RubyGems - rack - Versions diffs - 2.0.9.3 → 3.0.0 - Mend

rack 2.0.9.3 → 3.0.0

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (201) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +808 -0
data/CONTRIBUTING.md +142 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.md +293 -0
data/SPEC.rdoc +340 -0
data/lib/rack/auth/abstract/handler.rb +6 -2
data/lib/rack/auth/abstract/request.rb +4 -2
data/lib/rack/auth/basic.rb +7 -4
data/lib/rack/auth/digest/md5.rb +1 -129
data/lib/rack/auth/digest/nonce.rb +1 -51
data/lib/rack/auth/digest/params.rb +1 -52
data/lib/rack/auth/digest/request.rb +1 -41
data/lib/rack/auth/digest.rb +256 -0
data/lib/rack/body_proxy.rb +18 -15
data/lib/rack/builder.rb +151 -40
data/lib/rack/cascade.rb +30 -12
data/lib/rack/chunked.rb +74 -23
data/lib/rack/common_logger.rb +49 -36
data/lib/rack/conditional_get.rb +33 -26
data/lib/rack/config.rb +2 -0
data/lib/rack/constants.rb +63 -0
data/lib/rack/content_length.rb +13 -16
data/lib/rack/content_type.rb +12 -8
data/lib/rack/deflater.rb +84 -45
data/lib/rack/directory.rb +90 -64
data/lib/rack/etag.rb +17 -23
data/lib/rack/events.rb +23 -20
data/lib/rack/file.rb +5 -172
data/lib/rack/files.rb +216 -0
data/lib/rack/head.rb +10 -9
data/lib/rack/headers.rb +154 -0
data/lib/rack/lint.rb +786 -645
data/lib/rack/lock.rb +4 -6
data/lib/rack/logger.rb +4 -0
data/lib/rack/media_type.rb +10 -5
data/lib/rack/method_override.rb +8 -2
data/lib/rack/mime.rb +17 -1
data/lib/rack/mock.rb +2 -195
data/lib/rack/mock_request.rb +166 -0
data/lib/rack/mock_response.rb +126 -0
data/lib/rack/multipart/generator.rb +21 -15
data/lib/rack/multipart/parser.rb +161 -118
data/lib/rack/multipart/uploaded_file.rb +19 -7
data/lib/rack/multipart.rb +23 -41
data/lib/rack/null_logger.rb +11 -0
data/lib/rack/query_parser.rb +126 -65
data/lib/rack/recursive.rb +9 -5
data/lib/rack/reloader.rb +6 -4
data/lib/rack/request.rb +331 -74
data/lib/rack/response.rb +223 -70
data/lib/rack/rewindable_input.rb +28 -8
data/lib/rack/runtime.rb +11 -8
data/lib/rack/sendfile.rb +42 -33
data/lib/rack/show_exceptions.rb +35 -18
data/lib/rack/show_status.rb +25 -15
data/lib/rack/static.rb +30 -18
data/lib/rack/tempfile_reaper.rb +16 -5
data/lib/rack/urlmap.rb +14 -6
data/lib/rack/utils.rb +268 -260
data/lib/rack/version.rb +34 -0
data/lib/rack.rb +15 -92
metadata +44 -207
data/HISTORY.md +0 -520
data/README.rdoc +0 -316
data/Rakefile +0 -116
data/SPEC +0 -263
data/bin/rackup +0 -4
data/contrib/rack.png +0 -0
data/contrib/rack.svg +0 -150
data/contrib/rack_logo.svg +0 -164
data/contrib/rdoc.css +0 -412
data/example/lobster.ru +0 -4
data/example/protectedlobster.rb +0 -14
data/example/protectedlobster.ru +0 -8
data/lib/rack/handler/cgi.rb +0 -60
data/lib/rack/handler/fastcgi.rb +0 -100
data/lib/rack/handler/lsws.rb +0 -61
data/lib/rack/handler/scgi.rb +0 -70
data/lib/rack/handler/thin.rb +0 -36
data/lib/rack/handler/webrick.rb +0 -120
data/lib/rack/handler.rb +0 -99
data/lib/rack/lobster.rb +0 -70
data/lib/rack/server.rb +0 -395
data/lib/rack/session/abstract/id.rb +0 -510
data/lib/rack/session/cookie.rb +0 -204
data/lib/rack/session/memcache.rb +0 -99
data/lib/rack/session/pool.rb +0 -83
data/rack.gemspec +0 -34
data/test/builder/an_underscore_app.rb +0 -5
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -9
data/test/cgi/test.gz +0 -0
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/helper.rb +0 -34
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_encoded_words +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_single_quote +0 -7
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/quoted +0 -15
data/test/multipart/rack-logo.png +0 -0
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/unity3d_wwwform +0 -11
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -89
data/test/spec_auth_digest.rb +0 -260
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -233
data/test/spec_cascade.rb +0 -63
data/test/spec_cgi.rb +0 -84
data/test/spec_chunked.rb +0 -103
data/test/spec_common_logger.rb +0 -107
data/test/spec_conditional_get.rb +0 -103
data/test/spec_config.rb +0 -23
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -46
data/test/spec_deflater.rb +0 -375
data/test/spec_directory.rb +0 -148
data/test/spec_etag.rb +0 -108
data/test/spec_events.rb +0 -133
data/test/spec_fastcgi.rb +0 -85
data/test/spec_file.rb +0 -264
data/test/spec_handler.rb +0 -57
data/test/spec_head.rb +0 -46
data/test/spec_lint.rb +0 -520
data/test/spec_lobster.rb +0 -59
data/test/spec_lock.rb +0 -204
data/test/spec_logger.rb +0 -24
data/test/spec_media_type.rb +0 -42
data/test/spec_method_override.rb +0 -110
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -359
data/test/spec_multipart.rb +0 -721
data/test/spec_null_logger.rb +0 -21
data/test/spec_recursive.rb +0 -75
data/test/spec_request.rb +0 -1423
data/test/spec_response.rb +0 -528
data/test/spec_rewindable_input.rb +0 -128
data/test/spec_runtime.rb +0 -50
data/test/spec_sendfile.rb +0 -125
data/test/spec_server.rb +0 -193
data/test/spec_session_abstract_id.rb +0 -31
data/test/spec_session_abstract_session_hash.rb +0 -45
data/test/spec_session_cookie.rb +0 -442
data/test/spec_session_memcache.rb +0 -357
data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
data/test/spec_session_pool.rb +0 -247
data/test/spec_show_exceptions.rb +0 -93
data/test/spec_show_status.rb +0 -104
data/test/spec_static.rb +0 -184
data/test/spec_tempfile_reaper.rb +0 -64
data/test/spec_thin.rb +0 -96
data/test/spec_urlmap.rb +0 -237
data/test/spec_utils.rb +0 -742
data/test/spec_version.rb +0 -11
data/test/spec_webrick.rb +0 -206
data/test/static/another/index.html +0 -1
data/test/static/foo.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/null_logger.rb CHANGED Viewed

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+require_relative 'constants'
 module Rack
   class NullLogger
     def initialize(app)
@@ -20,6 +24,11 @@ module Rack
     def warn? ;  end
     def error? ; end
     def fatal? ; end
+    def debug! ; end
+    def error! ; end
+    def fatal! ; end
+    def info! ; end
+    def warn! ; end
     def level ; end
     def progname ; end
     def datetime_format ; end
@@ -32,6 +41,8 @@ module Rack
     def sev_threshold=(sev_threshold); end
     def close ; end
     def add(severity, message = nil, progname = nil, &block); end
+    def log(severity, message = nil, progname = nil, &block); end
     def <<(msg); end
+    def reopen(logdev = nil); end
   end
 end

data/lib/rack/query_parser.rb CHANGED Viewed

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
 module Rack
   class QueryParser
-    DEFAULT_SEP = /[&;] */n
+    DEFAULT_SEP = /[&] */n
     COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
     # ParameterTypeError is the error that is raised when incoming structural
@@ -12,31 +14,41 @@ module Rack
     # sequence.
     class InvalidParameterError < ArgumentError; end
-    def self.make_default(key_space_limit, param_depth_limit)
-      new Params, key_space_limit, param_depth_limit
+    # ParamsTooDeepError is the error that is raised when params are recursively
+    # nested over the specified limit.
+    class ParamsTooDeepError < RangeError; end
+    def self.make_default(_key_space_limit=(not_deprecated = true; nil), param_depth_limit)
+      unless not_deprecated
+        warn("`first argument `key_space limit` is deprecated and no longer has an effect. Please call with only one argument, which will be required in a future version of Rack", uplevel: 1)
+      end
+      new Params, param_depth_limit
     end
-    attr_reader :key_space_limit, :param_depth_limit
+    attr_reader :param_depth_limit
+    def initialize(params_class, _key_space_limit=(not_deprecated = true; nil), param_depth_limit)
+      unless not_deprecated
+        warn("`second argument `key_space limit` is deprecated and no longer has an effect. Please call with only two arguments, which will be required in a future version of Rack", uplevel: 1)
+      end
-    def initialize(params_class, key_space_limit, param_depth_limit)
       @params_class = params_class
-      @key_space_limit = key_space_limit
       @param_depth_limit = param_depth_limit
     end
     # Stolen from Mongrel, with some small modifications:
-    # Parses a query string by breaking it up at the '&'
-    # and ';' characters.  You can also use this to parse
-    # cookies by changing the characters used in the second
-    # parameter (which defaults to '&;').
-    def parse_query(qs, d = nil, &unescaper)
+    # Parses a query string by breaking it up at the '&'.  You can also use this
+    # to parse cookies by changing the characters used in the second parameter
+    # (which defaults to '&').
+    def parse_query(qs, separator = nil, &unescaper)
       unescaper ||= method(:unescape)
       params = make_params
-      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+      (qs || '').split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
         next if p.empty?
-        k, v = p.split('='.freeze, 2).map!(&unescaper)
+        k, v = p.split('=', 2).map!(&unescaper)
         if cur = params[k]
           if cur.class == Array
@@ -49,7 +61,7 @@ module Rack
         end
       end
-      return params.to_params_hash
+      return params.to_h
     end
     # parse_nested_query expands a query string into structural types. Supported
@@ -57,75 +69,107 @@ module Rack
     # query strings with parameters of conflicting types, in this case a
     # ParameterTypeError is raised. Users are encouraged to return a 400 in this
     # case.
-    def parse_nested_query(qs, d = nil)
-      return {} if qs.nil? || qs.empty?
+    def parse_nested_query(qs, separator = nil)
       params = make_params
-      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
-        k, v = p.split('='.freeze, 2).map! { |s| unescape(s) }
+      unless qs.nil? || qs.empty?
+        (qs || '').split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
+          k, v = p.split('=', 2).map! { |s| unescape(s) }
-        normalize_params(params, k, v, param_depth_limit)
+          _normalize_params(params, k, v, 0)
+        end
       end
-      return params.to_params_hash
+      return params.to_h
     rescue ArgumentError => e
-      raise InvalidParameterError, e.message
+      raise InvalidParameterError, e.message, e.backtrace
     end
     # normalize_params recursively expands parameters into structural types. If
     # the structural types represented by two different parameter names are in
-    # conflict, a ParameterTypeError is raised.
-    def normalize_params(params, name, v, depth)
-      raise RangeError if depth <= 0
-      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
-      k = $1 || ''.freeze
-      after = $' || ''.freeze
+    # conflict, a ParameterTypeError is raised.  The depth argument is deprecated
+    # and should no longer be used, it is kept for backwards compatibility with
+    # earlier versions of rack.
+    def normalize_params(params, name, v, _depth=nil)
+      _normalize_params(params, name, v, 0)
+    end
-      if k.empty?
-        if !v.nil? && name == "[]".freeze
-          return Array(v)
+    private def _normalize_params(params, name, v, depth)
+      raise ParamsTooDeepError if depth >= param_depth_limit
+      if !name
+        # nil name, treat same as empty string (required by tests)
+        k = after = ''
+      elsif depth == 0
+        # Start of parsing, don't treat [] or [ at start of string specially
+        if start = name.index('[', 1)
+          # Start of parameter nesting, use part before brackets as key
+          k = name[0, start]
+          after = name[start, name.length]
         else
-          return
+          # Plain parameter with no nesting
+          k = name
+          after = ''
         end
+      elsif name.start_with?('[]')
+        # Array nesting
+        k = '[]'
+        after = name[2, name.length]
+      elsif name.start_with?('[') && (start = name.index(']', 1))
+        # Hash nesting, use the part inside brackets as the key
+        k = name[1, start-1]
+        after = name[start+1, name.length]
+      else
+        # Probably malformed input, nested but not starting with [
+        # treat full name as key for backwards compatibility.
+        k = name
+        after = ''
       end
-      if after == ''.freeze
-        params[k] = v
-      elsif after == "[".freeze
+      return if k.empty?
+      v ||= String.new
+      if after == ''
+        if k == '[]' && depth != 0
+          return [v]
+        else
+          params[k] = v
+        end
+      elsif after == "["
         params[name] = v
-      elsif after == "[]".freeze
+      elsif after == "[]"
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         params[k] << v
-      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
-        child_key = $1
+      elsif after.start_with?('[]')
+        # Recognize x[][y] (hash inside array) parameters
+        unless after[2] == '[' && after.end_with?(']') && (child_key = after[3, after.length-4]) && !child_key.empty? && !child_key.index('[') && !child_key.index(']')
+          # Handle other nested array parameters
+          child_key = after[2, after.length]
+        end
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
-          normalize_params(params[k].last, child_key, v, depth - 1)
+          _normalize_params(params[k].last, child_key, v, depth + 1)
         else
-          params[k] << normalize_params(make_params, child_key, v, depth - 1)
+          params[k] << _normalize_params(make_params, child_key, v, depth + 1)
         end
       else
         params[k] ||= make_params
         raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
-        params[k] = normalize_params(params[k], after, v, depth - 1)
+        params[k] = _normalize_params(params[k], after, v, depth + 1)
       end
       params
     end
     def make_params
-      @params_class.new @key_space_limit
-    end
-    def new_space_limit(key_space_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      @params_class.new
     end
     def new_depth_limit(param_depth_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      self.class.new @params_class, param_depth_limit
     end
     private
@@ -135,7 +179,7 @@ module Rack
     end
     def params_hash_has_key?(hash, key)
-      return false if key =~ /\[\]/
+      return false if /\[\]/.match?(key)
       key.split(/[\[\]]+/).inject(hash) do |h, part|
         next h if part == ''
@@ -151,8 +195,7 @@ module Rack
     end
     class Params
-      def initialize(limit)
-        @limit  = limit
+      def initialize
         @size   = 0
         @params = {}
       end
@@ -162,8 +205,6 @@ module Rack
       end
       def []=(key, value)
-        @size += key.size if key && !@params.key?(key)
-        raise RangeError, 'exceeded available parameter key space' if @size > @limit
         @params[key] = value
       end
@@ -171,22 +212,42 @@ module Rack
         @params.key?(key)
       end
-      def to_params_hash
-        hash = @params
-        hash.keys.each do |key|
-          value = hash[key]
-          if value.kind_of?(self.class)
-            if value.object_id == self.object_id
-              hash[key] = hash
-            else
-              hash[key] = value.to_params_hash
-            end
-          elsif value.kind_of?(Array)
-            value.map! {|x| x.kind_of?(self.class) ? x.to_params_hash : x}
+      # Recursively unwraps nested `Params` objects and constructs an object
+      # of the same shape, but using the objects' internal representations
+      # (Ruby hashes) in place of the objects. The result is a hash consisting
+      # purely of Ruby primitives.
+      #
+      #   Mutation warning!
+      #
+      #   1. This method mutates the internal representation of the `Params`
+      #      objects in order to save object allocations.
+      #
+      #   2. The value you get back is a reference to the internal hash
+      #      representation, not a copy.
+      #
+      #   3. Because the `Params` object's internal representation is mutable
+      #      through the `#[]=` method, it is not thread safe. The result of
+      #      getting the hash representation while another thread is adding a
+      #      key to it is non-deterministic.
+      #
+      def to_h
+        @params.each do |key, value|
+          case value
+          when self
+            # Handle circular references gracefully.
+            @params[key] = @params
+          when Params
+            @params[key] = value.to_h
+          when Array
+            value.map! { |v| v.kind_of?(Params) ? v.to_h : v }
+          else
+            # Ignore anything that is not a `Params` object or
+            # a collection that can contain one.
           end
         end
-        hash
+        @params
       end
+      alias_method :to_params_hash, :to_h
     end
   end
 end

data/lib/rack/recursive.rb CHANGED Viewed

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
 require 'uri'
+require_relative 'constants'
 module Rack
   # Rack::ForwardRequest gets caught by Rack::Recursive and redirects
   # the current request to the app at +url+.
@@ -10,14 +14,14 @@ module Rack
   class ForwardRequest < Exception
     attr_reader :url, :env
-    def initialize(url, env={})
+    def initialize(url, env = {})
       @url = URI(url)
       @env = env
-      @env[PATH_INFO] =       @url.path
-      @env[QUERY_STRING] =    @url.query  if @url.query
-      @env[HTTP_HOST] =       @url.host   if @url.host
-      @env["HTTP_PORT"] =     @url.port   if @url.port
+      @env[PATH_INFO]       = @url.path
+      @env[QUERY_STRING]    = @url.query  if @url.query
+      @env[HTTP_HOST]       = @url.host   if @url.host
+      @env[HTTP_PORT]       = @url.port   if @url.port
       @env[RACK_URL_SCHEME] = @url.scheme if @url.scheme
       super "forwarding to #{url}"

data/lib/rack/reloader.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-#          Copyright (c) 2009 Michael Fellinger m.fellinger@gmail.com
-#       Rack::Reloader is subject to the terms of an MIT-style license.
-#      See COPYING or http://www.opensource.org/licenses/mit-license.php.
+# frozen_string_literal: true
+# Copyright (C) 2009-2018 Michael Fellinger <m.fellinger@gmail.com>
+# Rack::Reloader is subject to the terms of an MIT-style license.
+# See MIT-LICENSE or https://opensource.org/licenses/MIT.
 require 'pathname'
@@ -69,7 +71,7 @@ module Rack
         paths = ['./', *$LOAD_PATH].uniq
         files.map{|file|
-          next if file =~ /\.(so|bundle)$/ # cannot reload compiled files
+          next if /\.(so|bundle)$/.match?(file) # cannot reload compiled files
           found, stat = figure_path(file, paths)
           next unless found && stat && mtime = stat.mtime