rack 1.6.12 → 2.0.3

data/lib/rack/{showstatus.rb → show_status.rb}

@@ -22,7 +22,7 @@ module Rack
       empty = headers[CONTENT_LENGTH].to_i <= 0
 
       # client or server error, or explicit message
-      if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
+      if (status.to_i >= 400 && empty) || env[RACK_SHOWSTATUS_DETAIL]
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
         req = req = Rack::Request.new(env)
@@ -31,10 +31,10 @@ module Rack
 
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
-        detail = detail = env["rack.showstatus.detail"] || message
+        detail = detail = env[RACK_SHOWSTATUS_DETAIL] || message
 
         body = @template.result(binding)
-        size = Rack::Utils.bytesize(body)
+        size = body.bytesize
         [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]]
       else
         [status, headers, body]

data/lib/rack/static.rb

@@ -1,3 +1,6 @@
+require "rack/file"
+require "rack/utils"
+
 module Rack
 
   # The Rack::Static middleware intercepts requests for static files
@@ -84,18 +87,23 @@ module Rack
       @app = app
       @urls = options[:urls] || ["/favicon.ico"]
       @index = options[:index]
+      @gzip = options[:gzip]
       root = options[:root] || Dir.pwd
 
       # HTTP Headers
       @header_rules = options[:header_rules] || []
       # Allow for legacy :cache_control option while prioritizing global header_rules setting
-      @header_rules.insert(0, [:all, {'Cache-Control' => options[:cache_control]}]) if options[:cache_control]
+      @header_rules.unshift([:all, {CACHE_CONTROL => options[:cache_control]}]) if options[:cache_control]
 
       @file_server = Rack::File.new(root)
     end
 
+    def add_index_root?(path)
+      @index && path =~ /\/$/
+    end
+
     def overwrite_file_path(path)
-      @urls.kind_of?(Hash) && @urls.key?(path) || @index && path =~ /\/$/
+      @urls.kind_of?(Hash) && @urls.key?(path) || add_index_root?(path)
     end
 
     def route_file(path)
@@ -110,9 +118,26 @@ module Rack
       path = env[PATH_INFO]
 
       if can_serve(path)
-        env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)
-        path = env["PATH_INFO"]
-        response = @file_server.call(env)
+        if overwrite_file_path(path)
+          env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
+        elsif @gzip && env['HTTP_ACCEPT_ENCODING'] =~ /\bgzip\b/
+          path = env[PATH_INFO]
+          env[PATH_INFO] += '.gz'
+          response = @file_server.call(env)
+          env[PATH_INFO] = path
+
+          if response[0] == 404
+            response = nil
+          else
+            if mime_type = Mime.mime_type(::File.extname(path), 'text/plain')
+              response[1][CONTENT_TYPE] = mime_type
+            end
+            response[1]['Content-Encoding'] = 'gzip'
+          end
+        end
+
+        path = env[PATH_INFO]
+        response ||= @file_server.call(env)
 
         headers = response[1]
         applicable_rules(path).each do |rule, new_headers|

data/lib/rack/tempfile_reaper.rb

@@ -11,10 +11,10 @@ module Rack
     end
 
     def call(env)
-      env['rack.tempfiles'] ||= []
+      env[RACK_TEMPFILES] ||= []
       status, headers, body = @app.call(env)
       body_proxy = BodyProxy.new(body) do
-        env['rack.tempfiles'].each { |f| f.close! } unless env['rack.tempfiles'].nil?
+        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?
       end
       [status, headers, body_proxy]
     end

data/lib/rack/urlmap.rb

@@ -41,17 +41,19 @@ module Rack
     end
 
     def call(env)
-      path = env[PATH_INFO]
-      script_name = env['SCRIPT_NAME']
-      hHost = env['HTTP_HOST']
-      sName = env['SERVER_NAME']
-      sPort = env['SERVER_PORT']
+      path        = env[PATH_INFO]
+      script_name = env[SCRIPT_NAME]
+      http_host   = env[HTTP_HOST]
+      server_name = env[SERVER_NAME]
+      server_port = env[SERVER_PORT]
+
+      is_same_server = casecmp?(http_host, server_name) ||
+                       casecmp?(http_host, "#{server_name}:#{server_port}")
 
       @mapping.each do |host, location, match, app|
-        unless casecmp?(hHost, host) \
-            || casecmp?(sName, host) \
-            || (!host && (casecmp?(hHost, sName) ||
-                          casecmp?(hHost, sName+':'+sPort)))
+        unless casecmp?(http_host, host) \
+            || casecmp?(server_name, host) \
+            || (!host && is_same_server)
           next
         end
 
@@ -60,8 +62,8 @@ module Rack
         rest = m[1]
         next unless !rest || rest.empty? || rest[0] == ?/
 
-        env['SCRIPT_NAME'] = (script_name + location)
-        env['PATH_INFO'] = rest
+        env[SCRIPT_NAME] = (script_name + location)
+        env[PATH_INFO] = rest
 
         return app.call(env)
       end
@@ -69,8 +71,8 @@ module Rack
       [404, {CONTENT_TYPE => "text/plain", "X-Cascade" => "pass"}, ["Not Found: #{path}"]]
 
     ensure
-      env['PATH_INFO'] = path
-      env['SCRIPT_NAME'] = script_name
+      env[PATH_INFO]   = path
+      env[SCRIPT_NAME] = script_name
     end
 
     private
@@ -87,4 +89,3 @@ module Rack
     end
   end
 end
-

data/lib/rack/utils.rb

@@ -1,35 +1,28 @@
 # -*- encoding: binary -*-
+require 'uri'
 require 'fileutils'
 require 'set'
 require 'tempfile'
-require 'rack/multipart'
+require 'rack/query_parser'
 require 'time'
 
-major, minor, patch = RUBY_VERSION.split('.').map { |v| v.to_i }
-
-if major == 1 && minor < 9
-  require 'rack/backports/uri/common_18'
-elsif major == 1 && minor == 9 && patch == 2 && RUBY_PATCHLEVEL <= 328 && RUBY_ENGINE != 'jruby'
-  require 'rack/backports/uri/common_192'
-elsif major == 1 && minor == 9 && patch == 3 && RUBY_PATCHLEVEL < 125
-  require 'rack/backports/uri/common_193'
-else
-  require 'uri/common'
-end
-
 module Rack
   # Rack::Utils contains a grab-bag of useful methods for writing web
   # applications adopted from all kinds of Ruby libraries.
 
   module Utils
-    # ParameterTypeError is the error that is raised when incoming structural
-    # parameters (parsed by parse_nested_query) contain conflicting types.
-    class ParameterTypeError < TypeError; end
+    ParameterTypeError = QueryParser::ParameterTypeError
+    InvalidParameterError = QueryParser::InvalidParameterError
+    DEFAULT_SEP = QueryParser::DEFAULT_SEP
+    COMMON_SEP = QueryParser::COMMON_SEP
+    KeySpaceConstrainedParams = QueryParser::Params
 
-    # InvalidParameterError is the error that is raised when incoming structural
-    # parameters (parsed by parse_nested_query) contain invalid format or byte
-    # sequence.
-    class InvalidParameterError < ArgumentError; end
+    class << self
+      attr_accessor :default_query_parser
+    end
+    # The default number of bytes to allow parameter keys to take up.
+    # This helps prevent a rogue client from flooding a Request.
+    self.default_query_parser = QueryParser.make_default(65536, 100)
 
     # URI escapes. (CGI style space to +)
     def escape(s)
@@ -40,137 +33,70 @@ module Rack
     # Like URI escaping, but with %20 instead of +. Strictly speaking this is
     # true URI escaping.
     def escape_path(s)
-      escape(s).gsub('+', '%20')
+      ::URI::DEFAULT_PARSER.escape s
     end
     module_function :escape_path
 
+    # Unescapes the **path** component of a URI.  See Rack::Utils.unescape for
+    # unescaping query parameters or form components.
+    def unescape_path(s)
+      ::URI::DEFAULT_PARSER.unescape s
+    end
+    module_function :unescape_path
+
+
     # Unescapes a URI escaped string with +encoding+. +encoding+ will be the
     # target encoding of the string returned, and it defaults to UTF-8
-    if defined?(::Encoding)
-      def unescape(s, encoding = Encoding::UTF_8)
-        URI.decode_www_form_component(s, encoding)
-      end
-    else
-      def unescape(s, encoding = nil)
-        URI.decode_www_form_component(s, encoding)
-      end
+    def unescape(s, encoding = Encoding::UTF_8)
+      URI.decode_www_form_component(s, encoding)
     end
     module_function :unescape
 
-    DEFAULT_SEP = /[&;] */n
-
     class << self
-      attr_accessor :key_space_limit
-      attr_accessor :param_depth_limit
       attr_accessor :multipart_part_limit
     end
 
-    # The default number of bytes to allow parameter keys to take up.
-    # This helps prevent a rogue client from flooding a Request.
-    self.key_space_limit = 65536
-
-    # Default depth at which the parameter parser will raise an exception for
-    # being too deep.  This helps prevent SystemStackErrors
-    self.param_depth_limit = 100
-
     # The maximum number of parts a request can contain. Accepting too many part
     # can lead to the server running out of file handles.
     # Set to `0` for no limit.
-    # FIXME: RACK_MULTIPART_LIMIT was introduced by mistake and it will be removed in 1.7.0
-    self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || ENV['RACK_MULTIPART_LIMIT'] || 128).to_i
-
-    # Stolen from Mongrel, with some small modifications:
-    # Parses a query string by breaking it up at the '&'
-    # and ';' characters.  You can also use this to parse
-    # cookies by changing the characters used in the second
-    # parameter (which defaults to '&;').
-    def parse_query(qs, d = nil, &unescaper)
-      unescaper ||= method(:unescape)
-
-      params = KeySpaceConstrainedParams.new
-
-      (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
-        next if p.empty?
-        k, v = p.split('=', 2).map(&unescaper)
+    self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || 128).to_i
 
-        if cur = params[k]
-          if cur.class == Array
-            params[k] << v
-          else
-            params[k] = [cur, v]
-          end
-        else
-          params[k] = v
-        end
-      end
-
-      return params.to_params_hash
+    def self.param_depth_limit
+      default_query_parser.param_depth_limit
     end
-    module_function :parse_query
-
-    # parse_nested_query expands a query string into structural types. Supported
-    # types are Arrays, Hashes and basic value types. It is possible to supply
-    # query strings with parameters of conflicting types, in this case a
-    # ParameterTypeError is raised. Users are encouraged to return a 400 in this
-    # case.
-    def parse_nested_query(qs, d = nil)
-      params = KeySpaceConstrainedParams.new
 
-      (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
-        k, v = p.split('=', 2).map { |s| unescape(s) }
+    def self.param_depth_limit=(v)
+      self.default_query_parser = self.default_query_parser.new_depth_limit(v)
+    end
 
-        normalize_params(params, k, v)
-      end
+    def self.key_space_limit
+      default_query_parser.key_space_limit
+    end
 
-      return params.to_params_hash
-    rescue ArgumentError => e
-      raise InvalidParameterError, e.message
+    def self.key_space_limit=(v)
+      self.default_query_parser = self.default_query_parser.new_space_limit(v)
     end
-    module_function :parse_nested_query
 
-    # normalize_params recursively expands parameters into structural types. If
-    # the structural types represented by two different parameter names are in
-    # conflict, a ParameterTypeError is raised.
-    def normalize_params(params, name, v = nil, depth = Utils.param_depth_limit)
-      raise RangeError if depth <= 0
-
-      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
-      k = $1 || ''
-      after = $' || ''
-
-      return if k.empty?
-
-      if after == ""
-        params[k] = v
-      elsif after == "["
-        params[name] = v
-      elsif after == "[]"
-        params[k] ||= []
-        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
-        params[k] << v
-      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
-        child_key = $1
-        params[k] ||= []
-        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
-        if params_hash_type?(params[k].last) && !params[k].last.key?(child_key)
-          normalize_params(params[k].last, child_key, v, depth - 1)
-        else
-          params[k] << normalize_params(params.class.new, child_key, v, depth - 1)
-        end
-      else
-        params[k] ||= params.class.new
-        raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
-        params[k] = normalize_params(params[k], after, v, depth - 1)
+    if defined?(Process::CLOCK_MONOTONIC)
+      def clock_time
+        Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      end
+    else
+      def clock_time
+        Time.now.to_f
       end
+    end
+    module_function :clock_time
 
-      return params
+    def parse_query(qs, d = nil, &unescaper)
+      Rack::Utils.default_query_parser.parse_query(qs, d, &unescaper)
     end
-    module_function :normalize_params
+    module_function :parse_query
 
-    def params_hash_type?(obj)
-      obj.kind_of?(KeySpaceConstrainedParams) || obj.kind_of?(Hash)
+    def parse_nested_query(qs, d = nil)
+      Rack::Utils.default_query_parser.parse_nested_query(qs, d)
     end
-    module_function :params_hash_type?
+    module_function :parse_nested_query
 
     def build_query(params)
       params.map { |k, v|
@@ -236,13 +162,8 @@ module Rack
       '"' => "&quot;",
       "/" => "&#x2F;"
     }
-    if //.respond_to?(:encoding)
-      ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
-    else
-      # On 1.8, there is a kcode = 'u' bug that allows for XSS otherwise
-      # TODO doesn't apply to jruby, so a better condition above might be preferable?
-      ESCAPE_HTML_PATTERN = /#{Regexp.union(*ESCAPE_HTML.keys)}/n
-    end
+
+    ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
 
     # Escape ampersands, brackets and quotes to their HTML/XML entities.
     def escape_html(string)
@@ -278,12 +199,28 @@ module Rack
     end
     module_function :select_best_encoding
 
-    def set_cookie_header!(header, key, value)
+    def parse_cookies(env)
+      parse_cookies_header env[HTTP_COOKIE]
+    end
+    module_function :parse_cookies
+
+    def parse_cookies_header(header)
+      # According to RFC 2109:
+      #   If multiple cookies satisfy the criteria above, they are ordered in
+      #   the Cookie header such that those with more specific Path attributes
+      #   precede those with less specific.  Ordering with respect to other
+      #   attributes (e.g., Domain) is unspecified.
+      cookies = parse_query(header, ';,') { |s| unescape(s) rescue s }
+      cookies.each_with_object({}) { |(k,v), hash| hash[k] = Array === v ? v.first : v }
+    end
+    module_function :parse_cookies_header
+
+    def add_cookie_to_header(header, key, value)
       case value
       when Hash
-        domain  = "; domain="  + value[:domain]       if value[:domain]
-        path    = "; path="    + value[:path]         if value[:path]
-        max_age = "; max-age=" + value[:max_age].to_s if value[:max_age]
+        domain  = "; domain=#{value[:domain]}"   if value[:domain]
+        path    = "; path=#{value[:path]}"       if value[:path]
+        max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
         # There is an RFC mess in the area of date formatting for Cookies. Not
         # only are there contradicting RFCs and examples within RFC text, but
         # there are also numerous conflicting names of fields and partially
@@ -291,7 +228,7 @@ module Rack
         #
         # These are best described in RFC 2616 3.3.1. This RFC text also
         # specifies that RFC 822 as updated by RFC 1123 is preferred. That is a
-        # fixed length format with space-date delimeted fields.
+        # fixed length format with space-date delimited fields.
         #
         # See also RFC 1123 section 5.2.14.
         #
@@ -325,31 +262,37 @@ module Rack
         value = value[:value]
       end
       value = [value] unless Array === value
-      cookie = escape(key) + "=" +
-        value.map { |v| escape v }.join("&") +
-        "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
 
-      case header["Set-Cookie"]
+      cookie = "#{escape(key)}=#{value.map { |v| escape v }.join('&')}#{domain}" \
+        "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
+
+      case header
       when nil, ''
-        header["Set-Cookie"] = cookie
+        cookie
       when String
-        header["Set-Cookie"] = [header["Set-Cookie"], cookie].join("\n")
+        [header, cookie].join("\n")
       when Array
-        header["Set-Cookie"] = (header["Set-Cookie"] + [cookie]).join("\n")
+        (header + [cookie]).join("\n")
+      else
+        raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
       end
+    end
+    module_function :add_cookie_to_header
 
+    def set_cookie_header!(header, key, value)
+      header[SET_COOKIE] = add_cookie_to_header(header[SET_COOKIE], key, value)
       nil
     end
     module_function :set_cookie_header!
 
-    def delete_cookie_header!(header, key, value = {})
-      case header["Set-Cookie"]
+    def make_delete_cookie_header(header, key, value)
+      case header
       when nil, ''
         cookies = []
       when String
-        cookies = header["Set-Cookie"].split("\n")
+        cookies = header.split("\n")
       when Array
-        cookies = header["Set-Cookie"]
+        cookies = header
       end
 
       cookies.reject! { |cookie|
@@ -362,29 +305,28 @@ module Rack
         end
       }
 
-      header["Set-Cookie"] = cookies.join("\n")
-
-      set_cookie_header!(header, key,
-                 {:value => '', :path => nil, :domain => nil,
-                   :max_age => '0',
-                   :expires => Time.at(0) }.merge(value))
+      cookies.join("\n")
+    end
+    module_function :make_delete_cookie_header
 
+    def delete_cookie_header!(header, key, value = {})
+      header[SET_COOKIE] = add_remove_cookie_to_header(header[SET_COOKIE], key, value)
       nil
     end
     module_function :delete_cookie_header!
 
-    # Return the bytesize of String; uses String#size under Ruby 1.8 and
-    # String#bytesize under 1.9.
-    if ''.respond_to?(:bytesize)
-      def bytesize(string)
-        string.bytesize
-      end
-    else
-      def bytesize(string)
-        string.size
-      end
+    # Adds a cookie that will *remove* a cookie from the client.  Hence the
+    # strange method name.
+    def add_remove_cookie_to_header(header, key, value = {})
+      new_header = make_delete_cookie_header(header, key, value)
+
+      add_cookie_to_header(new_header, key,
+                 {:value => '', :path => nil, :domain => nil,
+                   :max_age => '0',
+                   :expires => Time.at(0) }.merge(value))
+
     end
-    module_function :bytesize
+    module_function :add_remove_cookie_to_header
 
     def rfc2822(time)
       time.rfc2822
@@ -411,8 +353,13 @@ module Rack
     # Returns nil if the header is missing or syntactically invalid.
     # Returns an empty array if none of the ranges are satisfiable.
     def byte_ranges(env, size)
+      warn "`byte_ranges` is deprecated, please use `get_byte_ranges`" if $VERBOSE
+      get_byte_ranges env['HTTP_RANGE'], size
+    end
+    module_function :byte_ranges
+
+    def get_byte_ranges(http_range, size)
       # See <http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35>
-      http_range = env['HTTP_RANGE']
       return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
       $1.split(/,\s*/).each do |range_spec|
@@ -438,7 +385,7 @@ module Rack
       end
       ranges
     end
-    module_function :byte_ranges
+    module_function :get_byte_ranges
 
     # Constant time string comparison.
     #
@@ -447,7 +394,7 @@ module Rack
     # on variable length plaintext strings because it could leak length info
     # via timing attacks.
     def secure_compare(a, b)
-      return false unless bytesize(a) == bytesize(b)
+      return false unless a.bytesize == b.bytesize
 
       l = a.unpack("C*")
 
@@ -496,6 +443,12 @@ module Rack
         hash.each { |k, v| self[k] = v }
       end
 
+      # on dup/clone, we need to duplicate @names hash
+      def initialize_copy(other)
+        super
+        @names = other.names.dup
+      end
+
       def each
         super do |k, v|
           yield(k, v.respond_to?(:to_ary) ? v.to_ary.join("\n") : v)
@@ -513,21 +466,20 @@ module Rack
       end
 
       def []=(k, v)
-        canonical = k.downcase
+        canonical = k.downcase.freeze
         delete k if @names[canonical] && @names[canonical] != k # .delete is expensive, don't invoke it unless necessary
-        @names[k] = @names[canonical] = k
+        @names[canonical] = k
         super k, v
       end
 
       def delete(k)
         canonical = k.downcase
         result = super @names.delete(canonical)
-        @names.delete_if { |name,| name.downcase == canonical }
         result
       end
 
       def include?(k)
-        @names.include?(k) || @names.include?(k.downcase)
+        super || @names.include?(k.downcase)
       end
 
       alias_method :has_key?, :include?
@@ -549,45 +501,11 @@ module Rack
         other.each { |k, v| self[k] = v }
         self
       end
-    end
-
-    class KeySpaceConstrainedParams
-      def initialize(limit = Utils.key_space_limit)
-        @limit  = limit
-        @size   = 0
-        @params = {}
-      end
-
-      def [](key)
-        @params[key]
-      end
 
-      def []=(key, value)
-        @size += key.size if key && !@params.key?(key)
-        raise RangeError, 'exceeded available parameter key space' if @size > @limit
-        @params[key] = value
-      end
-
-      def key?(key)
-        @params.key?(key)
-      end
-
-      def to_params_hash
-        hash = @params
-        hash.keys.each do |key|
-          value = hash[key]
-          if value.kind_of?(self.class)
-            if value.object_id == self.object_id
-              hash[key] = hash
-            else
-              hash[key] = value.to_params_hash
-            end
-          elsif value.kind_of?(Array)
-            value.map! {|x| x.kind_of?(self.class) ? x.to_params_hash : x}
-          end
+      protected
+        def names
+          @names
         end
-        hash
-      end
     end
 
     # Every standard HTTP code mapped to the appropriate message.
@@ -635,6 +553,7 @@ module Rack
       415 => 'Unsupported Media Type',
       416 => 'Range Not Satisfiable',
       417 => 'Expectation Failed',
+      421 => 'Misdirected Request',
       422 => 'Unprocessable Entity',
       423 => 'Locked',
       424 => 'Failed Dependency',
@@ -642,6 +561,7 @@ module Rack
       428 => 'Precondition Required',
       429 => 'Too Many Requests',
       431 => 'Request Header Fields Too Large',
+      451 => 'Unavailable for Legal Reasons',
       500 => 'Internal Server Error',
       501 => 'Not Implemented',
       502 => 'Bad Gateway',
@@ -656,7 +576,7 @@ module Rack
     }
 
     # Responses with HTTP status codes that should not have an entity body
-    STATUS_WITH_NO_ENTITY_BODY = Set.new((100..199).to_a << 204 << 205 << 304)
+    STATUS_WITH_NO_ENTITY_BODY = Set.new((100..199).to_a << 204 << 304)
 
     SYMBOL_TO_STATUS_CODE = Hash[*HTTP_STATUS_CODES.map { |code, message|
       [message.downcase.gsub(/\s|-|'/, '_').to_sym, code]
@@ -671,8 +591,6 @@ module Rack
     end
     module_function :status_code
 
-    Multipart = Rack::Multipart
-
     PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
 
     def clean_path_info(path_info)
@@ -691,5 +609,12 @@ module Rack
     end
     module_function :clean_path_info
 
+    NULL_BYTE = "\0".freeze
+
+    def valid_path?(path)
+      path.valid_encoding? && !path.include?(NULL_BYTE)
+    end
+    module_function :valid_path?
+
   end
 end