RubyGems - rack - Versions diffs - 1.6.13 → 2.1.4.3 - Mend

rack 1.6.13 → 2.1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +92 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +105 -141
data/Rakefile +27 -28
data/SPEC +6 -7
data/bin/rackup +1 -0
data/contrib/rack_logo.svg +164 -111
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +4 -2
data/example/protectedlobster.ru +3 -1
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +7 -1
data/lib/rack/auth/basic.rb +4 -1
data/lib/rack/auth/digest/md5.rb +9 -7
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +5 -4
data/lib/rack/auth/digest/request.rb +3 -1
data/lib/rack/body_proxy.rb +11 -9
data/lib/rack/builder.rb +42 -18
data/lib/rack/cascade.rb +6 -5
data/lib/rack/chunked.rb +33 -10
data/lib/rack/{commonlogger.rb → common_logger.rb} +14 -10
data/lib/rack/{conditionalget.rb → conditional_get.rb} +3 -1
data/lib/rack/config.rb +2 -0
data/lib/rack/content_length.rb +5 -3
data/lib/rack/content_type.rb +3 -1
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +33 -53
data/lib/rack/directory.rb +75 -60
data/lib/rack/etag.rb +8 -5
data/lib/rack/events.rb +156 -0
data/lib/rack/file.rb +4 -149
data/lib/rack/files.rb +178 -0
data/lib/rack/handler/cgi.rb +18 -17
data/lib/rack/handler/fastcgi.rb +17 -16
data/lib/rack/handler/lsws.rb +14 -12
data/lib/rack/handler/scgi.rb +22 -19
data/lib/rack/handler/thin.rb +6 -1
data/lib/rack/handler/webrick.rb +28 -28
data/lib/rack/handler.rb +9 -26
data/lib/rack/head.rb +17 -17
data/lib/rack/lint.rb +55 -52
data/lib/rack/lobster.rb +8 -6
data/lib/rack/lock.rb +17 -10
data/lib/rack/logger.rb +4 -2
data/lib/rack/media_type.rb +43 -0
data/lib/rack/{methodoverride.rb → method_override.rb} +10 -8
data/lib/rack/mime.rb +27 -6
data/lib/rack/mock.rb +101 -60
data/lib/rack/multipart/generator.rb +11 -12
data/lib/rack/multipart/parser.rb +292 -161
data/lib/rack/multipart/uploaded_file.rb +3 -2
data/lib/rack/multipart.rb +38 -8
data/lib/rack/{nulllogger.rb → null_logger.rb} +3 -1
data/lib/rack/query_parser.rb +218 -0
data/lib/rack/recursive.rb +11 -9
data/lib/rack/reloader.rb +10 -4
data/lib/rack/request.rb +447 -305
data/lib/rack/response.rb +196 -83
data/lib/rack/rewindable_input.rb +5 -14
data/lib/rack/runtime.rb +12 -18
data/lib/rack/sendfile.rb +19 -14
data/lib/rack/server.rb +118 -41
data/lib/rack/session/abstract/id.rb +139 -94
data/lib/rack/session/cookie.rb +34 -26
data/lib/rack/session/memcache.rb +4 -93
data/lib/rack/session/pool.rb +12 -10
data/lib/rack/show_exceptions.rb +392 -0
data/lib/rack/{showstatus.rb → show_status.rb} +7 -5
data/lib/rack/static.rb +41 -11
data/lib/rack/tempfile_reaper.rb +4 -2
data/lib/rack/urlmap.rb +25 -15
data/lib/rack/utils.rb +203 -277
data/lib/rack.rb +76 -24
data/rack.gemspec +25 -14
metadata +62 -183
data/HISTORY.md +0 -375
data/KNOWN-ISSUES +0 -44
data/lib/rack/backports/uri/common_18.rb +0 -56
data/lib/rack/backports/uri/common_192.rb +0 -52
data/lib/rack/backports/uri/common_193.rb +0 -29
data/lib/rack/handler/evented_mongrel.rb +0 -8
data/lib/rack/handler/mongrel.rb +0 -106
data/lib/rack/handler/swiftiplied_mongrel.rb +0 -8
data/lib/rack/showexceptions.rb +0 -387
data/lib/rack/utils/okjson.rb +0 -600
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -8
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -81
data/test/spec_auth_digest.rb +0 -259
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -223
data/test/spec_cascade.rb +0 -61
data/test/spec_cgi.rb +0 -102
data/test/spec_chunked.rb +0 -101
data/test/spec_commonlogger.rb +0 -93
data/test/spec_conditionalget.rb +0 -102
data/test/spec_config.rb +0 -22
data/test/spec_content_length.rb +0 -85
data/test/spec_content_type.rb +0 -45
data/test/spec_deflater.rb +0 -339
data/test/spec_directory.rb +0 -88
data/test/spec_etag.rb +0 -107
data/test/spec_fastcgi.rb +0 -107
data/test/spec_file.rb +0 -221
data/test/spec_handler.rb +0 -72
data/test/spec_head.rb +0 -45
data/test/spec_lint.rb +0 -550
data/test/spec_lobster.rb +0 -58
data/test/spec_lock.rb +0 -164
data/test/spec_logger.rb +0 -23
data/test/spec_methodoverride.rb +0 -111
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -297
data/test/spec_mongrel.rb +0 -182
data/test/spec_multipart.rb +0 -600
data/test/spec_nulllogger.rb +0 -20
data/test/spec_recursive.rb +0 -72
data/test/spec_request.rb +0 -1232
data/test/spec_response.rb +0 -407
data/test/spec_rewindable_input.rb +0 -118
data/test/spec_runtime.rb +0 -49
data/test/spec_sendfile.rb +0 -130
data/test/spec_server.rb +0 -167
data/test/spec_session_abstract_id.rb +0 -53
data/test/spec_session_cookie.rb +0 -410
data/test/spec_session_memcache.rb +0 -358
data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
data/test/spec_session_pool.rb +0 -246
data/test/spec_showexceptions.rb +0 -98
data/test/spec_showstatus.rb +0 -103
data/test/spec_static.rb +0 -145
data/test/spec_tempfile_reaper.rb +0 -63
data/test/spec_thin.rb +0 -91
data/test/spec_urlmap.rb +0 -236
data/test/spec_utils.rb +0 -647
data/test/spec_version.rb +0 -17
data/test/spec_webrick.rb +0 -184
data/test/static/another/index.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/multipart/parser.rb CHANGED Viewed

@@ -1,252 +1,383 @@
+# frozen_string_literal: true
 require 'rack/utils'
+require 'strscan'
+require 'rack/core_ext/regexp'
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
+    class MultipartTotalPartLimitError < StandardError; end
     class Parser
-      BUFSIZE = 16384
-      DUMMY = Struct.new(:parse).new
+      using ::Rack::RegexpExtensions
-      def self.create(env)
-        return DUMMY unless env['CONTENT_TYPE'] =~ MULTIPART
+      BUFSIZE = 1_048_576
+      TEXT_PLAIN = "text/plain"
+      TEMPFILE_FACTORY = lambda { |filename, content_type|
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
+      }
-        io = env['rack.input']
-        io.rewind
+      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
-        content_length = env['CONTENT_LENGTH']
-        content_length = content_length.to_i if content_length
+      class BoundedIO # :nodoc:
+        def initialize(io, content_length)
+          @io             = io
+          @content_length = content_length
+          @cursor = 0
+        end
-        tempfile = env['rack.multipart.tempfile_factory'] ||
-          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
-        bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
+        def read(size, outbuf = nil)
+          return if @cursor >= @content_length
-        new($1, io, content_length, env, tempfile, bufsize)
-      end
+          left = @content_length - @cursor
-      def initialize(boundary, io, content_length, env, tempfile, bufsize)
-        @buf            = ""
+          str = if left < size
+                  @io.read left, outbuf
+                else
+                  @io.read size, outbuf
+                end
-        if @buf.respond_to? :force_encoding
-          @buf.force_encoding Encoding::ASCII_8BIT
-        end
+          if str
+            @cursor += str.bytesize
+          else
+            # Raise an error for mismatching Content-Length and actual contents
+            raise EOFError, "bad content body"
+          end
-        @params         = Utils::KeySpaceConstrainedParams.new
-        @boundary       = "--#{boundary}"
-        @io             = io
-        @content_length = content_length
-        @boundary_size  = Utils.bytesize(@boundary) + EOL.size
-        @env = env
-        @tempfile       = tempfile
-        @bufsize        = bufsize
+          str
+        end
-        if @content_length
-          @content_length -= @boundary_size
+        def rewind
+          @io.rewind
         end
+      end
+      MultipartInfo = Struct.new :params, :tmp_files
+      EMPTY         = MultipartInfo.new(nil, [])
-        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
-        @full_boundary = @boundary + EOL
+      def self.parse_boundary(content_type)
+        return unless content_type
+        data = content_type.match(MULTIPART)
+        return unless data
+        data[1]
       end
-      def parse
-        fast_forward_to_first_boundary
+      def self.parse(io, content_length, content_type, tmpfile, bufsize, qp)
+        return EMPTY if 0 == content_length
+        boundary = parse_boundary content_type
+        return EMPTY unless boundary
+        io = BoundedIO.new(io, content_length) if content_length
+        outbuf = String.new
+        parser = new(boundary, tmpfile, bufsize, qp)
+        parser.on_read io.read(bufsize, outbuf)
-        opened_files = 0
         loop do
+          break if parser.state == :DONE
+          parser.on_read io.read(bufsize, outbuf)
+        end
+        io.rewind
+        parser.result
+      end
-          head, filename, content_type, name, body =
-            get_current_head_and_filename_and_content_type_and_name_and_body
+      class Collector
+        class MimePart < Struct.new(:body, :head, :filename, :content_type, :name)
+          def get_data
+            data = body
+            if filename == ""
+              # filename is blank which means no file has been selected
+              return
+            elsif filename
+              body.rewind if body.respond_to?(:rewind)
+              # Take the basename of the upload's original filename.
+              # This handles the full Windows paths given by Internet Explorer
+              # (and perhaps other broken user agents) without affecting
+              # those which give the lone filename.
+              fn = filename.split(/[\/\\]/).last
+              data = { filename: fn, type: content_type,
+                      name: name, tempfile: body, head: head }
+            elsif !filename && content_type && body.is_a?(IO)
+              body.rewind
+              # Generic multipart cases, not coming from a form
+              data = { type: content_type,
+                      name: name, tempfile: body, head: head }
+            end
-          if Utils.multipart_part_limit > 0
-            opened_files += 1 if filename
-            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+            yield data
           end
+        end
+        class BufferPart < MimePart
+          def file?; false; end
+          def close; end
+        end
-          # Save the rest.
-          if i = @buf.index(rx)
-            body << @buf.slice!(0, i)
-            @buf.slice!(0, @boundary_size+2)
+        class TempfilePart < MimePart
+          def file?; true; end
+          def close; body.close; end
+        end
-            @content_length = -1  if $1 == "--"
-          end
+        include Enumerable
-          get_data(filename, body, content_type, name, head) do |data|
-            tag_multipart_encoding(filename, content_type, name, data)
+        def initialize tempfile
+          @tempfile = tempfile
+          @mime_parts = []
+          @open_files = 0
+        end
+        def each
+          @mime_parts.each { |part| yield part }
+        end
-            Utils.normalize_params(@params, name, data)
+        def on_mime_head mime_index, head, filename, content_type, name
+          if filename
+            body = @tempfile.call(filename, content_type)
+            body.binmode if body.respond_to?(:binmode)
+            klass = TempfilePart
+            @open_files += 1
+          else
+            body = String.new
+            klass = BufferPart
           end
-          # break if we're at the end of a buffer, but not if it is the end of a field
-          break if (@buf.empty? && $1 != EOL) || @content_length == -1
-        end
+          @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
-        @io.rewind
+          check_part_limits
+        end
-        @params.to_params_hash
-      end
+        def on_mime_body mime_index, content
+          @mime_parts[mime_index].body << content
+        end
-      private
-      def full_boundary; @full_boundary; end
+        def on_mime_finish mime_index
+        end
-      def rx; @rx; end
+        private
-      def fast_forward_to_first_boundary
-        loop do
-          content = @io.read(@bufsize)
-          raise EOFError, "bad content body" unless content
-          @buf << content
+        def check_part_limits
+          file_limit = Utils.multipart_file_limit
+          part_limit = Utils.multipart_total_part_limit
-          while @buf.gsub!(/\A([^\n]*\n)/, '')
-            read_buffer = $1
-            return if read_buffer == full_boundary
+          if file_limit && file_limit > 0
+            if @open_files >= file_limit
+              @mime_parts.each(&:close)
+              raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
+            end
           end
-          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= @bufsize
+          if part_limit && part_limit > 0
+            if @mime_parts.size >= part_limit
+              @mime_parts.each(&:close)
+              raise MultipartTotalPartLimitError, 'Maximum total multiparts in content reached'
+            end
+          end
         end
       end
-      def get_current_head_and_filename_and_content_type_and_name_and_body
-        head = nil
-        body = ''
+      attr_reader :state
-        if body.respond_to? :force_encoding
-          body.force_encoding Encoding::ASCII_8BIT
-        end
+      def initialize(boundary, tempfile, bufsize, query_parser)
+        @query_parser   = query_parser
+        @params         = query_parser.make_params
+        @boundary       = "--#{boundary}"
+        @bufsize        = bufsize
-        filename = content_type = name = nil
+        @full_boundary = @boundary
+        @end_boundary = @boundary + '--'
+        @state = :FAST_FORWARD
+        @mime_index = 0
+        @collector = Collector.new tempfile
-        until head && @buf =~ rx
-          if !head && i = @buf.index(EOL+EOL)
-            head = @buf.slice!(0, i+2) # First \r\n
+        @sbuf = StringScanner.new("".dup)
+        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @head_regex = /(.*?#{EOL})#{EOL}/m
+      end
-            @buf.slice!(0, 2)          # Second \r\n
+      def on_read content
+        handle_empty_content!(content)
+        @sbuf.concat content
+        run_parser
+      end
-            content_type = head[MULTIPART_CONTENT_TYPE, 1]
-            name = head[MULTIPART_CONTENT_DISPOSITION, 1] || head[MULTIPART_CONTENT_ID, 1]
+      def result
+        @collector.each do |part|
+          part.get_data do |data|
+            tag_multipart_encoding(part.filename, part.content_type, part.name, data)
+            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
+          end
+        end
+        MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
+      end
-            filename = get_filename(head)
+      private
-            if name.nil? || name.empty? && filename
-              name = filename
-            end
+      def run_parser
+        loop do
+          case @state
+          when :FAST_FORWARD
+            break if handle_fast_forward == :want_read
+          when :CONSUME_TOKEN
+            break if handle_consume_token == :want_read
+          when :MIME_HEAD
+            break if handle_mime_head == :want_read
+          when :MIME_BODY
+            break if handle_mime_body == :want_read
+          when :DONE
+            break
+          end
+        end
+      end
-            if filename
-              (@env['rack.tempfiles'] ||= []) << body = @tempfile.call(filename, content_type)
-              body.binmode  if body.respond_to?(:binmode)
-            end
+      def handle_fast_forward
+        if consume_boundary
+          @state = :MIME_HEAD
+        else
+          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
+          :want_read
+        end
+      end
+      def handle_consume_token
+        tok = consume_boundary
+        # break if we're at the end of a buffer, but not if it is the end of a field
+        @state = if tok == :END_BOUNDARY || (@sbuf.eos? && tok != :BOUNDARY)
+          :DONE
+        else
+          :MIME_HEAD
+        end
+      end
-            next
+      def handle_mime_head
+        if @sbuf.scan_until(@head_regex)
+          head = @sbuf[1]
+          content_type = head[MULTIPART_CONTENT_TYPE, 1]
+          if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
+            name = Rack::Auth::Digest::Params::dequote(name)
+          else
+            name = head[MULTIPART_CONTENT_ID, 1]
           end
-          # Save the read body part.
-          if head && (@boundary_size+4 < @buf.size)
-            body << @buf.slice!(0, @buf.size - (@boundary_size+4))
+          filename = get_filename(head)
+          if name.nil? || name.empty?
+            name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
-          content = @io.read(@content_length && @bufsize >= @content_length ? @content_length : @bufsize)
-          raise EOFError, "bad content body"  if content.nil? || content.empty?
+          @collector.on_mime_head @mime_index, head, filename, content_type, name
+          @state = :MIME_BODY
+        else
+          :want_read
+        end
+      end
-          @buf << content
-          @content_length -= content.size if @content_length
+      def handle_mime_body
+        if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
+          body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
+          @collector.on_mime_body @mime_index, body
+          @sbuf.pos += body.length + 2 # skip \r\n after the content
+          @state = :CONSUME_TOKEN
+          @mime_index += 1
+        else
+          # Save what we have so far
+          if @rx_max_size < @sbuf.rest_size
+            delta = @sbuf.rest_size - @rx_max_size
+            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
+            @sbuf.pos += delta
+            @sbuf.string = @sbuf.rest
+          end
+          :want_read
         end
+      end
-        [head, filename, content_type, name, body]
+      def full_boundary; @full_boundary; end
+      def consume_boundary
+        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
+          case read_buffer.strip
+          when full_boundary then return :BOUNDARY
+          when @end_boundary then return :END_BOUNDARY
+          end
+          return if @sbuf.eos?
+        end
       end
       def get_filename(head)
         filename = nil
         case head
         when RFC2183
-          filename = Hash[head.scan(DISPPARM)]['filename']
-          filename = $1 if filename and filename =~ /^"(.*)"$/
-        when BROKEN_QUOTED, BROKEN_UNQUOTED
+          params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
+          if filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
+          elsif filename = params['filename*']
+            encoding, _, filename = filename.split("'", 3)
+          end
+        when BROKEN
           filename = $1
+          filename = $1 if filename =~ /^"(.*)"$/
         end
         return unless filename
-        if filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
-          filename = Utils.unescape(filename)
+        if filename.scan(/%.?.?/).all? { |s| /%[0-9a-fA-F]{2}/.match?(s) }
+          filename = Utils.unescape_path(filename)
         end
-        scrub_filename filename
+        filename.scrub!
         if filename !~ /\\[^\\"]/
           filename = filename.gsub(/\\(.)/, '\1')
         end
-        filename
-      end
-      if "<3".respond_to? :valid_encoding?
-        def scrub_filename(filename)
-          unless filename.valid_encoding?
-            # FIXME: this force_encoding is for Ruby 2.0 and 1.9 support.
-            # We can remove it after they are dropped
-            filename.force_encoding(Encoding::ASCII_8BIT)
-            filename.encode!(:invalid => :replace, :undef => :replace)
-          end
+        if encoding
+          filename.force_encoding ::Encoding.find(encoding)
         end
-        CHARSET    = "charset"
-        TEXT_PLAIN = "text/plain"
+        filename
+      end
+      CHARSET = "charset"
-        def tag_multipart_encoding(filename, content_type, name, body)
-          name.force_encoding Encoding::UTF_8
+      def tag_multipart_encoding(filename, content_type, name, body)
+        name = name.to_s
+        encoding = Encoding::UTF_8
-          return if filename
+        name.force_encoding(encoding)
-          encoding = Encoding::UTF_8
+        return if filename
-          if content_type
-            list         = content_type.split(';')
-            type_subtype = list.first
-            type_subtype.strip!
-            if TEXT_PLAIN == type_subtype
-              rest         = list.drop 1
-              rest.each do |param|
-                k,v = param.split('=', 2)
-                k.strip!
-                v.strip!
-                encoding = Encoding.find v if k == CHARSET
-              end
+        if content_type
+          list         = content_type.split(';')
+          type_subtype = list.first
+          type_subtype.strip!
+          if TEXT_PLAIN == type_subtype
+            rest         = list.drop 1
+            rest.each do |param|
+              k, v = param.split('=', 2)
+              k.strip!
+              v.strip!
+              v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
+              encoding = Encoding.find v if k == CHARSET
             end
           end
-          name.force_encoding encoding
-          body.force_encoding encoding
-        end
-      else
-        def scrub_filename(filename)
-        end
-        def tag_multipart_encoding(filename, content_type, name, body)
         end
-      end
-      def get_data(filename, body, content_type, name, head)
-        data = body
-        if filename == ""
-          # filename is blank which means no file has been selected
-          return
-        elsif filename
-          body.rewind if body.respond_to?(:rewind)
-          # Take the basename of the upload's original filename.
-          # This handles the full Windows paths given by Internet Explorer
-          # (and perhaps other broken user agents) without affecting
-          # those which give the lone filename.
-          filename = filename.split(/[\/\\]/).last
-          data = {:filename => filename, :type => content_type,
-                  :name => name, :tempfile => body, :head => head}
-        elsif !filename && content_type && body.is_a?(IO)
-          body.rewind
+        name.force_encoding(encoding)
+        body.force_encoding(encoding)
+      end
-          # Generic multipart cases, not coming from a form
-          data = {:type => content_type,
-                  :name => name, :tempfile => body, :head => head}
+      def handle_empty_content!(content)
+        if content.nil? || content.empty?
+          raise EOFError
         end
-        yield data
       end
     end
   end

data/lib/rack/multipart/uploaded_file.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Rack
   module Multipart
     class UploadedFile
@@ -11,8 +13,7 @@ module Rack
         raise "#{path} file does not exist" unless ::File.exist?(path)
         @content_type = content_type
         @original_filename = ::File.basename(path)
-        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)])
-        @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding)
+        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY)
         @tempfile.binmode if binary
         FileUtils.copy_file(path, @tempfile.path)
       end

data/lib/rack/multipart.rb CHANGED Viewed

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
+require 'rack/multipart/parser'
 module Rack
   # A multipart form data parser, adapted from IOWA.
   #
   # Usually, Rack::Request#POST takes care of calling this.
   module Multipart
     autoload :UploadedFile, 'rack/multipart/uploaded_file'
-    autoload :Parser, 'rack/multipart/parser'
     autoload :Generator, 'rack/multipart/generator'
     EOL = "\r\n"
@@ -12,17 +15,44 @@ module Rack
     MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
-    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
-    BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
-    BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
+    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+    BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name="?([^\";]*)"?/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    # Updated definitions from RFC 2231
+    ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
+    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
+    SECTION = /\*[0-9]+/
+    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
+    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
+    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
+    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
+    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
+    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
+    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
+    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
+    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
+    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
+    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
     class << self
-      def parse_multipart(env)
-        Parser.create(env).parse
+      def parse_multipart(env, params = Rack::Utils.default_query_parser)
+        extract_multipart Rack::Request.new(env), params
+      end
+      def extract_multipart(req, params = Rack::Utils.default_query_parser)
+        io = req.get_header(RACK_INPUT)
+        io.rewind
+        content_length = req.content_length
+        content_length = content_length.to_i if content_length
+        tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY
+        bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE
+        info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params
+        req.set_header(RACK_TEMPFILES, info.tmp_files)
+        info.params
       end
       def build_multipart(params, first = true)

data/lib/rack/{nulllogger.rb → null_logger.rb} RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Rack
   class NullLogger
     def initialize(app)
@@ -5,7 +7,7 @@ module Rack
     end
     def call(env)
-      env['rack.logger'] = self
+      env[RACK_LOGGER] = self
       @app.call(env)
     end