rack 2.2.8 → 2.2.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06ce8687cfd4c7e0e35738d32303ed958d62615ee99624ce7fbab2f9268f58cc
-  data.tar.gz: 373ee5a240a556f70dace8667543c80329d3f990ade031b79cfb366ff5b3e051
+  metadata.gz: 24180b9a6b3542ecca924c20de2c2e7b35a752dcbf7617ad91e1bc561fe902f5
+  data.tar.gz: d63a4ba670c4c095de71d04fbed0b1db951b0c2e77b3f6f3c693a379595be1ec
 SHA512:
-  metadata.gz: e9d60d3a4798c7593a48d8bb85996c15f6fac4009d1a90a7545ca80fd38e3ed6515b17dc20f22e6052aa074de9c3502485273a6cebe0e9d6d30be596061bf1e1
-  data.tar.gz: 4331edc1a9fbcf9e61f8041bb4626cb2c89d55783aefa90628ae7bd3224f9bfd0ec859f8b9f4bb33709f0f9d66e53804f4296919f7749bd7a51d447d56d2aad6
+  metadata.gz: 7b7e807808b0cfd510b044cff94bce487e7210d66c3bece906ead9bcd7787580f8cc9c7195ff30dd939a20fa9ea8919adbc938d32f75d22c5dbe3702ff9ed634
+  data.tar.gz: 60b1ede1565fe39363bc03f7ff7402f23ee4540dd30e1ec0302b6ca7ca1e1772b746929ec036e747c5a83fd6e5c0f23e623241e5176dcb24eddb8eac2c72f2c8

data/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## Unreleased
+
+## [2.2.9] - 2023-03-21
+
+- Return empty when parsing a multi-part POST with only one end delimiter. ([#2104](https://github.com/rack/rack/pull/2104), [@alpaca-tc])
+
+## [2.2.8] - 2023-07-31
+
+- Regenerate SPEC ([#2102](https://github.com/rack/rack/pull/2102), [@skipkayhil](https://github.com/skipkayhil))
+- Limit file extension length of multipart tempfiles ([#2015](https://github.com/rack/rack/pull/2015), [@dentarg](https://github.com/dentarg))
+- Fix "undefined method DelegateClass for Rack::Session::Cookie:Class" ([#2092](https://github.com/rack/rack/pull/2092), [@onigra](https://github.com/onigra) [@dchandekstark](https://github.com/dchandekstark))
+
 ## [2.2.7] - 2023-03-13
 
 - Correct the year number in the changelog ([#2015](https://github.com/rack/rack/pull/2015), [@kimulab](https://github.com/kimulab))

data/lib/rack/media_type.rb

@@ -4,7 +4,7 @@ module Rack
   # Rack::MediaType parse media type and parameters out of content_type string
 
   class MediaType
-    SPLIT_PATTERN = %r{\s*[;,]\s*}
+    SPLIT_PATTERN = /[;,]/
 
     class << self
       # The media type (type/subtype) portion of the CONTENT_TYPE header
@@ -15,7 +15,11 @@ module Rack
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
       def type(content_type)
         return nil unless content_type
-        content_type.split(SPLIT_PATTERN, 2).first.tap &:downcase!
+        if type = content_type.split(SPLIT_PATTERN, 2).first
+          type.rstrip!
+          type.downcase!
+          type
+        end
       end
 
       # The media type parameters provided in CONTENT_TYPE as a Hash, or
@@ -27,9 +31,10 @@ module Rack
         return {} if content_type.nil?
 
         content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
+          s.strip!
           k, v = s.split('=', 2)
-
-          hsh[k.tap(&:downcase!)] = strip_doublequotes(v)
+          k.downcase!
+          hsh[k] = strip_doublequotes(v)
         end
       end
 

data/lib/rack/multipart/parser.rb

@@ -191,6 +191,7 @@ module Rack
 
         @sbuf = StringScanner.new("".dup)
         @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
+        @end_boundary_size = boundary.bytesize + 6 # (-- at start, -- at finish, EOL at end)
         @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
@@ -231,7 +232,12 @@ module Rack
       end
 
       def handle_fast_forward
-        if consume_boundary
+        tok = consume_boundary
+
+        if tok == :END_BOUNDARY && @sbuf.pos == @end_boundary_size && @sbuf.eos?
+          # stop parsing a buffer if a buffer is only an end boundary.
+          @state = :DONE
+        elsif tok
           @state = :MIME_HEAD
         else
           raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize

data/lib/rack/utils.rb

@@ -142,8 +142,8 @@ module Rack
     end
 
     def q_values(q_value_header)
-      q_value_header.to_s.split(/\s*,\s*/).map do |part|
-        value, parameters = part.split(/\s*;\s*/, 2)
+      q_value_header.to_s.split(',').map do |part|
+        value, parameters = part.split(';', 2).map(&:strip)
         quality = 1.0
         if parameters && (md = /\Aq=([\d.]+)/.match(parameters))
           quality = md[1].to_f
@@ -380,6 +380,9 @@ module Rack
         end
         ranges << (r0..r1)  if r0 <= r1
       end
+
+      return [] if ranges.map(&:size).sum > size
+
       ranges
     end
 

data/lib/rack/version.rb

@@ -20,7 +20,7 @@ module Rack
     VERSION.join(".")
   end
 
-  RELEASE = "2.2.8"
+  RELEASE = "2.2.9"
 
   # Return the Rack release as a dotted string.
   def self.release

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 2.2.8
+  version: 2.2.9
 platform: ruby
 authors:
 - Leah Neukirchen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-31 00:00:00.000000000 Z
+date: 2024-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -184,7 +184,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: A modular Ruby webserver interface.