rack 2.2.2 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/SPEC.rdoc +9 -5
- data/lib/rack/utils.rb +6 -2
- data/lib/rack/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0b7c25cb392fb659dc54ab275c38e8d838c4357b046f59ff44698d6110129e85
|
4
|
+
data.tar.gz: 1f8fbe6d0923969234e772409a98ed6e0a5f0d10efed6a76ac80902257a5bd90
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9021496ff7dce72833074adc1963a0cc5a96bfc14a162cc56d7c54441c3f17de61804f687943a0d07ebe58399c92db540d322576010b4e47c375cdd9aec7d09d
|
7
|
+
data.tar.gz: b668e5359266b7ad36387bddd7db329968b5a38ef10290ef22da30e2f7edd082ffebc9e864cc44f09cfb51b491111d27ff1a55a3fa011ad3d45aa6374a8ccb3c
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
4
4
|
|
5
|
+
## [2.2.3] - 2020-02-11
|
6
|
+
|
7
|
+
- [CVE-2020-8184] Only decode cookie values
|
8
|
+
|
5
9
|
## [2.2.2] - 2020-02-11
|
6
10
|
|
7
11
|
### Fixed
|
data/SPEC.rdoc
CHANGED
@@ -42,17 +42,18 @@ below.
|
|
42
42
|
<tt>QUERY_STRING</tt>:: The portion of the request URL that
|
43
43
|
follows the <tt>?</tt>, if any. May be
|
44
44
|
empty, but is always required!
|
45
|
-
<tt>SERVER_NAME</tt
|
46
|
-
When combined with <tt>SCRIPT_NAME</tt> and
|
45
|
+
<tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
|
47
46
|
<tt>PATH_INFO</tt>, these variables can be
|
48
47
|
used to complete the URL. Note, however,
|
49
48
|
that <tt>HTTP_HOST</tt>, if present,
|
50
49
|
should be used in preference to
|
51
50
|
<tt>SERVER_NAME</tt> for reconstructing
|
52
51
|
the request URL.
|
53
|
-
<tt>SERVER_NAME</tt>
|
54
|
-
|
55
|
-
|
52
|
+
<tt>SERVER_NAME</tt> can never be an empty
|
53
|
+
string, and so is always required.
|
54
|
+
<tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
|
55
|
+
server is running on. Should be specified if
|
56
|
+
the server is running on a non-standard port.
|
56
57
|
<tt>HTTP_</tt> Variables:: Variables corresponding to the
|
57
58
|
client-supplied HTTP request
|
58
59
|
headers (i.e., variables whose
|
@@ -122,6 +123,9 @@ and should be prefixed uniquely. The prefix rack.
|
|
122
123
|
is reserved for use with the Rack core distribution and other
|
123
124
|
accepted specifications and must not be used otherwise.
|
124
125
|
|
126
|
+
The <tt>SERVER_PORT</tt> must be an Integer if set.
|
127
|
+
The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
|
128
|
+
The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
|
125
129
|
The environment must not contain the keys
|
126
130
|
<tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
|
127
131
|
(use the versions without <tt>HTTP_</tt>).
|
data/lib/rack/utils.rb
CHANGED
@@ -212,8 +212,12 @@ module Rack
|
|
212
212
|
# The syntax for cookie headers only supports semicolons
|
213
213
|
# User Agent -> Server ==
|
214
214
|
# Cookie: SID=31d4d96e407aad42; lang=en-US
|
215
|
-
|
216
|
-
|
215
|
+
return {} unless header
|
216
|
+
header.split(/[;] */n).each_with_object({}) do |cookie, cookies|
|
217
|
+
next if cookie.empty?
|
218
|
+
key, value = cookie.split('=', 2)
|
219
|
+
cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)
|
220
|
+
end
|
217
221
|
end
|
218
222
|
|
219
223
|
def add_cookie_to_header(header, key, value)
|
data/lib/rack/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Leah Neukirchen
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -169,7 +169,7 @@ metadata:
|
|
169
169
|
changelog_uri: https://github.com/rack/rack/blob/master/CHANGELOG.md
|
170
170
|
documentation_uri: https://rubydoc.info/github/rack/rack
|
171
171
|
source_code_uri: https://github.com/rack/rack
|
172
|
-
post_install_message:
|
172
|
+
post_install_message:
|
173
173
|
rdoc_options: []
|
174
174
|
require_paths:
|
175
175
|
- lib
|
@@ -184,8 +184,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
184
184
|
- !ruby/object:Gem::Version
|
185
185
|
version: '0'
|
186
186
|
requirements: []
|
187
|
-
rubygems_version: 3.0.
|
188
|
-
signing_key:
|
187
|
+
rubygems_version: 3.2.0.pre1
|
188
|
+
signing_key:
|
189
189
|
specification_version: 4
|
190
190
|
summary: A modular Ruby webserver interface.
|
191
191
|
test_files: []
|