not if it is the end of a field
           break if (@buf.empty? && $1 != EOL) || @content_length == -1
@@ -49,33 +72,9 @@ module Rack
       end
 
       private
-      def setup_parse
-        return false unless @env['CONTENT_TYPE'] =~ MULTIPART
-
-        @boundary = "--#{$1}"
-
-        @buf = ""
-        @params = Utils::KeySpaceConstrainedParams.new
+      def full_boundary; @full_boundary; end
 
-        @io = @env['rack.input']
-        @io.rewind
-
-        @boundary_size = Utils.bytesize(@boundary) + EOL.size
-
-        if @content_length = @env['CONTENT_LENGTH']
-          @content_length = @content_length.to_i
-          @content_length -= @boundary_size
-        end
-        true
-      end
-
-      def full_boundary
-        @boundary + EOL
-      end
-
-      def rx
-        @rx ||= /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
-      end
+      def rx; @rx; end
 
       def fast_forward_to_first_boundary
         loop do
@@ -95,8 +94,12 @@ module Rack
       def get_current_head_and_filename_and_content_type_and_name_and_body
         head = nil
         body = ''
+
+        if body.respond_to? :force_encoding
+          body.force_encoding Encoding::ASCII_8BIT
+        end
+
         filename = content_type = name = nil
-        content = nil
 
         until head && @buf =~ rx
           if !head && i = @buf.index(EOL+EOL)
@@ -109,8 +112,12 @@ module Rack
 
             filename = get_filename(head)
 
+            if name.nil? || name.empty? && filename
+              name = filename
+            end
+
             if filename
-              body = Tempfile.new("RackMultipart")
+              (@env['rack.tempfiles'] ||= []) << body = Tempfile.new("RackMultipart")
               body.binmode  if body.respond_to?(:binmode)
             end
 
@@ -134,29 +141,78 @@ module Rack
 
       def get_filename(head)
         filename = nil
-        if head =~ RFC2183
+        case head
+        when RFC2183
           filename = Hash[head.scan(DISPPARM)]['filename']
           filename = $1 if filename and filename =~ /^"(.*)"$/
-        elsif head =~ BROKEN_QUOTED
-          filename = $1
-        elsif head =~ BROKEN_UNQUOTED
+        when BROKEN_QUOTED, BROKEN_UNQUOTED
           filename = $1
         end
 
-        if filename && filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
+        return unless filename
+
+        if filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
           filename = Utils.unescape(filename)
         end
-        if filename && filename !~ /\\[^\\"]/
+
+        scrub_filename filename
+
+        if filename !~ /\\[^\\"]/
           filename = filename.gsub(/\\(.)/, '\1')
         end
         filename
       end
 
+      if "<3".respond_to? :valid_encoding?
+        def scrub_filename(filename)
+          unless filename.valid_encoding?
+            # FIXME: this force_encoding is for Ruby 2.0 and 1.9 support.
+            # We can remove it after they are dropped
+            filename.force_encoding(Encoding::ASCII_8BIT)
+            filename.encode!(:invalid => :replace, :undef => :replace)
+          end
+        end
+
+        CHARSET    = "charset"
+        TEXT_PLAIN = "text/plain"
+
+        def tag_multipart_encoding(filename, content_type, name, body)
+          name.force_encoding Encoding::UTF_8
+
+          return if filename
+
+          encoding = Encoding::UTF_8
+
+          if content_type
+            list         = content_type.split(';')
+            type_subtype = list.first
+            type_subtype.strip!
+            if TEXT_PLAIN == type_subtype
+              rest         = list.drop 1
+              rest.each do |param|
+                k,v = param.split('=', 2)
+                k.strip!
+                v.strip!
+                encoding = Encoding.find v if k == CHARSET
+              end
+            end
+          end
+
+          name.force_encoding encoding
+          body.force_encoding encoding
+        end
+      else
+        def scrub_filename(filename)
+        end
+        def tag_multipart_encoding(filename, content_type, name, body)
+        end
+      end
+
       def get_data(filename, body, content_type, name, head)
-        data = nil
+        data = body
         if filename == ""
           # filename is blank which means no file has been selected
-          return data
+          return
         elsif filename
           body.rewind
 
@@ -174,11 +230,9 @@ module Rack
           # Generic multipart cases, not coming from a form
           data = {:type => content_type,
                   :name => name, :tempfile => body, :head => head}
-        else
-          data = body
         end
 
-        [filename, data]
+        yield data
       end
     end
   end