RubyGems - rack - Versions diffs - 1.6.13 → 2.2.3 - Mend

rack 1.6.13 → 2.2.3

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (191) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +694 -0
data/CONTRIBUTING.md +136 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +157 -163
data/Rakefile +38 -32
data/{SPEC → SPEC.rdoc} +41 -13
data/bin/rackup +1 -0
data/contrib/rack_logo.svg +164 -111
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +4 -2
data/example/protectedlobster.ru +3 -1
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +6 -2
data/lib/rack/auth/basic.rb +7 -4
data/lib/rack/auth/digest/md5.rb +13 -11
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +5 -4
data/lib/rack/auth/digest/request.rb +6 -4
data/lib/rack/body_proxy.rb +21 -15
data/lib/rack/builder.rb +119 -26
data/lib/rack/cascade.rb +28 -12
data/lib/rack/chunked.rb +70 -22
data/lib/rack/common_logger.rb +80 -0
data/lib/rack/{conditionalget.rb → conditional_get.rb} +20 -16
data/lib/rack/config.rb +2 -0
data/lib/rack/content_length.rb +9 -8
data/lib/rack/content_type.rb +5 -4
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +60 -70
data/lib/rack/directory.rb +117 -85
data/lib/rack/etag.rb +9 -7
data/lib/rack/events.rb +153 -0
data/lib/rack/file.rb +4 -149
data/lib/rack/files.rb +218 -0
data/lib/rack/handler/cgi.rb +17 -19
data/lib/rack/handler/fastcgi.rb +17 -18
data/lib/rack/handler/lsws.rb +14 -14
data/lib/rack/handler/scgi.rb +22 -21
data/lib/rack/handler/thin.rb +6 -3
data/lib/rack/handler/webrick.rb +39 -32
data/lib/rack/handler.rb +9 -26
data/lib/rack/head.rb +16 -18
data/lib/rack/lint.rb +110 -64
data/lib/rack/lobster.rb +10 -10
data/lib/rack/lock.rb +17 -11
data/lib/rack/logger.rb +4 -2
data/lib/rack/media_type.rb +43 -0
data/lib/rack/{methodoverride.rb → method_override.rb} +10 -8
data/lib/rack/mime.rb +27 -6
data/lib/rack/mock.rb +124 -65
data/lib/rack/multipart/generator.rb +20 -16
data/lib/rack/multipart/parser.rb +273 -162
data/lib/rack/multipart/uploaded_file.rb +15 -8
data/lib/rack/multipart.rb +39 -8
data/lib/rack/{nulllogger.rb → null_logger.rb} +3 -1
data/lib/rack/query_parser.rb +217 -0
data/lib/rack/recursive.rb +11 -9
data/lib/rack/reloader.rb +8 -4
data/lib/rack/request.rb +553 -305
data/lib/rack/response.rb +244 -88
data/lib/rack/rewindable_input.rb +5 -15
data/lib/rack/runtime.rb +12 -18
data/lib/rack/sendfile.rb +17 -15
data/lib/rack/server.rb +125 -47
data/lib/rack/session/abstract/id.rb +141 -93
data/lib/rack/session/cookie.rb +35 -29
data/lib/rack/session/memcache.rb +4 -93
data/lib/rack/session/pool.rb +13 -11
data/lib/rack/show_exceptions.rb +390 -0
data/lib/rack/{showstatus.rb → show_status.rb} +12 -12
data/lib/rack/static.rb +48 -11
data/lib/rack/tempfile_reaper.rb +3 -3
data/lib/rack/urlmap.rb +26 -19
data/lib/rack/utils.rb +212 -294
data/lib/rack/version.rb +29 -0
data/lib/rack.rb +76 -33
data/rack.gemspec +43 -30
metadata +65 -187
data/HISTORY.md +0 -375
data/KNOWN-ISSUES +0 -44
data/lib/rack/backports/uri/common_18.rb +0 -56
data/lib/rack/backports/uri/common_192.rb +0 -52
data/lib/rack/backports/uri/common_193.rb +0 -29
data/lib/rack/commonlogger.rb +0 -72
data/lib/rack/handler/evented_mongrel.rb +0 -8
data/lib/rack/handler/mongrel.rb +0 -106
data/lib/rack/handler/swiftiplied_mongrel.rb +0 -8
data/lib/rack/showexceptions.rb +0 -387
data/lib/rack/utils/okjson.rb +0 -600
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -8
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -81
data/test/spec_auth_digest.rb +0 -259
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -223
data/test/spec_cascade.rb +0 -61
data/test/spec_cgi.rb +0 -102
data/test/spec_chunked.rb +0 -101
data/test/spec_commonlogger.rb +0 -93
data/test/spec_conditionalget.rb +0 -102
data/test/spec_config.rb +0 -22
data/test/spec_content_length.rb +0 -85
data/test/spec_content_type.rb +0 -45
data/test/spec_deflater.rb +0 -339
data/test/spec_directory.rb +0 -88
data/test/spec_etag.rb +0 -107
data/test/spec_fastcgi.rb +0 -107
data/test/spec_file.rb +0 -221
data/test/spec_handler.rb +0 -72
data/test/spec_head.rb +0 -45
data/test/spec_lint.rb +0 -550
data/test/spec_lobster.rb +0 -58
data/test/spec_lock.rb +0 -164
data/test/spec_logger.rb +0 -23
data/test/spec_methodoverride.rb +0 -111
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -297
data/test/spec_mongrel.rb +0 -182
data/test/spec_multipart.rb +0 -600
data/test/spec_nulllogger.rb +0 -20
data/test/spec_recursive.rb +0 -72
data/test/spec_request.rb +0 -1232
data/test/spec_response.rb +0 -407
data/test/spec_rewindable_input.rb +0 -118
data/test/spec_runtime.rb +0 -49
data/test/spec_sendfile.rb +0 -130
data/test/spec_server.rb +0 -167
data/test/spec_session_abstract_id.rb +0 -53
data/test/spec_session_cookie.rb +0 -410
data/test/spec_session_memcache.rb +0 -358
data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
data/test/spec_session_pool.rb +0 -246
data/test/spec_showexceptions.rb +0 -98
data/test/spec_showstatus.rb +0 -103
data/test/spec_static.rb +0 -145
data/test/spec_tempfile_reaper.rb +0 -63
data/test/spec_thin.rb +0 -91
data/test/spec_urlmap.rb +0 -236
data/test/spec_utils.rb +0 -647
data/test/spec_version.rb +0 -17
data/test/spec_webrick.rb +0 -184
data/test/static/another/index.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/query_parser.rb ADDED Viewed

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+module Rack
+  class QueryParser
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
+    DEFAULT_SEP = /[&;] */n
+    COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
+    # ParameterTypeError is the error that is raised when incoming structural
+    # parameters (parsed by parse_nested_query) contain conflicting types.
+    class ParameterTypeError < TypeError; end
+    # InvalidParameterError is the error that is raised when incoming structural
+    # parameters (parsed by parse_nested_query) contain invalid format or byte
+    # sequence.
+    class InvalidParameterError < ArgumentError; end
+    def self.make_default(key_space_limit, param_depth_limit)
+      new Params, key_space_limit, param_depth_limit
+    end
+    attr_reader :key_space_limit, :param_depth_limit
+    def initialize(params_class, key_space_limit, param_depth_limit)
+      @params_class = params_class
+      @key_space_limit = key_space_limit
+      @param_depth_limit = param_depth_limit
+    end
+    # Stolen from Mongrel, with some small modifications:
+    # Parses a query string by breaking it up at the '&'
+    # and ';' characters.  You can also use this to parse
+    # cookies by changing the characters used in the second
+    # parameter (which defaults to '&;').
+    def parse_query(qs, d = nil, &unescaper)
+      unescaper ||= method(:unescape)
+      params = make_params
+      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+        next if p.empty?
+        k, v = p.split('=', 2).map!(&unescaper)
+        if cur = params[k]
+          if cur.class == Array
+            params[k] << v
+          else
+            params[k] = [cur, v]
+          end
+        else
+          params[k] = v
+        end
+      end
+      return params.to_h
+    end
+    # parse_nested_query expands a query string into structural types. Supported
+    # types are Arrays, Hashes and basic value types. It is possible to supply
+    # query strings with parameters of conflicting types, in this case a
+    # ParameterTypeError is raised. Users are encouraged to return a 400 in this
+    # case.
+    def parse_nested_query(qs, d = nil)
+      params = make_params
+      unless qs.nil? || qs.empty?
+        (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+          k, v = p.split('=', 2).map! { |s| unescape(s) }
+          normalize_params(params, k, v, param_depth_limit)
+        end
+      end
+      return params.to_h
+    rescue ArgumentError => e
+      raise InvalidParameterError, e.message, e.backtrace
+    end
+    # normalize_params recursively expands parameters into structural types. If
+    # the structural types represented by two different parameter names are in
+    # conflict, a ParameterTypeError is raised.
+    def normalize_params(params, name, v, depth)
+      raise RangeError if depth <= 0
+      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
+      k = $1 || ''
+      after = $' || ''
+      if k.empty?
+        if !v.nil? && name == "[]"
+          return Array(v)
+        else
+          return
+        end
+      end
+      if after == ''
+        params[k] = v
+      elsif after == "["
+        params[name] = v
+      elsif after == "[]"
+        params[k] ||= []
+        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+        params[k] << v
+      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
+        child_key = $1
+        params[k] ||= []
+        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+        if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
+          normalize_params(params[k].last, child_key, v, depth - 1)
+        else
+          params[k] << normalize_params(make_params, child_key, v, depth - 1)
+        end
+      else
+        params[k] ||= make_params
+        raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
+        params[k] = normalize_params(params[k], after, v, depth - 1)
+      end
+      params
+    end
+    def make_params
+      @params_class.new @key_space_limit
+    end
+    def new_space_limit(key_space_limit)
+      self.class.new @params_class, key_space_limit, param_depth_limit
+    end
+    def new_depth_limit(param_depth_limit)
+      self.class.new @params_class, key_space_limit, param_depth_limit
+    end
+    private
+    def params_hash_type?(obj)
+      obj.kind_of?(@params_class)
+    end
+    def params_hash_has_key?(hash, key)
+      return false if /\[\]/.match?(key)
+      key.split(/[\[\]]+/).inject(hash) do |h, part|
+        next h if part == ''
+        return false unless params_hash_type?(h) && h.key?(part)
+        h[part]
+      end
+      true
+    end
+    def unescape(s)
+      Utils.unescape(s)
+    end
+    class Params
+      def initialize(limit)
+        @limit  = limit
+        @size   = 0
+        @params = {}
+      end
+      def [](key)
+        @params[key]
+      end
+      def []=(key, value)
+        @size += key.size if key && !@params.key?(key)
+        raise RangeError, 'exceeded available parameter key space' if @size > @limit
+        @params[key] = value
+      end
+      def key?(key)
+        @params.key?(key)
+      end
+      # Recursively unwraps nested `Params` objects and constructs an object
+      # of the same shape, but using the objects' internal representations
+      # (Ruby hashes) in place of the objects. The result is a hash consisting
+      # purely of Ruby primitives.
+      #
+      #   Mutation warning!
+      #
+      #   1. This method mutates the internal representation of the `Params`
+      #      objects in order to save object allocations.
+      #
+      #   2. The value you get back is a reference to the internal hash
+      #      representation, not a copy.
+      #
+      #   3. Because the `Params` object's internal representation is mutable
+      #      through the `#[]=` method, it is not thread safe. The result of
+      #      getting the hash representation while another thread is adding a
+      #      key to it is non-deterministic.
+      #
+      def to_h
+        @params.each do |key, value|
+          case value
+          when self
+            # Handle circular references gracefully.
+            @params[key] = @params
+          when Params
+            @params[key] = value.to_h
+          when Array
+            value.map! { |v| v.kind_of?(Params) ? v.to_h : v }
+          else
+            # Ignore anything that is not a `Params` object or
+            # a collection that can contain one.
+          end
+        end
+        @params
+      end
+      alias_method :to_params_hash, :to_h
+    end
+  end
+end

data/lib/rack/recursive.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'uri'
 module Rack
@@ -10,15 +12,15 @@ module Rack
   class ForwardRequest < Exception
     attr_reader :url, :env
-    def initialize(url, env={})
+    def initialize(url, env = {})
       @url = URI(url)
       @env = env
-      @env[PATH_INFO] =         @url.path
-      @env[QUERY_STRING] =      @url.query  if @url.query
-      @env["HTTP_HOST"] =       @url.host   if @url.host
-      @env["HTTP_PORT"] =       @url.port   if @url.port
-      @env["rack.url_scheme"] = @url.scheme if @url.scheme
+      @env[PATH_INFO]       = @url.path
+      @env[QUERY_STRING]    = @url.query  if @url.query
+      @env[HTTP_HOST]       = @url.host   if @url.host
+      @env[HTTP_PORT]       = @url.port   if @url.port
+      @env[RACK_URL_SCHEME] = @url.scheme if @url.scheme
       super "forwarding to #{url}"
     end
@@ -40,7 +42,7 @@ module Rack
     def _call(env)
       @script_name = env[SCRIPT_NAME]
-      @app.call(env.merge('rack.recursive.include' => method(:include)))
+      @app.call(env.merge(RACK_RECURSIVE_INCLUDE => method(:include)))
     rescue ForwardRequest => req
       call(env.merge(req.env))
     end
@@ -53,9 +55,9 @@ module Rack
       env = env.merge(PATH_INFO => path,
                       SCRIPT_NAME => @script_name,
-                      REQUEST_METHOD => "GET",
+                      REQUEST_METHOD => GET,
                       "CONTENT_LENGTH" => "0", "CONTENT_TYPE" => "",
-                      "rack.input" => StringIO.new(""))
+                      RACK_INPUT => StringIO.new(""))
       @app.call(env)
     end
   end

data/lib/rack/reloader.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-#          Copyright (c) 2009 Michael Fellinger m.fellinger@gmail.com
-#       Rack::Reloader is subject to the terms of an MIT-style license.
-#      See COPYING or http://www.opensource.org/licenses/mit-license.php.
+# frozen_string_literal: true
+# Copyright (C) 2009-2018 Michael Fellinger <m.fellinger@gmail.com>
+# Rack::Reloader is subject to the terms of an MIT-style license.
+# See MIT-LICENSE or https://opensource.org/licenses/MIT.
 require 'pathname'
@@ -20,6 +22,8 @@ module Rack
   # It is performing a check/reload cycle at the start of every request, but
   # also respects a cool down time, during which nothing will be done.
   class Reloader
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
     def initialize(app, cooldown = 10, backend = Stat)
       @app = app
       @cooldown = cooldown
@@ -69,7 +73,7 @@ module Rack
         paths = ['./', *$LOAD_PATH].uniq
         files.map{|file|
-          next if file =~ /\.(so|bundle)$/ # cannot reload compiled files
+          next if /\.(so|bundle)$/.match?(file) # cannot reload compiled files
           found, stat = figure_path(file, paths)
           next unless found && stat && mtime = stat.mtime