RubyGems - rack - Versions diffs - 2.1.1 → 2.1.3 - Mend

rack 2.1.1 → 2.1.3

This version of rack might be problematic. Click here for more details.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c636b399e2635a9c09098c5b9c7bc47488b2184d0283d21853616862bbadacd
-  data.tar.gz: fc4e151fe86e0752616e3e42b01f7f730250ab6cc55dc1bbe3452ed7bc92b507
+  metadata.gz: 83025be71b5d57dbb184eb3d2364c727dad01c2214f683377dec5fdb3de0bc7d
+  data.tar.gz: c672e59748bb0b5412f017260168b7cd718f99c6bc7fc7ec2fd374d21b5dc7e3
 SHA512:
-  metadata.gz: 416fca4689a96df477d6b90978470c34c68facfa7ce1ee48cc1956f47e9f7379d906ae661b1c78ff14ff565c19f16ca28e5dcbfef18e9f87c36f7fb5d781d54f
-  data.tar.gz: 8d400ae00dae63dc5afcb84aef13598b95892dce2d9bd3d2662da64c22dc97e28d30b125692c71547b0d41e44fb1628d1eba9cf5e42a834502353c7730acd872
+  metadata.gz: 9e3eecfe73f0dc2def1653c47d84dc9d044395ffed4a4021ac5dfd565267f214264c06efec8ef84fec3159a0e793acf6190ecf151280ab544cbb852eb32db168
+  data.tar.gz: 9c64bdf7f521ef19170025a24627f0e59ea3f18be605da7e623027928f153c1a3a71fc001695d52e99d153a3d50f11ef9b13c11223c3245bbf0a5cc3f10f2e57

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## [2.1.2] - 2020-01-27
+- Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster))
+- Fix `Rack::Builder#use` with keyword arguments ([@kamipo](https://github.com/kamipo))
+- Skip deflating in Rack::Deflater if Content-Length is 0 ([@jeremyevans](https://github.com/jeremyevans))
+- Remove `SessionHash#transform_keys`, no longer needed ([@pavel](https://github.com/pavel))
+- Add to_hash to wrap Hash and Session classes ([@oleh-demyanyuk](https://github.com/oleh-demyanyuk))
+- Handle case where session id key is requested but missing ([@jeremyevans](https://github.com/jeremyevans))
 ## [2.1.1] - 2020-01-12
 - Remove `Rack::Chunked` from `Rack::Server` default middleware. ([#1475](https://github.com/rack/rack/pull/1475), [@ioquatix](https://github.com/ioquatix))

data/lib/rack.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Rack
     VERSION.join(".")
   end
-  RELEASE = "2.1.1"
+  RELEASE = "2.1.3"
   # Return the Rack release as a dotted string.
   def self.release

data/lib/rack/builder.rb CHANGED Viewed

@@ -101,6 +101,7 @@ module Rack
       end
       @use << proc { |app| middleware.new(app, *args, &block) }
     end
+    ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
     # Takes an argument that is an object that responds to #call and returns a Rack response.
     # The simplest form of this is a lambda object:

data/lib/rack/deflater.rb CHANGED Viewed

@@ -124,6 +124,10 @@ module Rack
       # Skip if @condition lambda is given and evaluates to false
       return false if @condition && !@condition.call(env, status, headers, body)
+      # No point in compressing empty body, also handles usage with
+      # Rack::Sendfile.
+      return false if headers[CONTENT_LENGTH] == '0'
       true
     end
   end

data/lib/rack/directory.rb CHANGED Viewed

@@ -106,13 +106,12 @@ table { width:100%%; }
     def list_directory(path_info, path, script_name)
       files = [['../', 'Parent Directory', '', '', '']]
-      glob = ::File.join(path, '*')
       url_head = (script_name.split('/') + path_info.split('/')).map do |part|
         Rack::Utils.escape_path part
       end
-      Dir[glob].sort.each do |node|
+      Dir.entries(path).reject { |e| e.start_with?('.') }.sort.each do |node|
         stat = stat(node)
         next unless stat
         basename = ::File.basename(node)

data/lib/rack/multipart/parser.rb CHANGED Viewed

@@ -185,7 +185,7 @@ module Rack
         @collector = Collector.new tempfile
         @sbuf = StringScanner.new("".dup)
-        @body_regex = /(.*?)(#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/m
+        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
         @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
@@ -268,8 +268,8 @@ module Rack
       end
       def handle_mime_body
-        if @sbuf.check_until(@body_regex) # check but do not advance the pointer yet
-          body = @sbuf[1]
+        if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
+          body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
           @collector.on_mime_body @mime_index, body
           @sbuf.pos += body.length + 2 # skip \r\n after the content
           @state = :CONSUME_TOKEN

data/lib/rack/session/abstract/id.rb CHANGED Viewed

@@ -56,14 +56,6 @@ module Rack
           end
         } unless {}.respond_to?(:transform_keys)
-        def transform_keys(&block)
-          hash = dup
-          each do |key, value|
-            hash[block.call(key)] = value
-          end
-          hash
-        end
         include Enumerable
         attr_writer :id
@@ -209,7 +201,7 @@ module Rack
         end
         def stringify_keys(other)
-          other.transform_keys(&:to_s)
+          other.to_hash.transform_keys(&:to_s)
         end
       end
@@ -460,7 +452,7 @@ module Rack
           def [](key)
             if key == "session_id"
               load_for_read!
-              id.public_id
+              id.public_id if id
             else
               super
             end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.3
 platform: ruby
 authors:
 - Leah Neukirchen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-11 00:00:00.000000000 Z
+date: 2020-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest