rack 1.5.5 → 1.6.0.beta

data/lib/rack/multipart/uploaded_file.rb

@@ -11,7 +11,7 @@ module Rack
         raise "#{path} file does not exist" unless ::File.exist?(path)
         @content_type = content_type
         @original_filename = ::File.basename(path)
-        @tempfile = Tempfile.new(@original_filename)
+        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)])
         @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding)
         @tempfile.binmode if binary
         FileUtils.copy_file(path, @tempfile.path)
@@ -31,4 +31,4 @@ module Rack
       end
     end
   end
-end
+end

data/lib/rack/nulllogger.rb

@@ -9,10 +9,29 @@ module Rack
       @app.call(env)
     end
 
-    def info(progname = nil, &block);  end
+    def info(progname = nil, &block); end
     def debug(progname = nil, &block); end
-    def warn(progname = nil, &block);  end
+    def warn(progname = nil, &block); end
     def error(progname = nil, &block); end
     def fatal(progname = nil, &block); end
+    def unknown(progname = nil, &block); end
+    def info? ;  end
+    def debug? ; end
+    def warn? ;  end
+    def error? ; end
+    def fatal? ; end
+    def level ; end
+    def progname ; end
+    def datetime_format ; end
+    def formatter ; end
+    def sev_threshold ; end
+    def level=(level); end
+    def progname=(progname); end
+    def datetime_format=(datetime_format); end
+    def formatter=(formatter); end
+    def sev_threshold=(sev_threshold); end
+    def close ; end
+    def add(severity, message = nil, progname = nil, &block); end
+    def <<(msg); end
   end
 end

data/lib/rack/request.rb

@@ -8,10 +8,6 @@ module Rack
   #   req = Rack::Request.new(env)
   #   req.post?
   #   req.params["data"]
-  #
-  # The environment hash passed will store a reference to the Request object
-  # instantiated so that it will only instantiate if an instance of the Request
-  # object doesn't already exist.
 
   class Request
     # The environment of the request.
@@ -56,7 +52,7 @@ module Rack
       return {} if content_type.nil?
       Hash[*content_type.split(/\s*[;,]\s*/)[1..-1].
         collect { |s| s.split('=', 2) }.
-        map { |k,v| [k.downcase, v] }.flatten]
+        map { |k,v| [k.downcase, strip_doublequotes(v)] }.flatten]
     end
 
     # The character set of the request body if a "charset" media type
@@ -101,7 +97,7 @@ module Rack
       elsif @env.has_key?("HTTP_X_FORWARDED_HOST")
         DEFAULT_PORTS[scheme]
       elsif @env.has_key?("HTTP_X_FORWARDED_PROTO")
-        DEFAULT_PORTS[@env['HTTP_X_FORWARDED_PROTO']]
+        DEFAULT_PORTS[@env['HTTP_X_FORWARDED_PROTO'].split(',')[0]]
       else
         @env["SERVER_PORT"].to_i
       end
@@ -109,7 +105,7 @@ module Rack
 
     def host
       # Remove port number.
-      host_with_port.to_s.gsub(/:\d+\z/, '')
+      host_with_port.to_s.sub(/:\d+\z/, '')
     end
 
     def script_name=(s); @env["SCRIPT_NAME"] = s.to_s             end
@@ -128,6 +124,9 @@ module Rack
     # Checks the HTTP request method (or verb) to see if it was of type OPTIONS
     def options?; request_method == "OPTIONS" end
 
+    # Checks the HTTP request method (or verb) to see if it was of type LINK
+    def link?;    request_method == "LINK"    end
+
     # Checks the HTTP request method (or verb) to see if it was of type PATCH
     def patch?;   request_method == "PATCH"   end
 
@@ -140,6 +139,9 @@ module Rack
     # Checks the HTTP request method (or verb) to see if it was of type TRACE
     def trace?;   request_method == "TRACE"   end
 
+    # Checks the HTTP request method (or verb) to see if it was of type UNLINK
+    def unlink?;  request_method == "UNLINK"  end
+
 
     # The set of form-data media-types. Requests that do not indicate
     # one of the media types presents in this list will not be eligible
@@ -186,8 +188,9 @@ module Rack
       if @env["rack.request.query_string"] == query_string
         @env["rack.request.query_hash"]
       else
+        p = parse_query(query_string)
         @env["rack.request.query_string"] = query_string
-        @env["rack.request.query_hash"]   = parse_query(query_string)
+        @env["rack.request.query_hash"]   = p
       end
     end
 
@@ -201,7 +204,6 @@ module Rack
       elsif @env["rack.request.form_input"].equal? @env["rack.input"]
         @env["rack.request.form_hash"]
       elsif form_data? || parseable_data?
-        @env["rack.request.form_input"] = @env["rack.input"]
         unless @env["rack.request.form_hash"] = parse_multipart(env)
           form_vars = @env["rack.input"].read
 
@@ -214,6 +216,7 @@ module Rack
 
           @env["rack.input"].rewind
         end
+        @env["rack.request.form_input"] = @env["rack.input"]
         @env["rack.request.form_hash"]
       else
         {}
@@ -331,14 +334,11 @@ module Rack
     end
 
     def accept_encoding
-      @env["HTTP_ACCEPT_ENCODING"].to_s.split(/\s*,\s*/).map do |part|
-        encoding, parameters = part.split(/\s*;\s*/, 2)
-        quality = 1.0
-        if parameters and /\Aq=([\d.]+)/ =~ parameters
-          quality = $1.to_f
-        end
-        [encoding, quality]
-      end
+      parse_http_accept_header(@env["HTTP_ACCEPT_ENCODING"])
+    end
+
+    def accept_language
+      parse_http_accept_header(@env["HTTP_ACCEPT_LANGUAGE"])
     end
 
     def trusted_proxy?(ip)
@@ -353,12 +353,6 @@ module Rack
 
       forwarded_ips = split_ip_addresses(@env['HTTP_X_FORWARDED_FOR'])
 
-      if client_ip = @env['HTTP_CLIENT_IP']
-        # If forwarded_ips doesn't include the client_ip, it might be an
-        # ip spoofing attempt, so we ignore HTTP_CLIENT_IP
-        return client_ip if forwarded_ips.include?(client_ip)
-      end
-
       return reject_trusted_ip_addresses(forwarded_ips).last || @env["REMOTE_ADDR"]
     end
 
@@ -372,11 +366,31 @@ module Rack
       end
 
       def parse_query(qs)
-        Utils.parse_nested_query(qs)
+        Utils.parse_nested_query(qs, '&')
       end
 
       def parse_multipart(env)
         Rack::Multipart.parse_multipart(env)
       end
+
+      def parse_http_accept_header(header)
+        header.to_s.split(/\s*,\s*/).map do |part|
+          attribute, parameters = part.split(/\s*;\s*/, 2)
+          quality = 1.0
+          if parameters and /\Aq=([\d.]+)/ =~ parameters
+            quality = $1.to_f
+          end
+          [attribute, quality]
+        end
+      end
+
+  private
+    def strip_doublequotes(s)
+      if s[0] == ?" && s[-1] == ?"
+        s[1..-2]
+      else
+        s
+      end
+    end
   end
 end

data/lib/rack/response.rb

@@ -1,5 +1,6 @@
 require 'rack/request'
 require 'rack/utils'
+require 'rack/body_proxy'
 require 'time'
 
 module Rack
@@ -121,10 +122,14 @@ module Rack
       def server_error?;       status >= 500 && status < 600;        end
 
       def ok?;                 status == 200;                        end
+      def created?;            status == 201;                        end
+      def accepted?;           status == 202;                        end
       def bad_request?;        status == 400;                        end
+      def unauthorized?;       status == 401;                        end
       def forbidden?;          status == 403;                        end
       def not_found?;          status == 404;                        end
       def method_not_allowed?; status == 405;                        end
+      def i_m_a_teapot?;       status == 418;                        end
       def unprocessable?;      status == 422;                        end
 
       def redirect?;           [301, 302, 303, 307].include? status; end

data/lib/rack/sendfile.rb

@@ -1,4 +1,5 @@
 require 'rack/file'
+require 'rack/body_proxy'
 
 module Rack
 
@@ -22,7 +23,7 @@ module Rack
   #
   # Nginx supports the X-Accel-Redirect header. This is similar to X-Sendfile
   # but requires parts of the filesystem to be mapped into a private URL
-  # hierarachy.
+  # hierarchy.
   #
   # The following example shows the Nginx configuration required to create
   # a private "/files/" area, enable X-Accel-Redirect, and pass the special
@@ -117,8 +118,10 @@ module Rack
           if url = map_accel_path(env, path)
             headers['Content-Length'] = '0'
             headers[type] = url
-            body.close if body.respond_to?(:close)
-            body = []
+            obody = body
+            body = Rack::BodyProxy.new([]) do
+              obody.close if obody.respond_to?(:close)
+            end
           else
             env['rack.errors'].puts "X-Accel-Mapping header missing"
           end
@@ -126,8 +129,10 @@ module Rack
           path = F.expand_path(body.to_path)
           headers['Content-Length'] = '0'
           headers[type] = path
-          body.close if body.respond_to?(:close)
-          body = []
+          obody = body
+          body = Rack::BodyProxy.new([]) do
+            obody.close if obody.respond_to?(:close)
+          end
         when '', nil
         else
           env['rack.errors'].puts "Unknown x-sendfile variation: '#{type}'.\n"

data/lib/rack/server.rb

@@ -1,7 +1,10 @@
 require 'optparse'
 
+
 module Rack
+
   class Server
+
     class Options
       def parse!(args)
         options = {}
@@ -27,6 +30,9 @@ module Rack
           opts.on("-w", "--warn", "turn warnings on for your script") {
             options[:warn] = true
           }
+          opts.on("-q", "--quiet", "turn off logging") {
+            options[:quiet] = true
+          }
 
           opts.on("-I", "--include PATH",
                   "specify $LOAD_PATH (may be used more than once)") { |path|
@@ -66,7 +72,7 @@ module Rack
             options[:daemonize] = d ? true : false
           }
 
-          opts.on("-P", "--pid FILE", "file to store PID (default: rack.pid)") { |f|
+          opts.on("-P", "--pid FILE", "file to store PID") { |f|
             options[:pid] = ::File.expand_path(f)
           }
 
@@ -166,7 +172,7 @@ module Rack
     # * :Port
     #     the port to bind to (used by supporting Rack::Handler)
     # * :AccessLog
-    #     webrick acess log options (or supporting Rack::Handler)
+    #     webrick access log options (or supporting Rack::Handler)
     # * :debug
     #     turn on debug output ($DEBUG = true)
     # * :warn
@@ -185,11 +191,14 @@ module Rack
     end
 
     def default_options
+      environment  = ENV['RACK_ENV'] || 'development'
+      default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
+
       {
-        :environment => ENV['RACK_ENV'] || "development",
+        :environment => environment,
         :pid         => nil,
         :Port        => 9292,
-        :Host        => "0.0.0.0",
+        :Host        => default_host,
         :AccessLog   => [],
         :config      => "config.ru"
       }
@@ -199,29 +208,44 @@ module Rack
       @app ||= options[:builder] ? build_app_from_string : build_app_and_options_from_config
     end
 
-    def self.logging_middleware
-      lambda { |server|
-        server.server.name =~ /CGI/ ? nil : [Rack::CommonLogger, $stderr]
-      }
-    end
+    class << self
+      def logging_middleware
+        lambda { |server|
+          server.server.name =~ /CGI/ || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr]
+        }
+      end
 
-    def self.middleware
-      @middleware ||= begin
+      def default_middleware_by_environment
         m = Hash.new {|h,k| h[k] = []}
-        m["deployment"].concat [
+        m["deployment"] = [
           [Rack::ContentLength],
           [Rack::Chunked],
-          logging_middleware
+          logging_middleware,
+          [Rack::TempfileReaper]
         ]
-        m["development"].concat m["deployment"] + [[Rack::ShowExceptions], [Rack::Lint]]
+        m["development"] = [
+          [Rack::ContentLength],
+          [Rack::Chunked],
+          logging_middleware,
+          [Rack::ShowExceptions],
+          [Rack::Lint],
+          [Rack::TempfileReaper]
+        ]
+
         m
       end
+
+      # Aliased for backwards-compatibility
+      alias :middleware :default_middleware_by_environment
     end
 
-    def middleware
-      self.class.middleware
+    def default_middleware_by_environment
+      self.class.default_middleware_by_environment
     end
 
+    # Aliased for backwards-compatibility
+    alias :middleware :default_middleware_by_environment
+
     def start &blk
       if options[:warn]
         $-w = true
@@ -301,7 +325,8 @@ module Rack
       end
 
       def build_app(app)
-        middleware[options[:environment]].reverse_each do |middleware|
+        middlewares = default_middleware_by_environment[options[:environment]]
+        middlewares.reverse_each do |middleware|
           middleware = middleware.call(self) if middleware.respond_to?(:call)
           next unless middleware
           klass, *args = middleware
@@ -350,6 +375,8 @@ module Rack
         return :exited unless ::File.exist?(options[:pid])
 
         pid = ::File.read(options[:pid]).to_i
+        return :dead if pid == 0
+
         Process.kill(0, pid)
         :running
       rescue Errno::ESRCH
@@ -359,4 +386,5 @@ module Rack
       end
 
   end
+
 end

data/lib/rack/session/abstract/id.rb

@@ -289,7 +289,7 @@ module Rack
           value && !value.empty?
         end
 
-        # Session should be commited if it was loaded, any of specific options like :renew, :drop
+        # Session should be committed if it was loaded, any of specific options like :renew, :drop
         # or :expire_after was given and the security permissions match. Skips if skip is given.
 
         def commit_session?(env, session, options)
@@ -310,7 +310,7 @@ module Rack
         end
 
         def force_options?(options)
-          options.values_at(:renew, :drop, :defer, :expire_after).any?
+          options.values_at(:max_age, :renew, :drop, :defer, :expire_after).any?
         end
 
         def security_matches?(env, options)
@@ -342,11 +342,12 @@ module Rack
           if not data = set_session(env, session_id, session_data, options)
             env["rack.errors"].puts("Warning! #{self.class.name} failed to save session. Content dropped.")
           elsif options[:defer] and not options[:renew]
-            env["rack.errors"].puts("Defering cookie for #{session_id}") if $VERBOSE
+            env["rack.errors"].puts("Deferring cookie for #{session_id}") if $VERBOSE
           else
             cookie = Hash.new
             cookie[:value] = data
             cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
+            cookie[:expires] = Time.now + options[:max_age] if options[:max_age]
             set_cookie(env, headers, cookie.merge!(options))
           end
 
@@ -369,7 +370,7 @@ module Rack
           SessionHash
         end
 
-        # All thread safety and session retrival proceedures should occur here.
+        # All thread safety and session retrieval procedures should occur here.
         # Should return [session_id, session].
         # If nil is provided as the session id, generation of a new valid id
         # should occur within.
@@ -378,7 +379,7 @@ module Rack
           raise '#get_session not implemented.'
         end
 
-        # All thread safety and session storage proceedures should occur here.
+        # All thread safety and session storage procedures should occur here.
         # Must return the session id if the session was saved successfully, or
         # false if the session could not be saved.
 
@@ -386,7 +387,7 @@ module Rack
           raise '#set_session not implemented.'
         end
 
-        # All thread safety and session destroy proceedures should occur here.
+        # All thread safety and session destroy procedures should occur here.
         # Should return a new session id or nil if options[:drop]
 
         def destroy_session(env, sid, options)

data/lib/rack/session/cookie.rb

@@ -1,4 +1,5 @@
 require 'openssl'
+require 'zlib'
 require 'rack/request'
 require 'rack/response'
 require 'rack/session/abstract/id'
@@ -78,6 +79,19 @@ module Rack
             ::Rack::Utils::OkJson.decode(super(str)) rescue nil
           end
         end
+
+        class ZipJSON < Base64
+          def encode(obj)
+            super(Zlib::Deflate.deflate(::Rack::Utils::OkJson.encode(obj)))
+          end
+
+          def decode(str)
+            return unless str
+            ::Rack::Utils::OkJson.decode(Zlib::Inflate.inflate(super(str)))
+          rescue
+            nil
+          end
+        end
       end
 
       # Use no encoding for session cookies
@@ -86,12 +100,6 @@ module Rack
         def decode(str); str; end
       end
 
-      # Reverse string encoding. (trollface)
-      class Reverse
-        def encode(str); str.reverse; end
-        def decode(str); str.reverse; end
-      end
-
       attr_reader :coder
 
       def initialize(app, options={})
@@ -127,7 +135,9 @@ module Rack
           session_data = request.cookies[@key]
 
           if @secrets.size > 0 && session_data
-            session_data, digest = session_data.split("--")
+            digest, session_data = session_data.reverse.split("--", 2)
+            digest.reverse! if digest
+            session_data.reverse! if session_data
             session_data = nil unless digest_match?(session_data, digest)
           end