rack 1.6.0.beta → 1.6.0.beta2

data/lib/rack/showexceptions.rb

@@ -39,8 +39,8 @@ module Rack
       [
         500,
         {
-          "Content-Type" => content_type,
-          "Content-Length" => Rack::Utils.bytesize(body).to_s,
+          CONTENT_TYPE => content_type,
+          CONTENT_LENGTH => Rack::Utils.bytesize(body).to_s,
         },
         [body],
       ]

data/lib/rack/showstatus.rb

@@ -3,7 +3,7 @@ require 'rack/request'
 require 'rack/utils'
 
 module Rack
-  # Rack::ShowStatus catches all empty responses and replaces them 
+  # Rack::ShowStatus catches all empty responses and replaces them
   # with a site explaining the error.
   #
   # Additional details can be put into <tt>rack.showstatus.detail</tt>
@@ -19,7 +19,7 @@ module Rack
     def call(env)
       status, headers, body = @app.call(env)
       headers = Utils::HeaderHash.new(headers)
-      empty = headers['Content-Length'].to_i <= 0
+      empty = headers[CONTENT_LENGTH].to_i <= 0
 
       # client or server error, or explicit message
       if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
@@ -35,7 +35,7 @@ module Rack
 
         body = @template.result(binding)
         size = Rack::Utils.bytesize(body)
-        [status, headers.merge("Content-Type" => "text/html", "Content-Length" => size.to_s), [body]]
+        [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]]
       else
         [status, headers, body]
       end

data/lib/rack/static.rb

@@ -107,7 +107,7 @@ module Rack
     end
 
     def call(env)
-      path = env["PATH_INFO"]
+      path = env[PATH_INFO]
 
       if can_serve(path)
         env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)

data/lib/rack/urlmap.rb

@@ -41,7 +41,7 @@ module Rack
     end
 
     def call(env)
-      path = env["PATH_INFO"]
+      path = env[PATH_INFO]
       script_name = env['SCRIPT_NAME']
       hHost = env['HTTP_HOST']
       sName = env['SERVER_NAME']
@@ -66,7 +66,7 @@ module Rack
         return app.call(env)
       end
 
-      [404, {"Content-Type" => "text/plain", "X-Cascade" => "pass"}, ["Not Found: #{path}"]]
+      [404, {CONTENT_TYPE => "text/plain", "X-Cascade" => "pass"}, ["Not Found: #{path}"]]
 
     ensure
       env['PATH_INFO'] = path

data/lib/rack/utils.rb

@@ -61,12 +61,18 @@ module Rack
 
     class << self
       attr_accessor :key_space_limit
+      attr_accessor :multipart_part_limit
     end
 
     # The default number of bytes to allow parameter keys to take up.
     # This helps prevent a rogue client from flooding a Request.
     self.key_space_limit = 65536
 
+    # The maximum number of parts a request can contain. Accepting to many part
+    # can lead to the server running out of file handles.
+    # Set to `0` for no limit.
+    self.multipart_part_limit = (ENV['RACK_MULTIPART_LIMIT'] || 128).to_i
+
     # Stolen from Mongrel, with some small modifications:
     # Parses a query string by breaking it up at the '&'
     # and ';' characters.  You can also use this to parse
@@ -418,7 +424,7 @@ module Rack
     # Constant time string comparison.
     #
     # NOTE: the values compared should be of fixed length, such as strings
-    # that have aready been processed by HMAC.  This should not be used
+    # that have already been processed by HMAC. This should not be used
     # on variable length plaintext strings because it could leak length info
     # via timing attacks.
     def secure_compare(a, b)
@@ -567,9 +573,9 @@ module Rack
 
     # Every standard HTTP code mapped to the appropriate message.
     # Generated with:
-    # ruby -ropen-uri -rnokogiri -e "Nokogiri::XML(open(
-    #   'http://www.iana.org/assignments/http-status-codes/http-status-codes.xml')).css('record').each{|r|
-    #   name = r.css('description').text; puts %Q[#{r.css('value').text} => '#{name}',] unless name == 'Unassigned' }"
+    # curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv | \
+    #   ruby -ne 'm = /^(\d{3}),(?!Unassigned|\(Unused\))([^,]+)/.match($_) and \
+    #             puts "#{m[1]} => \x27#{m[2].strip}\x27,"'
     HTTP_STATUS_CODES = {
       100 => 'Continue',
       101 => 'Switching Protocols',
@@ -590,7 +596,6 @@ module Rack
       303 => 'See Other',
       304 => 'Not Modified',
       305 => 'Use Proxy',
-      306 => 'Reserved',
       307 => 'Temporary Redirect',
       308 => 'Permanent Redirect',
       400 => 'Bad Request',
@@ -606,12 +611,11 @@ module Rack
       410 => 'Gone',
       411 => 'Length Required',
       412 => 'Precondition Failed',
-      413 => 'Request Entity Too Large',
-      414 => 'Request-URI Too Long',
+      413 => 'Payload Too Large',
+      414 => 'URI Too Long',
       415 => 'Unsupported Media Type',
-      416 => 'Requested Range Not Satisfiable',
+      416 => 'Range Not Satisfiable',
       417 => 'Expectation Failed',
-      418 => 'I\'m a teapot',
       422 => 'Unprocessable Entity',
       423 => 'Locked',
       424 => 'Failed Dependency',
@@ -625,7 +629,7 @@ module Rack
       503 => 'Service Unavailable',
       504 => 'Gateway Timeout',
       505 => 'HTTP Version Not Supported',
-      506 => 'Variant Also Negotiates (Experimental)',
+      506 => 'Variant Also Negotiates',
       507 => 'Insufficient Storage',
       508 => 'Loop Detected',
       510 => 'Not Extended',

data/rack.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = "rack"
-  s.version         = "1.6.0.beta"
+  s.version         = "1.6.0.beta2"
   s.platform        = Gem::Platform::RUBY
   s.summary         = "a modular Ruby webserver interface"
   s.license         = "MIT"

data/test/spec_body_proxy.rb

@@ -1,5 +1,6 @@
 require 'rack/body_proxy'
 require 'stringio'
+require 'ostruct'
 
 describe Rack::BodyProxy do
   should 'call each on the wrapped body' do
@@ -49,6 +50,21 @@ describe Rack::BodyProxy do
     called.should.equal true
   end
 
+  should 'allow multiple arguments in respond_to?' do
+    body  = []
+    proxy = Rack::BodyProxy.new(body) { }
+    proc { proxy.respond_to?(:foo, false) }.should.not.raise
+  end
+
+  should 'not respond to :to_ary' do
+    body = OpenStruct.new(:to_ary => true)
+    body.respond_to?(:to_ary).should.equal true
+
+    proxy = Rack::BodyProxy.new(body) { }
+    proxy.respond_to?(:to_ary).should.equal false
+    proxy.respond_to?("to_ary").should.equal false
+  end
+
   should 'not close more than one time' do
     count = 0
     proxy = Rack::BodyProxy.new([]) { count += 1; raise "Block invoked more than 1 time!" if count > 1 }

data/test/spec_lint.rb

@@ -1,4 +1,5 @@
 require 'stringio'
+require 'tempfile'
 require 'rack/lint'
 require 'rack/mock'
 
@@ -74,6 +75,23 @@ describe Rack::Lint do
     }.should.raise(Rack::Lint::LintError).
       message.should.equal("logger [] must respond to info")
 
+    lambda {
+      Rack::Lint.new(nil).call(env("rack.multipart.buffer_size" => 0))
+    }.should.raise(Rack::Lint::LintError).
+      message.should.equal("rack.multipart.buffer_size must be an Integer > 0 if specified")
+
+    lambda {
+      Rack::Lint.new(nil).call(env("rack.multipart.tempfile_factory" => Tempfile))
+    }.should.raise(Rack::Lint::LintError).
+      message.should.equal("rack.multipart.tempfile_factory must respond to #call")
+
+    lambda {
+      Rack::Lint.new(lambda { |env|
+        env['rack.multipart.tempfile_factory'].call("testfile", "text/plain")
+      }).call(env("rack.multipart.tempfile_factory" => lambda { |filename, content_type| Object.new }))
+    }.should.raise(Rack::Lint::LintError).
+      message.should.equal("rack.multipart.tempfile_factory return value must respond to #<<")
+
     lambda {
       Rack::Lint.new(nil).call(env("REQUEST_METHOD" => "FUCKUP?"))
     }.should.raise(Rack::Lint::LintError).
@@ -191,17 +209,10 @@ describe Rack::Lint do
 
     lambda {
       Rack::Lint.new(lambda { |env|
-                       [200, {"Content-" => "text/plain"}, []]
-                     }).call(env({}))
-    }.should.raise(Rack::Lint::LintError).
-      message.should.match(/must not end/)
-
-    lambda {
-      Rack::Lint.new(lambda { |env|
-                       [200, {"..%%quark%%.." => "text/plain"}, []]
+                       [200, {"([{<quark>}])?" => "text/plain"}, []]
                      }).call(env({}))
     }.should.raise(Rack::Lint::LintError).
-      message.should.equal("invalid header name: ..%%quark%%..")
+      message.should.equal("invalid header name: ([{<quark>}])?")
 
     lambda {
       Rack::Lint.new(lambda { |env|

data/test/spec_multipart.rb

@@ -153,6 +153,12 @@ describe Rack::Multipart do
     params["files"][:tempfile].read.should.equal "contents"
   end
 
+  should "preserve extension in the created tempfile" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
+    params = Rack::Multipart.parse_multipart(env)
+    File.extname(params["files"][:tempfile].path).should.equal ".txt"
+  end
+
   should "parse multipart upload with text file with no name field" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_and_no_name))
     params = Rack::Multipart.parse_multipart(env)
@@ -165,6 +171,15 @@ describe Rack::Multipart do
     params["file1.txt"][:tempfile].read.should.equal "contents"
   end
 
+  should "parse multipart upload file using custom tempfile class" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
+    my_tempfile = ""
+    env['rack.multipart.tempfile_factory'] = lambda { |filename, content_type| my_tempfile }
+    params = Rack::Multipart.parse_multipart(env)
+    params["files"][:tempfile].object_id.should.equal my_tempfile.object_id
+    my_tempfile.should.equal "contents"
+  end
+
   should "parse multipart upload with nested parameters" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:nested))
     params = Rack::Multipart.parse_multipart(env)
@@ -436,22 +451,29 @@ Content-Type: image/jpeg\r
   end
 
   it "builds complete params with the chunk size of 16384 slicing exactly on boundary" do
-    data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read }.gsub(/\n/, "\r\n")
-    options = {
-      "CONTENT_TYPE" => "multipart/form-data; boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
-      "CONTENT_LENGTH" => data.length.to_s,
-      :input => StringIO.new(data)
-    }
-    env = Rack::MockRequest.env_for("/", options)
-    params = Rack::Multipart.parse_multipart(env)
-
-    params.should.not.equal nil
-    params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
-    params["AAAAAAAAAAAAAAAAAAA"].keys.should.include "PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
-    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include "new"
-    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include "-2"
-    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include "ba_unit_id"
-    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal "1017"
+    begin
+      previous_limit = Rack::Utils.multipart_part_limit
+      Rack::Utils.multipart_part_limit = 256
+
+      data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read }.gsub(/\n/, "\r\n")
+      options = {
+        "CONTENT_TYPE" => "multipart/form-data; boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
+        "CONTENT_LENGTH" => data.length.to_s,
+        :input => StringIO.new(data)
+      }
+      env = Rack::MockRequest.env_for("/", options)
+      params = Rack::Multipart.parse_multipart(env)
+
+      params.should.not.equal nil
+      params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
+      params["AAAAAAAAAAAAAAAAAAA"].keys.should.include "PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
+      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include "new"
+      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include "-2"
+      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include "ba_unit_id"
+      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal "1017"
+    ensure
+      Rack::Utils.multipart_part_limit = previous_limit
+    end
   end
 
   should "return nil if no UploadedFiles were used" do

data/test/spec_request.rb

@@ -2,6 +2,7 @@ require 'stringio'
 require 'cgi'
 require 'rack/request'
 require 'rack/mock'
+require 'securerandom'
 
 describe Rack::Request do
   should "wrap the rack variables" do
@@ -744,6 +745,22 @@ EOF
     f[:tempfile].size.should.equal 76
   end
 
+  should "MultipartPartLimitError when request has too many multipart parts if limit set" do
+    begin
+      data = 10000.times.map { "--AaB03x\r\nContent-Type: text/plain\r\nContent-Disposition: attachment; name=#{SecureRandom.hex(10)}; filename=#{SecureRandom.hex(10)}\r\n\r\ncontents\r\n" }.join("\r\n")
+      data += "--AaB03x--\r"
+
+      options = {
+        "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+        "CONTENT_LENGTH" => data.length.to_s,
+        :input => StringIO.new(data)
+      }
+
+      request = Rack::Request.new Rack::MockRequest.env_for("/", options)
+      lambda { request.POST }.should.raise(Rack::Multipart::MultipartPartLimitError)
+    end
+  end
+
   should "parse big multipart form data" do
     input = <<EOF
 --AaB03x\r

data/test/spec_server.rb

@@ -28,21 +28,35 @@ describe Rack::Server do
     Rack::MockRequest.new(server.app).get("/").body.to_s.should.equal 'success'
   end
 
-  should "not include Rack::Lint in deployment or none environments" do
+  should "allow subclasses to override middleware" do
+    server = Class.new(Rack::Server).class_eval { def middleware; Hash.new [] end; self }
+    server.middleware['deployment'].should.not.equal []
+    server.new(:app => 'foo').middleware['deployment'].should.equal []
+  end
+
+  should "allow subclasses to override default middleware" do
+    server = Class.new(Rack::Server).instance_eval { def default_middleware_by_environment; Hash.new [] end; self }
+    server.middleware['deployment'].should.equal []
+    server.new(:app => 'foo').middleware['deployment'].should.equal []
+  end
+
+  should "only provide default middleware for development and deployment environments" do
+    Rack::Server.default_middleware_by_environment.keys.sort.should.equal %w(deployment development)
+  end
+
+  should "always return an empty array for unknown environments" do
     server = Rack::Server.new(:app => 'foo')
-    server.default_middleware_by_environment['deployment'].flatten.should.not.include(Rack::Lint)
-    server.default_middleware_by_environment['none'].flatten.should.not.include(Rack::Lint)
+    server.middleware['production'].should.equal []
   end
 
-  should "not include Rack::ShowExceptions in deployment or none environments" do
+  should "not include Rack::Lint in deployment environment" do
     server = Rack::Server.new(:app => 'foo')
-    server.default_middleware_by_environment['deployment'].flatten.should.not.include(Rack::ShowExceptions)
-    server.default_middleware_by_environment['none'].flatten.should.not.include(Rack::ShowExceptions)
+    server.middleware['deployment'].flatten.should.not.include(Rack::Lint)
   end
 
-  should "always return an empty array for unknown environments" do
+  should "not include Rack::ShowExceptions in deployment environment" do
     server = Rack::Server.new(:app => 'foo')
-    server.default_middleware_by_environment['production'].should.equal []
+    server.middleware['deployment'].flatten.should.not.include(Rack::ShowExceptions)
   end
 
   should "include Rack::TempfileReaper in deployment environment" do
@@ -66,11 +80,6 @@ describe Rack::Server do
     Rack::Server.logging_middleware.call(server).should.eql(nil)
   end
 
-  should "not force any middleware under the none configuration" do
-    server = Rack::Server.new(:app => 'foo')
-    server.default_middleware_by_environment['none'].should.be.empty
-  end
-
   should "use a full path to the pidfile" do
     # avoids issues with daemonize chdir
     opts = Rack::Server.new.send(:parse_options, %w[--pid testing.pid])

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 1.6.0.beta
+  version: 1.6.0.beta2
 platform: ruby
 authors:
 - Christian Neukirchen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-18 00:00:00.000000000 Z
+date: 2014-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bacon