rack 1.6.11 → 2.1.4

data/lib/rack/multipart/parser.rb

@@ -1,252 +1,371 @@
+# frozen_string_literal: true
+
 require 'rack/utils'
+require 'strscan'
+require 'rack/core_ext/regexp'
 
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
 
     class Parser
-      BUFSIZE = 16384
-      DUMMY = Struct.new(:parse).new
+      using ::Rack::RegexpExtensions
 
-      def self.create(env)
-        return DUMMY unless env['CONTENT_TYPE'] =~ MULTIPART
+      BUFSIZE = 1_048_576
+      TEXT_PLAIN = "text/plain"
+      TEMPFILE_FACTORY = lambda { |filename, content_type|
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
+      }
 
-        io = env['rack.input']
-        io.rewind
+      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
 
-        content_length = env['CONTENT_LENGTH']
-        content_length = content_length.to_i if content_length
+      class BoundedIO # :nodoc:
+        def initialize(io, content_length)
+          @io             = io
+          @content_length = content_length
+          @cursor = 0
+        end
 
-        tempfile = env['rack.multipart.tempfile_factory'] ||
-          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
-        bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
+        def read(size, outbuf = nil)
+          return if @cursor >= @content_length
 
-        new($1, io, content_length, env, tempfile, bufsize)
-      end
+          left = @content_length - @cursor
 
-      def initialize(boundary, io, content_length, env, tempfile, bufsize)
-        @buf            = ""
+          str = if left < size
+                  @io.read left, outbuf
+                else
+                  @io.read size, outbuf
+                end
 
-        if @buf.respond_to? :force_encoding
-          @buf.force_encoding Encoding::ASCII_8BIT
-        end
+          if str
+            @cursor += str.bytesize
+          else
+            # Raise an error for mismatching Content-Length and actual contents
+            raise EOFError, "bad content body"
+          end
 
-        @params         = Utils::KeySpaceConstrainedParams.new
-        @boundary       = "--#{boundary}"
-        @io             = io
-        @content_length = content_length
-        @boundary_size  = Utils.bytesize(@boundary) + EOL.size
-        @env = env
-        @tempfile       = tempfile
-        @bufsize        = bufsize
+          str
+        end
 
-        if @content_length
-          @content_length -= @boundary_size
+        def rewind
+          @io.rewind
         end
+      end
+
+      MultipartInfo = Struct.new :params, :tmp_files
+      EMPTY         = MultipartInfo.new(nil, [])
 
-        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
-        @full_boundary = @boundary + EOL
+      def self.parse_boundary(content_type)
+        return unless content_type
+        data = content_type.match(MULTIPART)
+        return unless data
+        data[1]
       end
 
-      def parse
-        fast_forward_to_first_boundary
+      def self.parse(io, content_length, content_type, tmpfile, bufsize, qp)
+        return EMPTY if 0 == content_length
+
+        boundary = parse_boundary content_type
+        return EMPTY unless boundary
+
+        io = BoundedIO.new(io, content_length) if content_length
+        outbuf = String.new
+
+        parser = new(boundary, tmpfile, bufsize, qp)
+        parser.on_read io.read(bufsize, outbuf)
 
-        opened_files = 0
         loop do
+          break if parser.state == :DONE
+          parser.on_read io.read(bufsize, outbuf)
+        end
+
+        io.rewind
+        parser.result
+      end
 
-          head, filename, content_type, name, body =
-            get_current_head_and_filename_and_content_type_and_name_and_body
+      class Collector
+        class MimePart < Struct.new(:body, :head, :filename, :content_type, :name)
+          def get_data
+            data = body
+            if filename == ""
+              # filename is blank which means no file has been selected
+              return
+            elsif filename
+              body.rewind if body.respond_to?(:rewind)
+
+              # Take the basename of the upload's original filename.
+              # This handles the full Windows paths given by Internet Explorer
+              # (and perhaps other broken user agents) without affecting
+              # those which give the lone filename.
+              fn = filename.split(/[\/\\]/).last
+
+              data = { filename: fn, type: content_type,
+                      name: name, tempfile: body, head: head }
+            elsif !filename && content_type && body.is_a?(IO)
+              body.rewind
+
+              # Generic multipart cases, not coming from a form
+              data = { type: content_type,
+                      name: name, tempfile: body, head: head }
+            end
 
-          if Utils.multipart_part_limit > 0
-            opened_files += 1 if filename
-            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+            yield data
           end
+        end
 
-          # Save the rest.
-          if i = @buf.index(rx)
-            body << @buf.slice!(0, i)
-            @buf.slice!(0, @boundary_size+2)
+        class BufferPart < MimePart
+          def file?; false; end
+          def close; end
+        end
 
-            @content_length = -1  if $1 == "--"
-          end
+        class TempfilePart < MimePart
+          def file?; true; end
+          def close; body.close; end
+        end
 
-          get_data(filename, body, content_type, name, head) do |data|
-            tag_multipart_encoding(filename, content_type, name, data)
+        include Enumerable
 
-            Utils.normalize_params(@params, name, data)
-          end
+        def initialize tempfile
+          @tempfile = tempfile
+          @mime_parts = []
+          @open_files = 0
+        end
 
-          # break if we're at the end of a buffer, but not if it is the end of a field
-          break if (@buf.empty? && $1 != EOL) || @content_length == -1
+        def each
+          @mime_parts.each { |part| yield part }
         end
 
-        @io.rewind
+        def on_mime_head mime_index, head, filename, content_type, name
+          if filename
+            body = @tempfile.call(filename, content_type)
+            body.binmode if body.respond_to?(:binmode)
+            klass = TempfilePart
+            @open_files += 1
+          else
+            body = String.new
+            klass = BufferPart
+          end
 
-        @params.to_params_hash
-      end
+          @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
 
-      private
-      def full_boundary; @full_boundary; end
+          check_open_files
+        end
 
-      def rx; @rx; end
+        def on_mime_body mime_index, content
+          @mime_parts[mime_index].body << content
+        end
 
-      def fast_forward_to_first_boundary
-        loop do
-          content = @io.read(@bufsize)
-          raise EOFError, "bad content body" unless content
-          @buf << content
+        def on_mime_finish mime_index
+        end
 
-          while @buf.gsub!(/\A([^\n]*\n)/, '')
-            read_buffer = $1
-            return if read_buffer == full_boundary
-          end
+        private
 
-          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= @bufsize
+        def check_open_files
+          if Utils.multipart_part_limit > 0
+            if @open_files >= Utils.multipart_part_limit
+              @mime_parts.each(&:close)
+              raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
+            end
+          end
         end
       end
 
-      def get_current_head_and_filename_and_content_type_and_name_and_body
-        head = nil
-        body = ''
+      attr_reader :state
 
-        if body.respond_to? :force_encoding
-          body.force_encoding Encoding::ASCII_8BIT
-        end
+      def initialize(boundary, tempfile, bufsize, query_parser)
+        @query_parser   = query_parser
+        @params         = query_parser.make_params
+        @boundary       = "--#{boundary}"
+        @bufsize        = bufsize
 
-        filename = content_type = name = nil
+        @full_boundary = @boundary
+        @end_boundary = @boundary + '--'
+        @state = :FAST_FORWARD
+        @mime_index = 0
+        @collector = Collector.new tempfile
 
-        until head && @buf =~ rx
-          if !head && i = @buf.index(EOL+EOL)
-            head = @buf.slice!(0, i+2) # First \r\n
+        @sbuf = StringScanner.new("".dup)
+        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @head_regex = /(.*?#{EOL})#{EOL}/m
+      end
 
-            @buf.slice!(0, 2)          # Second \r\n
+      def on_read content
+        handle_empty_content!(content)
+        @sbuf.concat content
+        run_parser
+      end
 
-            content_type = head[MULTIPART_CONTENT_TYPE, 1]
-            name = head[MULTIPART_CONTENT_DISPOSITION, 1] || head[MULTIPART_CONTENT_ID, 1]
+      def result
+        @collector.each do |part|
+          part.get_data do |data|
+            tag_multipart_encoding(part.filename, part.content_type, part.name, data)
+            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
+          end
+        end
+        MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
+      end
 
-            filename = get_filename(head)
+      private
 
-            if name.nil? || name.empty? && filename
-              name = filename
-            end
+      def run_parser
+        loop do
+          case @state
+          when :FAST_FORWARD
+            break if handle_fast_forward == :want_read
+          when :CONSUME_TOKEN
+            break if handle_consume_token == :want_read
+          when :MIME_HEAD
+            break if handle_mime_head == :want_read
+          when :MIME_BODY
+            break if handle_mime_body == :want_read
+          when :DONE
+            break
+          end
+        end
+      end
 
-            if filename
-              (@env['rack.tempfiles'] ||= []) << body = @tempfile.call(filename, content_type)
-              body.binmode  if body.respond_to?(:binmode)
-            end
+      def handle_fast_forward
+        if consume_boundary
+          @state = :MIME_HEAD
+        else
+          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
+          :want_read
+        end
+      end
+
+      def handle_consume_token
+        tok = consume_boundary
+        # break if we're at the end of a buffer, but not if it is the end of a field
+        @state = if tok == :END_BOUNDARY || (@sbuf.eos? && tok != :BOUNDARY)
+          :DONE
+        else
+          :MIME_HEAD
+        end
+      end
 
-            next
+      def handle_mime_head
+        if @sbuf.scan_until(@head_regex)
+          head = @sbuf[1]
+          content_type = head[MULTIPART_CONTENT_TYPE, 1]
+          if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
+            name = Rack::Auth::Digest::Params::dequote(name)
+          else
+            name = head[MULTIPART_CONTENT_ID, 1]
           end
 
-          # Save the read body part.
-          if head && (@boundary_size+4 < @buf.size)
-            body << @buf.slice!(0, @buf.size - (@boundary_size+4))
+          filename = get_filename(head)
+
+          if name.nil? || name.empty?
+            name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
 
-          content = @io.read(@content_length && @bufsize >= @content_length ? @content_length : @bufsize)
-          raise EOFError, "bad content body"  if content.nil? || content.empty?
+          @collector.on_mime_head @mime_index, head, filename, content_type, name
+          @state = :MIME_BODY
+        else
+          :want_read
+        end
+      end
 
-          @buf << content
-          @content_length -= content.size if @content_length
+      def handle_mime_body
+        if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
+          body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
+          @collector.on_mime_body @mime_index, body
+          @sbuf.pos += body.length + 2 # skip \r\n after the content
+          @state = :CONSUME_TOKEN
+          @mime_index += 1
+        else
+          # Save what we have so far
+          if @rx_max_size < @sbuf.rest_size
+            delta = @sbuf.rest_size - @rx_max_size
+            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
+            @sbuf.pos += delta
+            @sbuf.string = @sbuf.rest
+          end
+          :want_read
         end
+      end
 
-        [head, filename, content_type, name, body]
+      def full_boundary; @full_boundary; end
+
+      def consume_boundary
+        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
+          case read_buffer.strip
+          when full_boundary then return :BOUNDARY
+          when @end_boundary then return :END_BOUNDARY
+          end
+          return if @sbuf.eos?
+        end
       end
 
       def get_filename(head)
         filename = nil
         case head
         when RFC2183
-          filename = Hash[head.scan(DISPPARM)]['filename']
-          filename = $1 if filename and filename =~ /^"(.*)"$/
+          params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
+
+          if filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
+          elsif filename = params['filename*']
+            encoding, _, filename = filename.split("'", 3)
+          end
         when BROKEN_QUOTED, BROKEN_UNQUOTED
           filename = $1
         end
 
         return unless filename
 
-        if filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
-          filename = Utils.unescape(filename)
+        if filename.scan(/%.?.?/).all? { |s| /%[0-9a-fA-F]{2}/.match?(s) }
+          filename = Utils.unescape_path(filename)
         end
 
-        scrub_filename filename
+        filename.scrub!
 
         if filename !~ /\\[^\\"]/
           filename = filename.gsub(/\\(.)/, '\1')
         end
-        filename
-      end
 
-      if "<3".respond_to? :valid_encoding?
-        def scrub_filename(filename)
-          unless filename.valid_encoding?
-            # FIXME: this force_encoding is for Ruby 2.0 and 1.9 support.
-            # We can remove it after they are dropped
-            filename.force_encoding(Encoding::ASCII_8BIT)
-            filename.encode!(:invalid => :replace, :undef => :replace)
-          end
+        if encoding
+          filename.force_encoding ::Encoding.find(encoding)
         end
 
-        CHARSET    = "charset"
-        TEXT_PLAIN = "text/plain"
+        filename
+      end
+
+      CHARSET = "charset"
 
-        def tag_multipart_encoding(filename, content_type, name, body)
-          name.force_encoding Encoding::UTF_8
+      def tag_multipart_encoding(filename, content_type, name, body)
+        name = name.to_s
+        encoding = Encoding::UTF_8
 
-          return if filename
+        name.force_encoding(encoding)
 
-          encoding = Encoding::UTF_8
+        return if filename
 
-          if content_type
-            list         = content_type.split(';')
-            type_subtype = list.first
-            type_subtype.strip!
-            if TEXT_PLAIN == type_subtype
-              rest         = list.drop 1
-              rest.each do |param|
-                k,v = param.split('=', 2)
-                k.strip!
-                v.strip!
-                encoding = Encoding.find v if k == CHARSET
-              end
+        if content_type
+          list         = content_type.split(';')
+          type_subtype = list.first
+          type_subtype.strip!
+          if TEXT_PLAIN == type_subtype
+            rest         = list.drop 1
+            rest.each do |param|
+              k, v = param.split('=', 2)
+              k.strip!
+              v.strip!
+              v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
+              encoding = Encoding.find v if k == CHARSET
             end
           end
-
-          name.force_encoding encoding
-          body.force_encoding encoding
-        end
-      else
-        def scrub_filename(filename)
-        end
-        def tag_multipart_encoding(filename, content_type, name, body)
         end
-      end
-
-      def get_data(filename, body, content_type, name, head)
-        data = body
-        if filename == ""
-          # filename is blank which means no file has been selected
-          return
-        elsif filename
-          body.rewind if body.respond_to?(:rewind)
-
-          # Take the basename of the upload's original filename.
-          # This handles the full Windows paths given by Internet Explorer
-          # (and perhaps other broken user agents) without affecting
-          # those which give the lone filename.
-          filename = filename.split(/[\/\\]/).last
 
-          data = {:filename => filename, :type => content_type,
-                  :name => name, :tempfile => body, :head => head}
-        elsif !filename && content_type && body.is_a?(IO)
-          body.rewind
+        name.force_encoding(encoding)
+        body.force_encoding(encoding)
+      end
 
-          # Generic multipart cases, not coming from a form
-          data = {:type => content_type,
-                  :name => name, :tempfile => body, :head => head}
+      def handle_empty_content!(content)
+        if content.nil? || content.empty?
+          raise EOFError
         end
-
-        yield data
       end
     end
   end

data/lib/rack/multipart/uploaded_file.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Multipart
     class UploadedFile
@@ -11,8 +13,7 @@ module Rack
         raise "#{path} file does not exist" unless ::File.exist?(path)
         @content_type = content_type
         @original_filename = ::File.basename(path)
-        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)])
-        @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding)
+        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY)
         @tempfile.binmode if binary
         FileUtils.copy_file(path, @tempfile.path)
       end

data/lib/rack/multipart.rb

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
+
+require 'rack/multipart/parser'
+
 module Rack
   # A multipart form data parser, adapted from IOWA.
   #
   # Usually, Rack::Request#POST takes care of calling this.
   module Multipart
     autoload :UploadedFile, 'rack/multipart/uploaded_file'
-    autoload :Parser, 'rack/multipart/parser'
     autoload :Generator, 'rack/multipart/generator'
 
     EOL = "\r\n"
@@ -12,17 +15,45 @@ module Rack
     MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
-    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
-    BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
-    BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
+    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+    BROKEN_QUOTED = /^#{CONDISP}.*;\s*filename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
+    BROKEN_UNQUOTED = /^#{CONDISP}.*;\s*filename=(#{TOKEN})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name="?([^\";]*)"?/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    # Updated definitions from RFC 2231
+    ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}
+    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
+    SECTION = /\*[0-9]+/
+    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
+    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
+    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
+    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
+    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
+    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
+    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
+    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
+    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
+    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
+    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
 
     class << self
-      def parse_multipart(env)
-        Parser.create(env).parse
+      def parse_multipart(env, params = Rack::Utils.default_query_parser)
+        extract_multipart Rack::Request.new(env), params
+      end
+
+      def extract_multipart(req, params = Rack::Utils.default_query_parser)
+        io = req.get_header(RACK_INPUT)
+        io.rewind
+        content_length = req.content_length
+        content_length = content_length.to_i if content_length
+
+        tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY
+        bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE
+
+        info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params
+        req.set_header(RACK_TEMPFILES, info.tmp_files)
+        info.params
       end
 
       def build_multipart(params, first = true)

data/lib/rack/{nulllogger.rb → null_logger.rb}

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class NullLogger
     def initialize(app)
@@ -5,7 +7,7 @@ module Rack
     end
 
     def call(env)
-      env['rack.logger'] = self
+      env[RACK_LOGGER] = self
       @app.call(env)
     end