rack 2.2.8 → 3.0.9.1

data/lib/rack/multipart/generator.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'uploaded_file'
+
 module Rack
   module Multipart
     class Generator
@@ -74,12 +76,12 @@ module Rack
 
       def content_for_tempfile(io, file, name)
         length = ::File.stat(file.path).size if file.path
-        filename = "; filename=\"#{Utils.escape(file.original_filename)}\"" if file.original_filename
+        filename = "; filename=\"#{Utils.escape_path(file.original_filename)}\""
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"#{filename}\r
-Content-Type: #{file.content_type}\r
-#{"Content-Length: #{length}\r\n" if length}\r
+content-disposition: form-data; name="#{name}"#{filename}\r
+content-type: #{file.content_type}\r
+#{"content-length: #{length}\r\n" if length}\r
 #{io.read}\r
 EOF
       end
@@ -87,7 +89,7 @@ EOF
       def content_for_other(file, name)
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"\r
+content-disposition: form-data; name="#{name}"\r
 \r
 #{file}\r
 EOF

data/lib/rack/multipart/parser.rb

@@ -2,24 +2,54 @@
 
 require 'strscan'
 
+require_relative '../utils'
+
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
+
     class MultipartTotalPartLimitError < StandardError; end
 
-    class Parser
-      (require_relative '../core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
+    # Use specific error class when parsing multipart request
+    # that ends early.
+    class EmptyContentError < ::EOFError; end
+
+    # Base class for multipart exceptions that do not subclass from
+    # other exception classes for backwards compatibility.
+    class Error < StandardError; end
+
+    EOL = "\r\n"
+    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
+    TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
+    CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
+    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+    BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
+    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
+    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    # Updated definitions from RFC 2231
+    ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
+    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
+    SECTION = /\*[0-9]+/
+    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
+    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
+    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
+    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
+    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
+    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
+    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
+    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
+    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
+    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
+    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
 
+    class Parser
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
       TEMPFILE_FACTORY = lambda { |filename, content_type|
-        extension = ::File.extname(filename.gsub("\0", '%00'))[0, 129]
-
-        Tempfile.new(["RackMultipart", extension])
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
       }
 
-      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
-
       class BoundedIO # :nodoc:
         def initialize(io, content_length)
           @io             = io
@@ -41,16 +71,12 @@ module Rack
           if str
             @cursor += str.bytesize
           else
-            # Raise an error for mismatching Content-Length and actual contents
+            # Raise an error for mismatching content-length and actual contents
             raise EOFError, "bad content body"
           end
 
           str
         end
-
-        def rewind
-          @io.rewind
-        end
       end
 
       MultipartInfo = Struct.new :params, :tmp_files
@@ -69,18 +95,17 @@ module Rack
         boundary = parse_boundary content_type
         return EMPTY unless boundary
 
+        if boundary.length > 70
+          # RFC 1521 Section 7.2.1 imposes a 70 character maximum for the boundary.
+          # Most clients use no more than 55 characters.
+          raise Error, "multipart boundary size too large (#{boundary.length} characters)"
+        end
+
         io = BoundedIO.new(io, content_length) if content_length
-        outbuf = String.new
 
         parser = new(boundary, tmpfile, bufsize, qp)
-        parser.on_read io.read(bufsize, outbuf)
+        parser.parse(io)
 
-        loop do
-          break if parser.state == :DONE
-          parser.on_read io.read(bufsize, outbuf)
-        end
-
-        io.rewind
         parser.result
       end
 
@@ -180,32 +205,46 @@ module Rack
       def initialize(boundary, tempfile, bufsize, query_parser)
         @query_parser   = query_parser
         @params         = query_parser.make_params
-        @boundary       = "--#{boundary}"
         @bufsize        = bufsize
 
-        @full_boundary = @boundary
-        @end_boundary = @boundary + '--'
         @state = :FAST_FORWARD
         @mime_index = 0
         @collector = Collector.new tempfile
 
         @sbuf = StringScanner.new("".dup)
-        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
-        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @body_regex = /(?:#{EOL}|\A)--#{Regexp.quote(boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = boundary.bytesize + 6 # (\r\n-- at start, either \r\n or -- at finish)
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
 
-      def on_read(content)
-        handle_empty_content!(content)
-        @sbuf.concat content
-        run_parser
+      def parse(io)
+        outbuf = String.new
+        read_data(io, outbuf)
+
+        loop do
+          status =
+            case @state
+            when :FAST_FORWARD
+              handle_fast_forward
+            when :CONSUME_TOKEN
+              handle_consume_token
+            when :MIME_HEAD
+              handle_mime_head
+            when :MIME_BODY
+              handle_mime_body
+            else # when :DONE
+              return
+            end
+
+          read_data(io, outbuf) if status == :want_read
+        end
       end
 
       def result
         @collector.each do |part|
           part.get_data do |data|
             tag_multipart_encoding(part.filename, part.content_type, part.name, data)
-            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
+            @query_parser.normalize_params(@params, part.name, data)
           end
         end
         MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
@@ -213,29 +252,38 @@ module Rack
 
       private
 
-      def run_parser
-        loop do
-          case @state
-          when :FAST_FORWARD
-            break if handle_fast_forward == :want_read
-          when :CONSUME_TOKEN
-            break if handle_consume_token == :want_read
-          when :MIME_HEAD
-            break if handle_mime_head == :want_read
-          when :MIME_BODY
-            break if handle_mime_body == :want_read
-          when :DONE
-            break
-          end
-        end
+      def dequote(str) # From WEBrick::HTTPUtils
+        ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
+        ret.gsub!(/\\(.)/, "\\1")
+        ret
       end
 
+      def read_data(io, outbuf)
+        content = io.read(@bufsize, outbuf)
+        handle_empty_content!(content)
+        @sbuf.concat(content)
+      end
+
+      # This handles the initial parser state.  We read until we find the starting
+      # boundary, then we can transition to the next state. If we find the ending
+      # boundary, this is an invalid multipart upload, but keep scanning for opening
+      # boundary in that case. If no boundary found, we need to keep reading data
+      # and retry. It's highly unlikely the initial read will not consume the
+      # boundary.  The client would have to deliberately craft a response
+      # with the opening boundary beyond the buffer size for that to happen.
       def handle_fast_forward
-        if consume_boundary
-          @state = :MIME_HEAD
-        else
-          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
-          :want_read
+        while true
+          case consume_boundary
+          when :BOUNDARY
+            # found opening boundary, transition to next state
+            @state = :MIME_HEAD
+            return
+          when :END_BOUNDARY
+            # invalid multipart upload, but retry for opening boundary
+          else
+            # no boundary found, keep reading data
+            return :want_read
+          end
         end
       end
 
@@ -254,7 +302,7 @@ module Rack
           head = @sbuf[1]
           content_type = head[MULTIPART_CONTENT_TYPE, 1]
           if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
-            name = Rack::Auth::Digest::Params::dequote(name)
+            name = dequote(name)
           else
             name = head[MULTIPART_CONTENT_ID, 1]
           end
@@ -291,15 +339,16 @@ module Rack
         end
       end
 
-      def full_boundary; @full_boundary; end
-
+      # Scan until the we find the start or end of the boundary.
+      # If we find it, return the appropriate symbol for the start or
+      # end of the boundary.  If we don't find the start or end of the
+      # boundary, clear the buffer and return nil.
       def consume_boundary
-        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
-          case read_buffer.strip
-          when full_boundary then return :BOUNDARY
-          when @end_boundary then return :END_BOUNDARY
-          end
-          return if @sbuf.eos?
+        if read_buffer = @sbuf.scan_until(@body_regex)
+          read_buffer.end_with?(EOL) ? :BOUNDARY : :END_BOUNDARY
+        else
+          @sbuf.terminate
+          nil
         end
       end
 
@@ -309,10 +358,10 @@ module Rack
         when RFC2183
           params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
 
-          if filename = params['filename']
-            filename = $1 if filename =~ /^"(.*)"$/
-          elsif filename = params['filename*']
+          if filename = params['filename*']
             encoding, _, filename = filename.split("'", 3)
+          elsif filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
           end
         when BROKEN
           filename = $1
@@ -339,6 +388,7 @@ module Rack
       end
 
       CHARSET = "charset"
+      deprecate_constant :CHARSET
 
       def tag_multipart_encoding(filename, content_type, name, body)
         name = name.to_s
@@ -359,7 +409,13 @@ module Rack
               k.strip!
               v.strip!
               v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
-              encoding = Encoding.find v if k == CHARSET
+              if k == "charset"
+                encoding = begin
+                  Encoding.find v
+                rescue ArgumentError
+                  Encoding::BINARY
+                end
+              end
             end
           end
         end
@@ -370,7 +426,7 @@ module Rack
 
       def handle_empty_content!(content)
         if content.nil? || content.empty?
-          raise EOFError
+          raise EmptyContentError
         end
       end
     end

data/lib/rack/multipart/uploaded_file.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
+require 'tempfile'
+require 'fileutils'
+
 module Rack
   module Multipart
     class UploadedFile
+
       # The filename, *not* including the path, of the "uploaded" file
       attr_reader :original_filename
 

data/lib/rack/multipart.rb

@@ -1,64 +1,44 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+
 require_relative 'multipart/parser'
+require_relative 'multipart/generator'
 
 module Rack
   # A multipart form data parser, adapted from IOWA.
   #
   # Usually, Rack::Request#POST takes care of calling this.
   module Multipart
-    autoload :UploadedFile, 'rack/multipart/uploaded_file'
-    autoload :Generator, 'rack/multipart/generator'
-
-    EOL = "\r\n"
     MULTIPART_BOUNDARY = "AaB03x"
-    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
-    TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
-    CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
-    BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
-    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
-    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
-    # Updated definitions from RFC 2231
-    ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
-    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
-    SECTION = /\*[0-9]+/
-    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
-    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
-    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
-    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
-    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
-    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
-    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
-    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
-    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
-    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
-    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
 
     class << self
       def parse_multipart(env, params = Rack::Utils.default_query_parser)
-        extract_multipart Rack::Request.new(env), params
-      end
+        io = env[RACK_INPUT]
+
+        if content_length = env['CONTENT_LENGTH']
+          content_length = content_length.to_i
+        end
 
-      def extract_multipart(req, params = Rack::Utils.default_query_parser)
-        io = req.get_header(RACK_INPUT)
-        io.rewind
-        content_length = req.content_length
-        content_length = content_length.to_i if content_length
+        content_type = env['CONTENT_TYPE']
 
-        tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY
-        bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE
+        tempfile = env[RACK_MULTIPART_TEMPFILE_FACTORY] || Parser::TEMPFILE_FACTORY
+        bufsize = env[RACK_MULTIPART_BUFFER_SIZE] || Parser::BUFSIZE
 
-        info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params
-        req.set_header(RACK_TEMPFILES, info.tmp_files)
-        info.params
+        info = Parser.parse(io, content_length, content_type, tempfile, bufsize, params)
+        env[RACK_TEMPFILES] = info.tmp_files
+
+        return info.params
+      end
+
+      def extract_multipart(request, params = Rack::Utils.default_query_parser)
+        parse_multipart(request.env)
       end
 
       def build_multipart(params, first = true)
         Generator.new(params, first).dump
       end
     end
-
   end
 end

data/lib/rack/null_logger.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+
 module Rack
   class NullLogger
     def initialize(app)
@@ -22,6 +24,11 @@ module Rack
     def warn? ;  end
     def error? ; end
     def fatal? ; end
+    def debug! ; end
+    def error! ; end
+    def fatal! ; end
+    def info! ; end
+    def warn! ; end
     def level ; end
     def progname ; end
     def datetime_format ; end
@@ -34,6 +41,8 @@ module Rack
     def sev_threshold=(sev_threshold); end
     def close ; end
     def add(severity, message = nil, progname = nil, &block); end
+    def log(severity, message = nil, progname = nil, &block); end
     def <<(msg); end
+    def reopen(logdev = nil); end
   end
 end

data/lib/rack/query_parser.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
+require 'uri'
+
 module Rack
   class QueryParser
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
-
-    DEFAULT_SEP = /[&;] */n
+    DEFAULT_SEP = /[&] */n
     COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
 
     # ParameterTypeError is the error that is raised when incoming structural
@@ -20,29 +20,35 @@ module Rack
     # nested over the specified limit.
     class ParamsTooDeepError < RangeError; end
 
-    def self.make_default(key_space_limit, param_depth_limit)
-      new Params, key_space_limit, param_depth_limit
+    def self.make_default(_key_space_limit=(not_deprecated = true; nil), param_depth_limit)
+      unless not_deprecated
+        warn("`first argument `key_space limit` is deprecated and no longer has an effect. Please call with only one argument, which will be required in a future version of Rack", uplevel: 1)
+      end
+
+      new Params, param_depth_limit
     end
 
-    attr_reader :key_space_limit, :param_depth_limit
+    attr_reader :param_depth_limit
+
+    def initialize(params_class, _key_space_limit=(not_deprecated = true; nil), param_depth_limit)
+      unless not_deprecated
+        warn("`second argument `key_space limit` is deprecated and no longer has an effect. Please call with only two arguments, which will be required in a future version of Rack", uplevel: 1)
+      end
 
-    def initialize(params_class, key_space_limit, param_depth_limit)
       @params_class = params_class
-      @key_space_limit = key_space_limit
       @param_depth_limit = param_depth_limit
     end
 
     # Stolen from Mongrel, with some small modifications:
-    # Parses a query string by breaking it up at the '&'
-    # and ';' characters.  You can also use this to parse
-    # cookies by changing the characters used in the second
-    # parameter (which defaults to '&;').
-    def parse_query(qs, d = nil, &unescaper)
+    # Parses a query string by breaking it up at the '&'.  You can also use this
+    # to parse cookies by changing the characters used in the second parameter
+    # (which defaults to '&').
+    def parse_query(qs, separator = nil, &unescaper)
       unescaper ||= method(:unescape)
 
       params = make_params
 
-      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+      (qs || '').split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
         next if p.empty?
         k, v = p.split('=', 2).map!(&unescaper)
 
@@ -65,14 +71,14 @@ module Rack
     # query strings with parameters of conflicting types, in this case a
     # ParameterTypeError is raised. Users are encouraged to return a 400 in this
     # case.
-    def parse_nested_query(qs, d = nil)
+    def parse_nested_query(qs, separator = nil)
       params = make_params
 
       unless qs.nil? || qs.empty?
-        (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+        (qs || '').split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
           k, v = p.split('=', 2).map! { |s| unescape(s) }
 
-          normalize_params(params, k, v, param_depth_limit)
+          _normalize_params(params, k, v, 0)
         end
       end
 
@@ -83,58 +89,87 @@ module Rack
 
     # normalize_params recursively expands parameters into structural types. If
     # the structural types represented by two different parameter names are in
-    # conflict, a ParameterTypeError is raised.
-    def normalize_params(params, name, v, depth)
-      raise ParamsTooDeepError if depth <= 0
-
-      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
-      k = $1 || ''
-      after = $' || ''
+    # conflict, a ParameterTypeError is raised.  The depth argument is deprecated
+    # and should no longer be used, it is kept for backwards compatibility with
+    # earlier versions of rack.
+    def normalize_params(params, name, v, _depth=nil)
+      _normalize_params(params, name, v, 0)
+    end
 
-      if k.empty?
-        if !v.nil? && name == "[]"
-          return Array(v)
+    private def _normalize_params(params, name, v, depth)
+      raise ParamsTooDeepError if depth >= param_depth_limit
+
+      if !name
+        # nil name, treat same as empty string (required by tests)
+        k = after = ''
+      elsif depth == 0
+        # Start of parsing, don't treat [] or [ at start of string specially
+        if start = name.index('[', 1)
+          # Start of parameter nesting, use part before brackets as key
+          k = name[0, start]
+          after = name[start, name.length]
         else
-          return
+          # Plain parameter with no nesting
+          k = name
+          after = ''
         end
+      elsif name.start_with?('[]')
+        # Array nesting
+        k = '[]'
+        after = name[2, name.length]
+      elsif name.start_with?('[') && (start = name.index(']', 1))
+        # Hash nesting, use the part inside brackets as the key
+        k = name[1, start-1]
+        after = name[start+1, name.length]
+      else
+        # Probably malformed input, nested but not starting with [
+        # treat full name as key for backwards compatibility.
+        k = name
+        after = ''
       end
 
+      return if k.empty?
+
       if after == ''
-        params[k] = v
+        if k == '[]' && depth != 0
+          return [v]
+        else
+          params[k] = v
+        end
       elsif after == "["
         params[name] = v
       elsif after == "[]"
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         params[k] << v
-      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
-        child_key = $1
+      elsif after.start_with?('[]')
+        # Recognize x[][y] (hash inside array) parameters
+        unless after[2] == '[' && after.end_with?(']') && (child_key = after[3, after.length-4]) && !child_key.empty? && !child_key.index('[') && !child_key.index(']')
+          # Handle other nested array parameters
+          child_key = after[2, after.length]
+        end
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
-          normalize_params(params[k].last, child_key, v, depth - 1)
+          _normalize_params(params[k].last, child_key, v, depth + 1)
         else
-          params[k] << normalize_params(make_params, child_key, v, depth - 1)
+          params[k] << _normalize_params(make_params, child_key, v, depth + 1)
         end
       else
         params[k] ||= make_params
         raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
-        params[k] = normalize_params(params[k], after, v, depth - 1)
+        params[k] = _normalize_params(params[k], after, v, depth + 1)
       end
 
       params
     end
 
     def make_params
-      @params_class.new @key_space_limit
-    end
-
-    def new_space_limit(key_space_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      @params_class.new
     end
 
     def new_depth_limit(param_depth_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      self.class.new @params_class, param_depth_limit
     end
 
     private
@@ -155,13 +190,12 @@ module Rack
       true
     end
 
-    def unescape(s)
-      Utils.unescape(s)
+    def unescape(string, encoding = Encoding::UTF_8)
+      URI.decode_www_form_component(string, encoding)
     end
 
     class Params
-      def initialize(limit)
-        @limit  = limit
+      def initialize
         @size   = 0
         @params = {}
       end
@@ -171,8 +205,6 @@ module Rack
       end
 
       def []=(key, value)
-        @size += key.size if key && !@params.key?(key)
-        raise ParamsTooDeepError, 'exceeded available parameter key space' if @size > @limit
         @params[key] = value
       end