rack 1.6.0.beta → 1.6.0.beta2

data/lib/rack/head.rb

@@ -12,7 +12,7 @@ class Head
   def call(env)
     status, headers, body = @app.call(env)
 
-    if env["REQUEST_METHOD"] == "HEAD"
+    if env[REQUEST_METHOD] == HEAD
       [
         status, headers, Rack::BodyProxy.new([]) do
           body.close if body.respond_to? :close

data/lib/rack/lint.rb

@@ -57,7 +57,7 @@ module Rack
       ## and the *body*.
       check_content_type status, headers
       check_content_length status, headers
-      @head_request = env["REQUEST_METHOD"] == "HEAD"
+      @head_request = env[REQUEST_METHOD] == "HEAD"
       [status, headers, self]
     end
 
@@ -228,6 +228,23 @@ module Rack
         }
       end
 
+      ## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes.
+      if bufsize = env['rack.multipart.buffer_size']
+        assert("rack.multipart.buffer_size must be an Integer > 0 if specified") {
+          bufsize.is_a?(Integer) && bufsize > 0
+        }
+      end
+
+      ## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile.
+      if tempfile_factory = env['rack.multipart.tempfile_factory']
+        assert("rack.multipart.tempfile_factory must respond to #call") { tempfile_factory.respond_to?(:call) }
+        env['rack.multipart.tempfile_factory'] = lambda do |filename, content_type|
+          io = tempfile_factory.call(filename, content_type)
+          assert("rack.multipart.tempfile_factory return value must respond to #<<") { io.respond_to?(:<<) }
+          io
+        end
+      end
+
       ## The server or the application can store their own data in the
       ## environment, too.  The keys must contain at least one dot,
       ## and should be prefixed uniquely.  The prefix <tt>rack.</tt>
@@ -278,7 +295,7 @@ module Rack
       check_hijack env
 
       ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
-      assert("REQUEST_METHOD unknown: #{env["REQUEST_METHOD"]}") {
+      assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD]}") {
         env["REQUEST_METHOD"] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
       }
 
@@ -510,20 +527,20 @@ module Rack
           ## already present, in rack.hijack_io.
           io = original_hijack.call
           HijackWrapper.new(io)
-          ## 
+          ##
           ## rack.hijack_io must respond to:
           ## <tt>read, write, read_nonblock, write_nonblock, flush, close,
           ## close_read, close_write, closed?</tt>
-          ## 
+          ##
           ## The semantics of these IO methods must be a best effort match to
           ## those of a normal ruby IO or Socket object, using standard
           ## arguments and raising standard exceptions. Servers are encouraged
           ## to simply pass on real IO objects, although it is recognized that
           ## this approach is not directly compatible with SPDY and HTTP 2.0.
-          ## 
+          ##
           ## IO provided in rack.hijack_io should preference the
           ## IO::WaitReadable and IO::WaitWritable APIs wherever supported.
-          ## 
+          ##
           ## There is a deliberate lack of full specification around
           ## rack.hijack_io, as semantics will change from server to server.
           ## Users are encouraged to utilize this API with a knowledge of their
@@ -535,10 +552,10 @@ module Rack
           io
         end
       else
-        ## 
+        ##
         ## If rack.hijack? is false, then rack.hijack should not be set.
         assert("rack.hijack? is false, but rack.hijack is present") { env['rack.hijack'].nil? }
-        ## 
+        ##
         ## If rack.hijack? is false, then rack.hijack_io should not be set.
         assert("rack.hijack? is false, but rack.hijack_io is present") { env['rack.hijack_io'].nil? }
       end
@@ -557,7 +574,7 @@ module Rack
       ## <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
       ## accepting an argument that conforms to the <tt>rack.hijack_io</tt>
       ## protocol.
-      ## 
+      ##
       ## After the headers have been sent, and this hijack callback has been
       ## called, the application is now responsible for the remaining lifecycle
       ## of the IO. The application is also responsible for maintaining HTTP
@@ -566,7 +583,7 @@ module Rack
       ## HTTP/1.1, and not Connection:keep-alive, as there is no protocol for
       ## returning hijacked sockets to the web server. For that purpose, use the
       ## body streaming API instead (progressively yielding strings via each).
-      ## 
+      ##
       ## Servers must ignore the <tt>body</tt> part of the response tuple when
       ## the <tt>rack.hijack</tt> response API is in use.
 
@@ -579,7 +596,7 @@ module Rack
           original_hijack.call HijackWrapper.new(io)
         end
       else
-        ## 
+        ##
         ## The special response header <tt>rack.hijack</tt> must only be set
         ## if the request env has <tt>rack.hijack?</tt> <tt>true</tt>.
         assert('rack.hijack header must not be present if server does not support hijacking') {
@@ -622,11 +639,8 @@ module Rack
         assert("header must not contain Status") { key.downcase != "status" }
         ## contain keys with <tt>:</tt> or newlines in their name,
         assert("header names must not contain : or \\n") { key !~ /[:\n]/ }
-        ## contain keys names that end in <tt>-</tt> or <tt>_</tt>,
-        assert("header names must not end in - or _") { key !~ /[-_]\z/ }
-        ## but only contain keys that consist of
-        ## letters, digits, <tt>_</tt> or <tt>-</tt> and start with a letter.
-        assert("invalid header name: #{key}") { key =~ /\A[a-zA-Z][a-zA-Z0-9_-]*\z/ }
+        ## The header must match the token rule according to RFC 2616
+        assert("invalid header name: #{key}") { key =~ /\A[\!#\$%&'\*\+-.0-9A-Z\^_`a-z\|~]+\z/ }
 
         ## The values of the header must be Strings,
         assert("a header value must be a String, but the value of " +

data/lib/rack/lobster.rb

@@ -12,7 +12,7 @@ module Rack
     I8jyiTlhTcYXkekJAzTyYN6E08A+dk8voBkAVTJQ==".delete("\n ").unpack("m*")[0])
 
     LambdaLobster = lambda { |env|
-      if env["QUERY_STRING"].include?("flip")
+      if env[QUERY_STRING].include?("flip")
         lobster = LobsterString.split("\n").
           map { |line| line.ljust(42).reverse }.
           join("\n")
@@ -26,7 +26,7 @@ module Rack
                  "<pre>", lobster, "</pre>",
                  "<a href='#{href}'>flip!</a>"]
       length = content.inject(0) { |a,e| a+e.size }.to_s
-      [200, {"Content-Type" => "text/html", "Content-Length" => length}, content]
+      [200, {CONTENT_TYPE => "text/html", CONTENT_LENGTH => length}, content]
     }
 
     def call(env)

data/lib/rack/methodoverride.rb

@@ -11,11 +11,11 @@ module Rack
     end
 
     def call(env)
-      if allowed_methods.include?(env["REQUEST_METHOD"])
+      if allowed_methods.include?(env[REQUEST_METHOD])
         method = method_override(env)
         if HTTP_METHODS.include?(method)
-          env["rack.methodoverride.original_method"] = env["REQUEST_METHOD"]
-          env["REQUEST_METHOD"] = method
+          env["rack.methodoverride.original_method"] = env[REQUEST_METHOD]
+          env[REQUEST_METHOD] = method
         end
       end
 

data/lib/rack/mock.rb

@@ -91,15 +91,15 @@ module Rack
 
       env = DEFAULT_ENV.dup
 
-      env["REQUEST_METHOD"] = opts[:method] ? opts[:method].to_s.upcase : "GET"
+      env[REQUEST_METHOD] = opts[:method] ? opts[:method].to_s.upcase : "GET"
       env["SERVER_NAME"] = uri.host || "example.org"
       env["SERVER_PORT"] = uri.port ? uri.port.to_s : "80"
-      env["QUERY_STRING"] = uri.query.to_s
-      env["PATH_INFO"] = (!uri.path || uri.path.empty?) ? "/" : uri.path
+      env[QUERY_STRING] = uri.query.to_s
+      env[PATH_INFO] = (!uri.path || uri.path.empty?) ? "/" : uri.path
       env["rack.url_scheme"] = uri.scheme || "http"
       env["HTTPS"] = env["rack.url_scheme"] == "https" ? "on" : "off"
 
-      env["SCRIPT_NAME"] = opts[:script_name] || ""
+      env[SCRIPT_NAME] = opts[:script_name] || ""
 
       if opts[:fatal]
         env["rack.errors"] = FatalWarner.new
@@ -108,10 +108,10 @@ module Rack
       end
 
       if params = opts[:params]
-        if env["REQUEST_METHOD"] == "GET"
+        if env[REQUEST_METHOD] == "GET"
           params = Utils.parse_nested_query(params) if params.is_a?(String)
-          params.update(Utils.parse_nested_query(env["QUERY_STRING"]))
-          env["QUERY_STRING"] = Utils.build_nested_query(params)
+          params.update(Utils.parse_nested_query(env[QUERY_STRING]))
+          env[QUERY_STRING] = Utils.build_nested_query(params)
         elsif !opts.has_key?(:input)
           opts["CONTENT_TYPE"] = "application/x-www-form-urlencoded"
           if params.is_a?(Hash)

data/lib/rack/multipart/parser.rb

@@ -2,6 +2,8 @@ require 'rack/utils'
 
 module Rack
   module Multipart
+    class MultipartPartLimitError < Errno::EMFILE; end
+
     class Parser
       BUFSIZE = 16384
 
@@ -16,10 +18,14 @@ module Rack
         content_length = env['CONTENT_LENGTH']
         content_length = content_length.to_i if content_length
 
-        new($1, io, content_length, env)
+        tempfile = env['rack.multipart.tempfile_factory'] ||
+          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename)]) }
+        bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
+
+        new($1, io, content_length, env, tempfile, bufsize)
       end
 
-      def initialize(boundary, io, content_length, env)
+      def initialize(boundary, io, content_length, env, tempfile, bufsize)
         @buf            = ""
 
         if @buf.respond_to? :force_encoding
@@ -32,6 +38,8 @@ module Rack
         @content_length = content_length
         @boundary_size  = Utils.bytesize(@boundary) + EOL.size
         @env = env
+        @tempfile       = tempfile
+        @bufsize        = bufsize
 
         if @content_length
           @content_length -= @boundary_size
@@ -44,7 +52,13 @@ module Rack
       def parse
         fast_forward_to_first_boundary
 
+        opened_files = 0
         loop do
+          if Utils.multipart_part_limit > 0
+            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+            opened_files += 1
+          end
+
           head, filename, content_type, name, body =
             get_current_head_and_filename_and_content_type_and_name_and_body
 
@@ -78,7 +92,7 @@ module Rack
 
       def fast_forward_to_first_boundary
         loop do
-          content = @io.read(BUFSIZE)
+          content = @io.read(@bufsize)
           raise EOFError, "bad content body" unless content
           @buf << content
 
@@ -87,7 +101,7 @@ module Rack
             return if read_buffer == full_boundary
           end
 
-          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= BUFSIZE
+          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= @bufsize
         end
       end
 
@@ -117,7 +131,7 @@ module Rack
             end
 
             if filename
-              (@env['rack.tempfiles'] ||= []) << body = Tempfile.new("RackMultipart")
+              (@env['rack.tempfiles'] ||= []) << body = @tempfile.call(filename, content_type)
               body.binmode  if body.respond_to?(:binmode)
             end
 
@@ -129,7 +143,7 @@ module Rack
             body << @buf.slice!(0, @buf.size - (@boundary_size+4))
           end
 
-          content = @io.read(@content_length && BUFSIZE >= @content_length ? @content_length : BUFSIZE)
+          content = @io.read(@content_length && @bufsize >= @content_length ? @content_length : @bufsize)
           raise EOFError, "bad content body"  if content.nil? || content.empty?
 
           @buf << content
@@ -214,7 +228,7 @@ module Rack
           # filename is blank which means no file has been selected
           return
         elsif filename
-          body.rewind
+          body.rewind if body.respond_to?(:rewind)
 
           # Take the basename of the upload's original filename.
           # This handles the full Windows paths given by Internet Explorer

data/lib/rack/recursive.rb

@@ -14,8 +14,8 @@ module Rack
       @url = URI(url)
       @env = env
 
-      @env["PATH_INFO"] =       @url.path
-      @env["QUERY_STRING"] =    @url.query  if @url.query
+      @env[PATH_INFO] =         @url.path
+      @env[QUERY_STRING] =      @url.query  if @url.query
       @env["HTTP_HOST"] =       @url.host   if @url.host
       @env["HTTP_PORT"] =       @url.port   if @url.port
       @env["rack.url_scheme"] = @url.scheme if @url.scheme
@@ -39,7 +39,7 @@ module Rack
     end
 
     def _call(env)
-      @script_name = env["SCRIPT_NAME"]
+      @script_name = env[SCRIPT_NAME]
       @app.call(env.merge('rack.recursive.include' => method(:include)))
     rescue ForwardRequest => req
       call(env.merge(req.env))
@@ -51,8 +51,9 @@ module Rack
         raise ArgumentError, "can only include below #{@script_name}, not #{path}"
       end
 
-      env = env.merge("PATH_INFO" => path, "SCRIPT_NAME" => @script_name,
-                      "REQUEST_METHOD" => "GET",
+      env = env.merge(PATH_INFO => path,
+                      SCRIPT_NAME => @script_name,
+                      REQUEST_METHOD => "GET",
                       "CONTENT_LENGTH" => "0", "CONTENT_TYPE" => "",
                       "rack.input" => StringIO.new(""))
       @app.call(env)

data/lib/rack/request.rb

@@ -18,10 +18,10 @@ module Rack
     end
 
     def body;            @env["rack.input"]                       end
-    def script_name;     @env["SCRIPT_NAME"].to_s                 end
-    def path_info;       @env["PATH_INFO"].to_s                   end
+    def script_name;     @env[SCRIPT_NAME].to_s                   end
+    def path_info;       @env[PATH_INFO].to_s                     end
     def request_method;  @env["REQUEST_METHOD"]                   end
-    def query_string;    @env["QUERY_STRING"].to_s                end
+    def query_string;    @env[QUERY_STRING].to_s                  end
     def content_length;  @env['CONTENT_LENGTH']                   end
 
     def content_type
@@ -116,10 +116,10 @@ module Rack
     def delete?;  request_method == "DELETE"  end
 
     # Checks the HTTP request method (or verb) to see if it was of type GET
-    def get?;     request_method == "GET"     end
+    def get?;     request_method == GET       end
 
     # Checks the HTTP request method (or verb) to see if it was of type HEAD
-    def head?;    request_method == "HEAD"    end
+    def head?;    request_method == HEAD      end
 
     # Checks the HTTP request method (or verb) to see if it was of type OPTIONS
     def options?; request_method == "OPTIONS" end
@@ -173,7 +173,7 @@ module Rack
     # Content-Type header is provided and the request_method is POST.
     def form_data?
       type = media_type
-      meth = env["rack.methodoverride.original_method"] || env['REQUEST_METHOD']
+      meth = env["rack.methodoverride.original_method"] || env[REQUEST_METHOD]
       (meth == 'POST' && type.nil?) || FORM_DATA_MEDIA_TYPES.include?(type)
     end
 

data/lib/rack/response.rb

@@ -20,11 +20,13 @@ module Rack
   class Response
     attr_accessor :length
 
+    CHUNKED = 'chunked'.freeze
+    TRANSFER_ENCODING = 'Transfer-Encoding'.freeze
     def initialize(body=[], status=200, header={})
       @status = status.to_i
       @header = Utils::HeaderHash.new.merge(header)
 
-      @chunked = "chunked" == @header['Transfer-Encoding']
+      @chunked = CHUNKED == @header[TRANSFER_ENCODING]
       @writer  = lambda { |x| @body << x }
       @block   = nil
       @length  = 0
@@ -72,8 +74,8 @@ module Rack
       @block = block
 
       if [204, 205, 304].include?(status.to_i)
-        header.delete "Content-Type"
-        header.delete "Content-Length"
+        header.delete CONTENT_TYPE
+        header.delete CONTENT_LENGTH
         close
         [status.to_i, header, []]
       else
@@ -98,7 +100,7 @@ module Rack
       @length += Rack::Utils.bytesize(s) unless @chunked
       @writer.call s
 
-      header["Content-Length"] = @length.to_s unless @chunked
+      header[CONTENT_LENGTH] = @length.to_s unless @chunked
       str
     end
 
@@ -142,11 +144,11 @@ module Rack
       end
 
       def content_type
-        headers["Content-Type"]
+        headers[CONTENT_TYPE]
       end
 
       def content_length
-        cl = headers["Content-Length"]
+        cl = headers[CONTENT_LENGTH]
         cl ? cl.to_i : cl
       end
 

data/lib/rack/runtime.rb

@@ -12,13 +12,14 @@ module Rack
       @header_name << "-#{name}" if name
     end
 
+    FORMAT_STRING = "%0.6f"
     def call(env)
       start_time = Time.now
       status, headers, body = @app.call(env)
       request_time = Time.now - start_time
 
       if !headers.has_key?(@header_name)
-        headers[@header_name] = "%0.6f" % request_time
+        headers[@header_name] = FORMAT_STRING % request_time
       end
 
       [status, headers, body]

data/lib/rack/sendfile.rb

@@ -116,7 +116,7 @@ module Rack
         when 'X-Accel-Redirect'
           path = F.expand_path(body.to_path)
           if url = map_accel_path(env, path)
-            headers['Content-Length'] = '0'
+            headers[CONTENT_LENGTH] = '0'
             headers[type] = url
             obody = body
             body = Rack::BodyProxy.new([]) do
@@ -127,7 +127,7 @@ module Rack
           end
         when 'X-Sendfile', 'X-Lighttpd-Send-File'
           path = F.expand_path(body.to_path)
-          headers['Content-Length'] = '0'
+          headers[CONTENT_LENGTH] = '0'
           headers[type] = path
           obody = body
           body = Rack::BodyProxy.new([]) do

data/lib/rack/server.rb

@@ -235,17 +235,15 @@ module Rack
         m
       end
 
-      # Aliased for backwards-compatibility
-      alias :middleware :default_middleware_by_environment
+      def middleware
+        default_middleware_by_environment
+      end
     end
 
-    def default_middleware_by_environment
-      self.class.default_middleware_by_environment
+    def middleware
+      self.class.middleware
     end
 
-    # Aliased for backwards-compatibility
-    alias :middleware :default_middleware_by_environment
-
     def start &blk
       if options[:warn]
         $-w = true
@@ -312,7 +310,7 @@ module Rack
 
         # Don't evaluate CGI ISINDEX parameters.
         # http://www.meb.uni-bonn.de/docs/cgi/cl.html
-        args.clear if ENV.include?("REQUEST_METHOD")
+        args.clear if ENV.include?(REQUEST_METHOD)
 
         options.merge! opt_parser.parse!(args)
         options[:config] = ::File.expand_path(options[:config])
@@ -325,8 +323,7 @@ module Rack
       end
 
       def build_app(app)
-        middlewares = default_middleware_by_environment[options[:environment]]
-        middlewares.reverse_each do |middleware|
+        middleware[options[:environment]].reverse_each do |middleware|
           middleware = middleware.call(self) if middleware.respond_to?(:call)
           next unless middleware
           klass, *args = middleware