RubyGems - rack - Versions diffs - 1.6.12 → 2.0.7 - Mend

rack 1.6.12 → 2.0.7

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (141) hide show

checksums.yaml +5 -5
data/COPYING +1 -1
data/HISTORY.md +138 -8
data/README.rdoc +18 -28
data/Rakefile +6 -14
data/SPEC +10 -11
data/contrib/rack_logo.svg +164 -111
data/example/protectedlobster.rb +1 -1
data/example/protectedlobster.ru +1 -1
data/lib/rack.rb +70 -21
data/lib/rack/auth/abstract/request.rb +5 -1
data/lib/rack/auth/digest/params.rb +2 -3
data/lib/rack/auth/digest/request.rb +1 -1
data/lib/rack/body_proxy.rb +14 -9
data/lib/rack/builder.rb +3 -3
data/lib/rack/chunked.rb +5 -5
data/lib/rack/{commonlogger.rb → common_logger.rb} +3 -3
data/lib/rack/{conditionalget.rb → conditional_get.rb} +0 -0
data/lib/rack/content_length.rb +2 -2
data/lib/rack/deflater.rb +4 -39
data/lib/rack/directory.rb +66 -54
data/lib/rack/etag.rb +5 -4
data/lib/rack/events.rb +154 -0
data/lib/rack/file.rb +64 -40
data/lib/rack/handler.rb +3 -25
data/lib/rack/handler/cgi.rb +15 -16
data/lib/rack/handler/fastcgi.rb +13 -14
data/lib/rack/handler/lsws.rb +11 -11
data/lib/rack/handler/scgi.rb +15 -15
data/lib/rack/handler/thin.rb +3 -0
data/lib/rack/handler/webrick.rb +24 -26
data/lib/rack/head.rb +15 -17
data/lib/rack/lint.rb +40 -40
data/lib/rack/lobster.rb +1 -1
data/lib/rack/lock.rb +15 -10
data/lib/rack/logger.rb +2 -2
data/lib/rack/media_type.rb +38 -0
data/lib/rack/{methodoverride.rb → method_override.rb} +6 -6
data/lib/rack/mime.rb +18 -5
data/lib/rack/mock.rb +36 -54
data/lib/rack/multipart.rb +35 -6
data/lib/rack/multipart/generator.rb +5 -5
data/lib/rack/multipart/parser.rb +270 -157
data/lib/rack/multipart/uploaded_file.rb +1 -2
data/lib/rack/{nulllogger.rb → null_logger.rb} +1 -1
data/lib/rack/query_parser.rb +192 -0
data/lib/rack/recursive.rb +8 -8
data/lib/rack/request.rb +394 -305
data/lib/rack/response.rb +130 -57
data/lib/rack/rewindable_input.rb +1 -12
data/lib/rack/runtime.rb +10 -18
data/lib/rack/sendfile.rb +5 -7
data/lib/rack/server.rb +30 -23
data/lib/rack/session/abstract/id.rb +108 -138
data/lib/rack/session/cookie.rb +26 -28
data/lib/rack/session/memcache.rb +8 -14
data/lib/rack/session/pool.rb +14 -21
data/lib/rack/show_exceptions.rb +386 -0
data/lib/rack/{showstatus.rb → show_status.rb} +3 -3
data/lib/rack/static.rb +30 -5
data/lib/rack/tempfile_reaper.rb +2 -2
data/lib/rack/urlmap.rb +15 -14
data/lib/rack/utils.rb +136 -211
data/rack.gemspec +10 -9
data/test/builder/an_underscore_app.rb +5 -0
data/test/builder/options.ru +1 -1
data/test/cgi/test.fcgi +1 -0
data/test/cgi/test.gz +0 -0
data/test/helper.rb +34 -0
data/test/multipart/filename_with_encoded_words +7 -0
data/test/multipart/filename_with_single_quote +7 -0
data/test/multipart/quoted +15 -0
data/test/multipart/rack-logo.png +0 -0
data/test/multipart/unity3d_wwwform +11 -0
data/test/registering_handler/rack/handler/registering_myself.rb +1 -1
data/test/spec_auth_basic.rb +27 -19
data/test/spec_auth_digest.rb +47 -46
data/test/spec_body_proxy.rb +27 -27
data/test/spec_builder.rb +51 -41
data/test/spec_cascade.rb +24 -22
data/test/spec_cgi.rb +49 -67
data/test/spec_chunked.rb +37 -35
data/test/{spec_commonlogger.rb → spec_common_logger.rb} +23 -21
data/test/{spec_conditionalget.rb → spec_conditional_get.rb} +29 -28
data/test/spec_config.rb +3 -2
data/test/spec_content_length.rb +18 -17
data/test/spec_content_type.rb +13 -12
data/test/spec_deflater.rb +85 -49
data/test/spec_directory.rb +87 -27
data/test/spec_etag.rb +32 -31
data/test/spec_events.rb +133 -0
data/test/spec_fastcgi.rb +50 -72
data/test/spec_file.rb +120 -77
data/test/spec_handler.rb +19 -34
data/test/spec_head.rb +15 -14
data/test/spec_lint.rb +164 -199
data/test/spec_lobster.rb +24 -23
data/test/spec_lock.rb +79 -39
data/test/spec_logger.rb +4 -3
data/test/spec_media_type.rb +42 -0
data/test/{spec_methodoverride.rb → spec_method_override.rb} +34 -35
data/test/spec_mime.rb +19 -19
data/test/spec_mock.rb +206 -144
data/test/spec_multipart.rb +322 -200
data/test/{spec_nulllogger.rb → spec_null_logger.rb} +5 -4
data/test/spec_recursive.rb +17 -14
data/test/spec_request.rb +780 -605
data/test/spec_response.rb +215 -112
data/test/spec_rewindable_input.rb +50 -40
data/test/spec_runtime.rb +11 -10
data/test/spec_sendfile.rb +30 -35
data/test/spec_server.rb +78 -52
data/test/spec_session_abstract_id.rb +11 -33
data/test/spec_session_abstract_session_hash.rb +45 -0
data/test/spec_session_cookie.rb +99 -67
data/test/spec_session_memcache.rb +63 -101
data/test/spec_session_pool.rb +48 -84
data/test/{spec_showexceptions.rb → spec_show_exceptions.rb} +23 -28
data/test/{spec_showstatus.rb → spec_show_status.rb} +36 -35
data/test/spec_static.rb +71 -32
data/test/spec_tempfile_reaper.rb +11 -10
data/test/spec_thin.rb +55 -50
data/test/spec_urlmap.rb +79 -78
data/test/spec_utils.rb +441 -346
data/test/spec_version.rb +2 -8
data/test/spec_webrick.rb +93 -71
data/test/static/foo.html +1 -0
data/test/testrequest.rb +1 -1
data/test/unregistered_handler/rack/handler/unregistered.rb +1 -1
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +1 -1
metadata +92 -70
data/KNOWN-ISSUES +0 -44
data/lib/rack/backports/uri/common_18.rb +0 -56
data/lib/rack/backports/uri/common_192.rb +0 -52
data/lib/rack/backports/uri/common_193.rb +0 -29
data/lib/rack/handler/evented_mongrel.rb +0 -8
data/lib/rack/handler/mongrel.rb +0 -106
data/lib/rack/handler/swiftiplied_mongrel.rb +0 -8
data/lib/rack/showexceptions.rb +0 -387
data/lib/rack/utils/okjson.rb +0 -600
data/test/spec_mongrel.rb +0 -182

@@ -3,6 +3,7 @@ require 'zlib'
 require 'rack/request'
 require 'rack/response'
 require 'rack/session/abstract/id'
+require 'json'
 module Rack
@@ -44,7 +45,7 @@ module Rack
     #   })
     #
-    class Cookie < Abstract::PersistedSecure
+    class Cookie < Abstract::Persisted
       # Encode session cookies as Base64
       class Base64
         def encode(str)
@@ -71,23 +72,23 @@ module Rack
         # valid JSON composite type, either a Hash or an Array.
         class JSON < Base64
           def encode(obj)
-            super(::Rack::Utils::OkJson.encode(obj))
+            super(::JSON.dump(obj))
           end
           def decode(str)
             return unless str
-            ::Rack::Utils::OkJson.decode(super(str)) rescue nil
+            ::JSON.parse(super(str)) rescue nil
           end
         end
         class ZipJSON < Base64
           def encode(obj)
-            super(Zlib::Deflate.deflate(::Rack::Utils::OkJson.encode(obj)))
+            super(Zlib::Deflate.deflate(::JSON.dump(obj)))
           end
           def decode(str)
             return unless str
-            ::Rack::Utils::OkJson.decode(Zlib::Inflate.inflate(super(str)))
+            ::JSON.parse(Zlib::Inflate.inflate(super(str)))
           rescue
             nil
           end
@@ -104,7 +105,9 @@ module Rack
       def initialize(app, options={})
         @secrets = options.values_at(:secret, :old_secret).compact
-        warn <<-MSG unless @secrets.size >= 1
+        @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)
+        warn <<-MSG unless secure?(options)
         SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
         This poses a security threat. It is strongly recommended that you
         provide a secret to prevent exploits that may be possible from crafted
@@ -119,19 +122,18 @@ module Rack
       private
-      def get_session(env, sid)
-        data = unpacked_cookie_data(env)
+      def find_session(req, sid)
+        data = unpacked_cookie_data(req)
         data = persistent_session_id!(data)
         [data["session_id"], data]
       end
-      def extract_session_id(env)
-        unpacked_cookie_data(env)["session_id"]
+      def extract_session_id(request)
+        unpacked_cookie_data(request)["session_id"]
       end
-      def unpacked_cookie_data(env)
-        env["rack.session.unpacked_cookie_data"] ||= begin
-          request = Rack::Request.new(env)
+      def unpacked_cookie_data(request)
+        request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
           session_data = request.cookies[@key]
           if @secrets.size > 0 && session_data
@@ -141,7 +143,7 @@ module Rack
             session_data = nil unless digest_match?(session_data, digest)
           end
-          coder.decode(session_data) || {}
+          request.set_header(k, coder.decode(session_data) || {})
         end
       end
@@ -151,16 +153,7 @@ module Rack
         data
       end
-      class SessionId < DelegateClass(Session::SessionId)
-        attr_reader :cookie_value
-        def initialize(session_id, cookie_value)
-          super(session_id)
-          @cookie_value = cookie_value
-        end
-      end
-      def set_session(env, session_id, session, options)
+      def write_session(req, session_id, session, options)
         session = session.merge("session_id" => session_id)
         session_data = coder.encode(session)
@@ -169,14 +162,14 @@ module Rack
         end
         if session_data.size > (4096 - @key.size)
-          env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
+          req.get_header(RACK_ERRORS).puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
           nil
         else
-          SessionId.new(session_id, session_data)
+          session_data
         end
       end
-      def destroy_session(env, session_id, options)
+      def delete_session(req, session_id, options)
         # Nothing to do here, data is in the client
         generate_sid unless options[:drop]
       end
@@ -189,7 +182,12 @@ module Rack
       end
       def generate_hmac(data, secret)
-        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret, data)
+        OpenSSL::HMAC.hexdigest(@hmac.new, secret, data)
+      end
+      def secure?(options)
+        @secrets.size >= 1 ||
+        (options[:coder] && options[:let_coder_handle_secure_encoding])
       end
     end

data/lib/rack/session/memcache.rb CHANGED

@@ -19,7 +19,7 @@ module Rack
     # Note that memcache does drop data before it may be listed to expire. For
     # a full description of behaviour, please see memcache's documentation.
-    class Memcache < Abstract::PersistedSecure
+    class Memcache < Abstract::ID
       attr_reader :mutex, :pool
       DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge \
@@ -34,7 +34,7 @@ module Rack
         mopts = @default_options.reject{|k,v| !MemCache::DEFAULT_OPTIONS.include? k }
         @pool = options[:cache] || MemCache.new(mserv, mopts)
-        unless @pool.active? and @pool.servers.any?{|c| c.alive? }
+        unless @pool.active? and @pool.servers.any?(&:alive?)
           raise 'No memcache servers'
         end
       end
@@ -42,15 +42,15 @@ module Rack
       def generate_sid
         loop do
           sid = super
-          break sid unless @pool.get(sid.private_id, true)
+          break sid unless @pool.get(sid, true)
         end
       end
       def get_session(env, sid)
         with_lock(env) do
-          unless sid and session = get_session_with_fallback(sid)
+          unless sid and session = @pool.get(sid)
             sid, session = generate_sid, {}
-            unless /^STORED/ =~ @pool.add(sid.private_id, session)
+            unless /^STORED/ =~ @pool.add(sid, session)
               raise "Session collision on '#{sid.inspect}'"
             end
           end
@@ -63,21 +63,20 @@ module Rack
         expiry = expiry.nil? ? 0 : expiry + 1
         with_lock(env) do
-          @pool.set session_id.private_id, new_session, expiry
+          @pool.set session_id, new_session, expiry
           session_id
         end
       end
       def destroy_session(env, session_id, options)
         with_lock(env) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
+          @pool.delete(session_id)
           generate_sid unless options[:drop]
         end
       end
       def with_lock(env)
-        @mutex.lock if env['rack.multithread']
+        @mutex.lock if env[RACK_MULTITHREAD]
         yield
       rescue MemCache::MemCacheError, Errno::ECONNREFUSED
         if $VERBOSE
@@ -89,11 +88,6 @@ module Rack
         @mutex.unlock if @mutex.locked?
       end
-      private
-      def get_session_with_fallback(sid)
-        @pool.get(sid.private_id) || @pool.get(sid.public_id)
-      end
     end
   end
 end

data/lib/rack/session/pool.rb CHANGED

@@ -24,7 +24,7 @@ module Rack
     #   )
     #   Rack::Handler::WEBrick.run sessioned
-    class Pool < Abstract::PersistedSecure
+    class Pool < Abstract::Persisted
       attr_reader :mutex, :pool
       DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
@@ -37,47 +37,40 @@ module Rack
       def generate_sid
         loop do
           sid = super
-          break sid unless @pool.key? sid.private_id
+          break sid unless @pool.key? sid
         end
       end
-      def get_session(env, sid)
-        with_lock(env) do
-          unless sid and session = get_session_with_fallback(sid)
+      def find_session(req, sid)
+        with_lock(req) do
+          unless sid and session = @pool[sid]
             sid, session = generate_sid, {}
-            @pool.store sid.private_id, session
+            @pool.store sid, session
           end
           [sid, session]
         end
       end
-      def set_session(env, session_id, new_session, options)
-        with_lock(env) do
-          @pool.store session_id.private_id, new_session
+      def write_session(req, session_id, new_session, options)
+        with_lock(req) do
+          @pool.store session_id, new_session
           session_id
         end
       end
-      def destroy_session(env, session_id, options)
-        with_lock(env) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
+      def delete_session(req, session_id, options)
+        with_lock(req) do
+          @pool.delete(session_id)
           generate_sid unless options[:drop]
         end
       end
-      def with_lock(env)
-        @mutex.lock if env['rack.multithread']
+      def with_lock(req)
+        @mutex.lock if req.multithread?
         yield
       ensure
         @mutex.unlock if @mutex.locked?
       end
-      private
-      def get_session_with_fallback(sid)
-        @pool[sid.private_id] || @pool[sid.public_id]
-      end
     end
   end
 end

data/lib/rack/show_exceptions.rb ADDED

@@ -0,0 +1,386 @@
+require 'ostruct'
+require 'erb'
+require 'rack/request'
+require 'rack/utils'
+module Rack
+  # Rack::ShowExceptions catches all exceptions raised from the app it
+  # wraps.  It shows a useful backtrace with the sourcefile and
+  # clickable context, the whole Rack environment and the request
+  # data.
+  #
+  # Be careful when you use this on public-facing sites as it could
+  # reveal information helpful to attackers.
+  class ShowExceptions
+    CONTEXT = 7
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      @app.call(env)
+    rescue StandardError, LoadError, SyntaxError => e
+      exception_string = dump_exception(e)
+      env[RACK_ERRORS].puts(exception_string)
+      env[RACK_ERRORS].flush
+      if accepts_html?(env)
+        content_type = "text/html"
+        body = pretty(env, e)
+      else
+        content_type = "text/plain"
+        body = exception_string
+      end
+      [
+        500,
+        {
+          CONTENT_TYPE => content_type,
+          CONTENT_LENGTH => body.bytesize.to_s,
+        },
+        [body],
+      ]
+    end
+    def prefers_plaintext?(env)
+      !accepts_html?(env)
+    end
+    def accepts_html?(env)
+      Rack::Utils.best_q_match(env["HTTP_ACCEPT"], %w[text/html])
+    end
+    private :accepts_html?
+    def dump_exception(exception)
+      string = "#{exception.class}: #{exception.message}\n"
+      string << exception.backtrace.map { |l| "\t#{l}" }.join("\n")
+      string
+    end
+    def pretty(env, exception)
+      req = Rack::Request.new(env)
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      path = path = (req.script_name + req.path_info).squeeze("/")
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      frames = frames = exception.backtrace.map { |line|
+        frame = OpenStruct.new
+        if line =~ /(.*?):(\d+)(:in `(.*)')?/
+          frame.filename = $1
+          frame.lineno = $2.to_i
+          frame.function = $4
+          begin
+            lineno = frame.lineno-1
+            lines = ::File.readlines(frame.filename)
+            frame.pre_context_lineno = [lineno-CONTEXT, 0].max
+            frame.pre_context = lines[frame.pre_context_lineno...lineno]
+            frame.context_line = lines[lineno].chomp
+            frame.post_context_lineno = [lineno+CONTEXT, lines.size].min
+            frame.post_context = lines[lineno+1..frame.post_context_lineno]
+          rescue
+          end
+          frame
+        else
+          nil
+        end
+      }.compact
+      TEMPLATE.result(binding)
+    end
+    def h(obj)                  # :nodoc:
+      case obj
+      when String
+        Utils.escape_html(obj)
+      else
+        Utils.escape_html(obj.inspect)
+      end
+    end
+    # :stopdoc:
+    # adapted from Django <djangoproject.com>
+    # Copyright (c) 2005, the Lawrence Journal-World
+    # Used under the modified BSD license:
+    # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
+    TEMPLATE = ERB.new(<<-'HTML'.gsub(/^      /, ''))
+      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+      <html lang="en">
+      <head>
+        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+        <meta name="robots" content="NONE,NOARCHIVE" />
+        <title><%=h exception.class %> at <%=h path %></title>
+        <style type="text/css">
+          html * { padding:0; margin:0; }
+          body * { padding:10px 20px; }
+          body * * { padding:0; }
+          body { font:small sans-serif; }
+          body>div { border-bottom:1px solid #ddd; }
+          h1 { font-weight:normal; }
+          h2 { margin-bottom:.8em; }
+          h2 span { font-size:80%; color:#666; font-weight:normal; }
+          h3 { margin:1em 0 .5em 0; }
+          h4 { margin:0 0 .5em 0; font-weight: normal; }
+          table {
+              border:1px solid #ccc; border-collapse: collapse; background:white; }
+          tbody td, tbody th { vertical-align:top; padding:2px 3px; }
+          thead th {
+              padding:1px 6px 1px 3px; background:#fefefe; text-align:left;
+              font-weight:normal; font-size:11px; border:1px solid #ddd; }
+          tbody th { text-align:right; color:#666; padding-right:.5em; }
+          table.vars { margin:5px 0 2px 40px; }
+          table.vars td, table.req td { font-family:monospace; }
+          table td.code { width:100%;}
+          table td.code div { overflow:hidden; }
+          table.source th { color:#666; }
+          table.source td {
+              font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
+          ul.traceback { list-style-type:none; }
+          ul.traceback li.frame { margin-bottom:1em; }
+          div.context { margin: 10px 0; }
+          div.context ol {
+              padding-left:30px; margin:0 10px; list-style-position: inside; }
+          div.context ol li {
+              font-family:monospace; white-space:pre; color:#666; cursor:pointer; }
+          div.context ol.context-line li { color:black; background-color:#ccc; }
+          div.context ol.context-line li span { float: right; }
+          div.commands { margin-left: 40px; }
+          div.commands a { color:black; text-decoration:none; }
+          #summary { background: #ffc; }
+          #summary h2 { font-weight: normal; color: #666; }
+          #summary ul#quicklinks { list-style-type: none; margin-bottom: 2em; }
+          #summary ul#quicklinks li { float: left; padding: 0 1em; }
+          #summary ul#quicklinks>li+li { border-left: 1px #666 solid; }
+          #explanation { background:#eee; }
+          #template, #template-not-exist { background:#f6f6f6; }
+          #template-not-exist ul { margin: 0 0 0 20px; }
+          #traceback { background:#eee; }
+          #requestinfo { background:#f6f6f6; padding-left:120px; }
+          #summary table { border:none; background:transparent; }
+          #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
+          #requestinfo h3 { margin-bottom:-1em; }
+          .error { background: #ffc; }
+          .specific { color:#cc3300; font-weight:bold; }
+        </style>
+        <script type="text/javascript">
+        //<!--
+          function getElementsByClassName(oElm, strTagName, strClassName){
+              // Written by Jonathan Snook, http://www.snook.ca/jon;
+              // Add-ons by Robert Nyman, http://www.robertnyman.com
+              var arrElements = (strTagName == "*" && document.all)? document.all :
+              oElm.getElementsByTagName(strTagName);
+              var arrReturnElements = new Array();
+              strClassName = strClassName.replace(/\-/g, "\\-");
+              var oRegExp = new RegExp("(^|\\s)" + strClassName + "(\\s|$$)");
+              var oElement;
+              for(var i=0; i<arrElements.length; i++){
+                  oElement = arrElements[i];
+                  if(oRegExp.test(oElement.className)){
+                      arrReturnElements.push(oElement);
+                  }
+              }
+              return (arrReturnElements)
+          }
+          function hideAll(elems) {
+            for (var e = 0; e < elems.length; e++) {
+              elems[e].style.display = 'none';
+            }
+          }
+          window.onload = function() {
+            hideAll(getElementsByClassName(document, 'table', 'vars'));
+            hideAll(getElementsByClassName(document, 'ol', 'pre-context'));
+            hideAll(getElementsByClassName(document, 'ol', 'post-context'));
+          }
+          function toggle() {
+            for (var i = 0; i < arguments.length; i++) {
+              var e = document.getElementById(arguments[i]);
+              if (e) {
+                e.style.display = e.style.display == 'none' ? 'block' : 'none';
+              }
+            }
+            return false;
+          }
+          function varToggle(link, id) {
+            toggle('v' + id);
+            var s = link.getElementsByTagName('span')[0];
+            var uarr = String.fromCharCode(0x25b6);
+            var darr = String.fromCharCode(0x25bc);
+            s.innerHTML = s.innerHTML == uarr ? darr : uarr;
+            return false;
+          }
+          //-->
+        </script>
+      </head>
+      <body>
+      <div id="summary">
+        <h1><%=h exception.class %> at <%=h path %></h1>
+        <h2><%=h exception.message %></h2>
+        <table><tr>
+          <th>Ruby</th>
+          <td>
+      <% if first = frames.first %>
+            <code><%=h first.filename %></code>: in <code><%=h first.function %></code>, line <%=h frames.first.lineno %>
+      <% else %>
+            unknown location
+      <% end %>
+          </td>
+        </tr><tr>
+          <th>Web</th>
+          <td><code><%=h req.request_method %> <%=h(req.host + path)%></code></td>
+        </tr></table>
+        <h3>Jump to:</h3>
+        <ul id="quicklinks">
+          <li><a href="#get-info">GET</a></li>
+          <li><a href="#post-info">POST</a></li>
+          <li><a href="#cookie-info">Cookies</a></li>
+          <li><a href="#env-info">ENV</a></li>
+        </ul>
+      </div>
+      <div id="traceback">
+        <h2>Traceback <span>(innermost first)</span></h2>
+        <ul class="traceback">
+      <% frames.each { |frame| %>
+            <li class="frame">
+              <code><%=h frame.filename %></code>: in <code><%=h frame.function %></code>
+                <% if frame.context_line %>
+                <div class="context" id="c<%=h frame.object_id %>">
+                    <% if frame.pre_context %>
+                    <ol start="<%=h frame.pre_context_lineno+1 %>" class="pre-context" id="pre<%=h frame.object_id %>">
+                      <% frame.pre_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+                  <ol start="<%=h frame.lineno %>" class="context-line">
+                    <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h frame.context_line %><span>...</span></li></ol>
+                    <% if frame.post_context %>
+                    <ol start='<%=h frame.lineno+1 %>' class="post-context" id="post<%=h frame.object_id %>">
+                      <% frame.post_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+                </div>
+                <% end %>
+            </li>
+      <% } %>
+        </ul>
+      </div>
+      <div id="requestinfo">
+        <h2>Request information</h2>
+        <h3 id="get-info">GET</h3>
+        <% if req.GET and not req.GET.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No GET data.</p>
+        <% end %>
+        <h3 id="post-info">POST</h3>
+        <% if req.POST and not req.POST.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No POST data.</p>
+        <% end %>
+        <h3 id="cookie-info">COOKIES</h3>
+        <% unless req.cookies.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+              <% req.cookies.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+              <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No cookie data.</p>
+        <% end %>
+        <h3 id="env-info">Rack ENV</h3>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+      </div>
+      <div id="explanation">
+        <p>
+          You're seeing this error because you use <code>Rack::ShowExceptions</code>.
+        </p>
+      </div>
+      </body>
+      </html>
+    HTML
+    # :startdoc:
+  end
+end