rack 2.1.1 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/rack.rb +1 -1
- data/lib/rack/builder.rb +1 -0
- data/lib/rack/deflater.rb +4 -0
- data/lib/rack/multipart/parser.rb +3 -3
- data/lib/rack/session/abstract/id.rb +2 -10
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf07380f1952c2d3ae911f2dba3cc6b03cc9270874488cbda132651f4618e928
|
|
4
|
+
data.tar.gz: d040738bea53e28625c2d9a7f4fc55e098e63890b9cf539bdacf9873b0e7a690
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ab7bed6e3272ac7441312cc407726ddc9389730289799cff762933fb464e3c162c004c1dcc40f95fcbed05c803010bffb2ce88726c751e7540d405428f09749
|
|
7
|
+
data.tar.gz: ccff9e0ea2fc4a09d549cfc4c290b2aff48cd267f323c709cc3afc6803f62763ec208dcc9a55663d7743782fc4ce1ff507e709031c261714a2dc4b04102fb498
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## [2.1.2] - 2020-01-27
|
|
2
|
+
|
|
3
|
+
- Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster))
|
|
4
|
+
- Fix `Rack::Builder#use` with keyword arguments ([@kamipo](https://github.com/kamipo))
|
|
5
|
+
- Skip deflating in Rack::Deflater if Content-Length is 0 ([@jeremyevans](https://github.com/jeremyevans))
|
|
6
|
+
- Remove `SessionHash#transform_keys`, no longer needed ([@pavel](https://github.com/pavel))
|
|
7
|
+
- Add to_hash to wrap Hash and Session classes ([@oleh-demyanyuk](https://github.com/oleh-demyanyuk))
|
|
8
|
+
- Handle case where session id key is requested but missing ([@jeremyevans](https://github.com/jeremyevans))
|
|
9
|
+
|
|
1
10
|
## [2.1.1] - 2020-01-12
|
|
2
11
|
|
|
3
12
|
- Remove `Rack::Chunked` from `Rack::Server` default middleware. ([#1475](https://github.com/rack/rack/pull/1475), [@ioquatix](https://github.com/ioquatix))
|
data/lib/rack.rb
CHANGED
data/lib/rack/builder.rb
CHANGED
|
@@ -101,6 +101,7 @@ module Rack
|
|
|
101
101
|
end
|
|
102
102
|
@use << proc { |app| middleware.new(app, *args, &block) }
|
|
103
103
|
end
|
|
104
|
+
ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
|
|
104
105
|
|
|
105
106
|
# Takes an argument that is an object that responds to #call and returns a Rack response.
|
|
106
107
|
# The simplest form of this is a lambda object:
|
data/lib/rack/deflater.rb
CHANGED
|
@@ -124,6 +124,10 @@ module Rack
|
|
|
124
124
|
# Skip if @condition lambda is given and evaluates to false
|
|
125
125
|
return false if @condition && !@condition.call(env, status, headers, body)
|
|
126
126
|
|
|
127
|
+
# No point in compressing empty body, also handles usage with
|
|
128
|
+
# Rack::Sendfile.
|
|
129
|
+
return false if headers[CONTENT_LENGTH] == '0'
|
|
130
|
+
|
|
127
131
|
true
|
|
128
132
|
end
|
|
129
133
|
end
|
|
@@ -185,7 +185,7 @@ module Rack
|
|
|
185
185
|
@collector = Collector.new tempfile
|
|
186
186
|
|
|
187
187
|
@sbuf = StringScanner.new("".dup)
|
|
188
|
-
@body_regex = /(
|
|
188
|
+
@body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
|
|
189
189
|
@rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
|
|
190
190
|
@head_regex = /(.*?#{EOL})#{EOL}/m
|
|
191
191
|
end
|
|
@@ -268,8 +268,8 @@ module Rack
|
|
|
268
268
|
end
|
|
269
269
|
|
|
270
270
|
def handle_mime_body
|
|
271
|
-
if @sbuf.check_until(@body_regex) # check but do not advance the pointer yet
|
|
272
|
-
body = @
|
|
271
|
+
if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
|
|
272
|
+
body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
|
|
273
273
|
@collector.on_mime_body @mime_index, body
|
|
274
274
|
@sbuf.pos += body.length + 2 # skip \r\n after the content
|
|
275
275
|
@state = :CONSUME_TOKEN
|
|
@@ -56,14 +56,6 @@ module Rack
|
|
|
56
56
|
end
|
|
57
57
|
} unless {}.respond_to?(:transform_keys)
|
|
58
58
|
|
|
59
|
-
def transform_keys(&block)
|
|
60
|
-
hash = dup
|
|
61
|
-
each do |key, value|
|
|
62
|
-
hash[block.call(key)] = value
|
|
63
|
-
end
|
|
64
|
-
hash
|
|
65
|
-
end
|
|
66
|
-
|
|
67
59
|
include Enumerable
|
|
68
60
|
attr_writer :id
|
|
69
61
|
|
|
@@ -209,7 +201,7 @@ module Rack
|
|
|
209
201
|
end
|
|
210
202
|
|
|
211
203
|
def stringify_keys(other)
|
|
212
|
-
other.transform_keys(&:to_s)
|
|
204
|
+
other.to_hash.transform_keys(&:to_s)
|
|
213
205
|
end
|
|
214
206
|
end
|
|
215
207
|
|
|
@@ -460,7 +452,7 @@ module Rack
|
|
|
460
452
|
def [](key)
|
|
461
453
|
if key == "session_id"
|
|
462
454
|
load_for_read!
|
|
463
|
-
id.public_id
|
|
455
|
+
id.public_id if id
|
|
464
456
|
else
|
|
465
457
|
super
|
|
466
458
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-01-
|
|
11
|
+
date: 2020-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|