rack 3.0.8 → 3.1.7

data/lib/rack/response.rb

@@ -31,13 +31,6 @@ module Rack
     attr_accessor :length, :status, :body
     attr_reader :headers
 
-    # Deprecated, use headers instead.
-    def header
-      warn 'Rack::Response#header is deprecated and will be removed in Rack 3.1', uplevel: 1
-
-      headers
-    end
-
     # Initialize the response object with the specified +body+, +status+
     # and +headers+.
     #
@@ -62,7 +55,7 @@ module Rack
       @status = status.to_i
 
       unless headers.is_a?(Hash)
-        warn "Providing non-hash headers to Rack::Response is deprecated and will be removed in Rack 3.1", uplevel: 1
+        raise ArgumentError, "Headers must be a Hash!"
       end
 
       @headers = Headers.new
@@ -79,7 +72,8 @@ module Rack
       if body.nil?
         @body = []
         @buffered = true
-        @length = 0
+        # Body is unspecified - it may be a buffered response, or it may be a HEAD response.
+        @length = nil
       elsif body.respond_to?(:to_str)
         @body = [body]
         @buffered = true
@@ -87,7 +81,7 @@ module Rack
       else
         @body = body
         @buffered = nil # undetermined as of yet.
-        @length = 0
+        @length = nil
       end
 
       yield self if block_given?
@@ -106,7 +100,7 @@ module Rack
       # The response body is an enumerable body and it is not allowed to have an entity body.
       @body.respond_to?(:each) && STATUS_WITH_NO_ENTITY_BODY[@status]
     end
-    
+
     # Generate a response array consistent with the requirements of the SPEC.
     # @return [Array] a 3-tuple suitable of `[status, headers, body]`
     # which is suitable to be returned from the middleware `#call(env)` method.
@@ -118,9 +112,14 @@ module Rack
         return [@status, @headers, []]
       else
         if block_given?
+          # We don't add the content-length here as the user has provided a block that can #write additional chunks to the body.
           @block = block
           return [@status, @headers, self]
         else
+          # If we know the length of the body, set the content-length header... except if we are chunked? which is a legacy special case where the body might already be encoded and thus the actual encoded body length and the content-length are likely to be different.
+          if @length && !chunked?
+            @headers[CONTENT_LENGTH] = @length.to_s
+          end
           return [@status, @headers, @body]
         end
       end
@@ -138,7 +137,9 @@ module Rack
       end
     end
 
-    # Append to body and update content-length.
+    # Append a chunk to the response body.
+    #
+    # Converts the response into a buffered response if it wasn't already.
     #
     # NOTE: Do not mix #write and direct #body access!
     #
@@ -320,27 +321,34 @@ module Rack
 
     protected
 
+      # Convert the body of this response into an internally buffered Array if possible.
+      #
+      # `@buffered` is a ternary value which indicates whether the body is buffered. It can be:
+      # * `nil` - The body has not been buffered yet.
+      # * `true` - The body is buffered as an Array instance.
+      # * `false` - The body is not buffered and cannot be buffered.
+      #
+      # @return [Boolean] whether the body is buffered as an Array instance.
       def buffered_body!
         if @buffered.nil?
           if @body.is_a?(Array)
             # The user supplied body was an array:
             @body = @body.compact
-            @body.each do |part|
-              @length += part.to_s.bytesize
-            end
+            @length = @body.sum{|part| part.bytesize}
+            @buffered = true
           elsif @body.respond_to?(:each)
             # Turn the user supplied body into a buffered array:
             body = @body
             @body = Array.new
+            @buffered = true
 
             body.each do |part|
               @writer.call(part.to_s)
             end
 
             body.close if body.respond_to?(:close)
-
-            @buffered = true
           else
+            # We don't know how to buffer the user-supplied body:
             @buffered = false
           end
         end
@@ -349,11 +357,13 @@ module Rack
       end
 
       def append(chunk)
+        chunk = chunk.dup unless chunk.frozen?
         @body << chunk
 
-        unless chunked?
+        if @length
           @length += chunk.bytesize
-          set_header(CONTENT_LENGTH, @length.to_s)
+        elsif @buffered
+          @length = chunk.bytesize
         end
 
         return chunk

data/lib/rack/show_exceptions.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'ostruct'
 require 'erb'
 
 require_relative 'constants'
@@ -19,6 +18,11 @@ module Rack
   class ShowExceptions
     CONTEXT = 7
 
+    Frame = Struct.new(:filename, :lineno, :function,
+                       :pre_context_lineno, :pre_context,
+                       :context_line, :post_context_lineno,
+                       :post_context)
+
     def initialize(app)
       @app = app
     end
@@ -79,7 +83,7 @@ module Rack
       # This double assignment is to prevent an "unused variable" warning.
       # Yes, it is dumb, but I don't like Ruby yelling at me.
       frames = frames = exception.backtrace.map { |line|
-        frame = OpenStruct.new
+        frame = Frame.new
         if line =~ /(.*?):(\d+)(:in `(.*)')?/
           frame.filename = $1
           frame.lineno = $2.to_i

data/lib/rack/utils.rb

@@ -6,6 +6,7 @@ require 'fileutils'
 require 'set'
 require 'tempfile'
 require 'time'
+require 'erb'
 
 require_relative 'query_parser'
 require_relative 'mime'
@@ -85,15 +86,6 @@ module Rack
       self.default_query_parser = self.default_query_parser.new_depth_limit(v)
     end
 
-    def self.key_space_limit
-      warn("`Rack::Utils.key_space_limit` is deprecated as this value no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
-      65536
-    end
-
-    def self.key_space_limit=(v)
-      warn("`Rack::Utils.key_space_limit=` is deprecated and no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
-    end
-
     if defined?(Process::CLOCK_MONOTONIC)
       def clock_time
         Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -143,8 +135,8 @@ module Rack
     end
 
     def q_values(q_value_header)
-      q_value_header.to_s.split(/\s*,\s*/).map do |part|
-        value, parameters = part.split(/\s*;\s*/, 2)
+      q_value_header.to_s.split(',').map do |part|
+        value, parameters = part.split(';', 2).map(&:strip)
         quality = 1.0
         if parameters && (md = /\Aq=([\d.]+)/.match(parameters))
           quality = md[1].to_f
@@ -157,9 +149,10 @@ module Rack
       return nil unless forwarded_header
       forwarded_header = forwarded_header.to_s.gsub("\n", ";")
 
-      forwarded_header.split(/\s*;\s*/).each_with_object({}) do |field, values|
-        field.split(/\s*,\s*/).each do |pair|
-          return nil unless pair =~ /\A\s*(by|for|host|proto)\s*=\s*"?([^"]+)"?\s*\Z/i
+      forwarded_header.split(';').each_with_object({}) do |field, values|
+        field.split(',').each do |pair|
+          pair = pair.split('=').map(&:strip).join('=')
+          return nil unless pair =~ /\A(by|for|host|proto)="?([^"]+)"?\Z/i
           (values[$1.downcase.to_sym] ||= []) << $2
         end
       end
@@ -183,20 +176,16 @@ module Rack
       matches&.first
     end
 
-    ESCAPE_HTML = {
-      "&" => "&amp;",
-      "<" => "&lt;",
-      ">" => "&gt;",
-      "'" => "&#x27;",
-      '"' => "&quot;",
-      "/" => "&#x2F;"
-    }
-
-    ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
-
-    # Escape ampersands, brackets and quotes to their HTML/XML entities.
-    def escape_html(string)
-      string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] }
+    # Introduced in ERB 4.0. ERB::Escape is an alias for ERB::Utils which
+    # doesn't get monkey-patched by rails
+    if defined?(ERB::Escape) && ERB::Escape.instance_method(:html_escape)
+      define_method(:escape_html, ERB::Escape.instance_method(:html_escape))
+    else
+      require 'cgi/escape'
+      # Escape ampersands, brackets and quotes to their HTML/XML entities.
+      def escape_html(string)
+        CGI.escapeHTML(string.to_s)
+      end
     end
 
     def select_best_encoding(available_encodings, accept_encoding)
@@ -251,21 +240,6 @@ module Rack
       end
     end
 
-    def add_cookie_to_header(header, key, value)
-      warn("add_cookie_to_header is deprecated and will be removed in Rack 3.1", uplevel: 1)
-
-      case header
-      when nil, ''
-        return set_cookie_header(key, value)
-      when String
-        [header, set_cookie_header(key, value)]
-      when Array
-        header + [set_cookie_header(key, value)]
-      else
-        raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
-      end
-    end
-
     # :call-seq:
     #   parse_cookies(env) -> hash
     #
@@ -279,6 +253,20 @@ module Rack
       parse_cookies_header env[HTTP_COOKIE]
     end
 
+    # A valid cookie key according to RFC2616.
+    # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
+    VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
+    private_constant :VALID_COOKIE_KEY
+
+    private def escape_cookie_key(key)
+      if key =~ VALID_COOKIE_KEY
+        key
+      else
+        warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
+        escape(key)
+      end
+    end
+
     # :call-seq:
     #   set_cookie_header(key, value) -> encoded string
     #
@@ -305,7 +293,7 @@ module Rack
     def set_cookie_header(key, value)
       case value
       when Hash
-        key = escape(key) unless value[:escape_key] == false
+        key = escape_cookie_key(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -317,23 +305,24 @@ module Rack
           when false, nil
             nil
           when :none, 'None', :None
-            '; SameSite=None'
+            '; samesite=none'
           when :lax, 'Lax', :Lax
-            '; SameSite=Lax'
+            '; samesite=lax'
           when true, :strict, 'Strict', :Strict
-            '; SameSite=Strict'
+            '; samesite=strict'
           else
-            raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
+            raise ArgumentError, "Invalid :same_site value: #{value[:same_site].inspect}"
           end
+        partitioned = "; partitioned" if value[:partitioned]
         value = value[:value]
       else
-        key = escape(key)
+        key = escape_cookie_key(key)
       end
 
       value = [value] unless Array === value
 
       return "#{key}=#{value.map { |v| escape v }.join('&')}#{domain}" \
-        "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
+        "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}#{partitioned}"
     end
 
     # :call-seq:
@@ -374,24 +363,12 @@ module Rack
       set_cookie_header(key, value.merge(max_age: '0', expires: Time.at(0), value: ''))
     end
 
-    def make_delete_cookie_header(header, key, value)
-      warn("make_delete_cookie_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-
-      delete_set_cookie_header!(header, key, value)
-    end
-
     def delete_cookie_header!(headers, key, value = {})
       headers[SET_COOKIE] = delete_set_cookie_header!(headers[SET_COOKIE], key, value)
 
       return nil
     end
 
-    def add_remove_cookie_to_header(header, key, value = {})
-      warn("add_remove_cookie_to_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-
-      delete_set_cookie_header!(header, key, value)
-    end
-
     # :call-seq:
     #   delete_set_cookie_header!(header, key, value = {}) -> header value
     #
@@ -434,6 +411,8 @@ module Rack
 
     def get_byte_ranges(http_range, size)
       # See <http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35>
+      # Ignore Range when file size is 0 to avoid a 416 error.
+      return nil if size.zero?
       return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
       $1.split(/,\s*/).each do |range_spec|
@@ -458,6 +437,9 @@ module Rack
         end
         ranges << (r0..r1)  if r0 <= r1
       end
+
+      return [] if ranges.map(&:size).sum > size
+
       ranges
     end
 
@@ -513,39 +495,12 @@ module Rack
       end
     end
 
-    # A wrapper around Headers
-    # header when set.
-    #
-    # @api private
-    class HeaderHash < Hash # :nodoc:
-      def self.[](headers)
-        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
-        if headers.is_a?(Headers) && !headers.frozen?
-          return headers
-        end
-
-        new_headers = Headers.new
-        headers.each{|k,v| new_headers[k] = v}
-        new_headers
-      end
-
-      def self.new(hash = {})
-        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
-        headers = Headers.new
-        hash.each{|k,v| headers[k] = v}
-        headers
-      end
-
-      def self.allocate
-        raise TypeError, "cannot allocate HeaderHash"
-      end
-    end
-
     # Every standard HTTP code mapped to the appropriate message.
     # Generated with:
-    #   curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv | \
-    #     ruby -ne 'm = /^(\d{3}),(?!Unassigned|\(Unused\))([^,]+)/.match($_) and \
-    #               puts "#{m[1]} => \x27#{m[2].strip}\x27,"'
+    #   curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv \
+    #     | ruby -rcsv -e "puts CSV.parse(STDIN, headers: true) \
+    #     .reject {|v| v['Description'] == 'Unassigned' or v['Description'].include? '(' } \
+    #     .map {|v| %Q/#{v['Value']} => '#{v['Description']}'/ }.join(','+?\n)"
     HTTP_STATUS_CODES = {
       100 => 'Continue',
       101 => 'Switching Protocols',
@@ -567,7 +522,6 @@ module Rack
       303 => 'See Other',
       304 => 'Not Modified',
       305 => 'Use Proxy',
-      306 => '(Unused)',
       307 => 'Temporary Redirect',
       308 => 'Permanent Redirect',
       400 => 'Bad Request',
@@ -583,13 +537,13 @@ module Rack
       410 => 'Gone',
       411 => 'Length Required',
       412 => 'Precondition Failed',
-      413 => 'Payload Too Large',
+      413 => 'Content Too Large',
       414 => 'URI Too Long',
       415 => 'Unsupported Media Type',
       416 => 'Range Not Satisfiable',
       417 => 'Expectation Failed',
       421 => 'Misdirected Request',
-      422 => 'Unprocessable Entity',
+      422 => 'Unprocessable Content',
       423 => 'Locked',
       424 => 'Failed Dependency',
       425 => 'Too Early',
@@ -597,7 +551,7 @@ module Rack
       428 => 'Precondition Required',
       429 => 'Too Many Requests',
       431 => 'Request Header Fields Too Large',
-      451 => 'Unavailable for Legal Reasons',
+      451 => 'Unavailable For Legal Reasons',
       500 => 'Internal Server Error',
       501 => 'Not Implemented',
       502 => 'Bad Gateway',
@@ -607,8 +561,6 @@ module Rack
       506 => 'Variant Also Negotiates',
       507 => 'Insufficient Storage',
       508 => 'Loop Detected',
-      509 => 'Bandwidth Limit Exceeded',
-      510 => 'Not Extended',
       511 => 'Network Authentication Required'
     }
 
@@ -616,12 +568,36 @@ module Rack
     STATUS_WITH_NO_ENTITY_BODY = Hash[((100..199).to_a << 204 << 304).product([true])]
 
     SYMBOL_TO_STATUS_CODE = Hash[*HTTP_STATUS_CODES.map { |code, message|
-      [message.downcase.gsub(/\s|-|'/, '_').to_sym, code]
+      [message.downcase.gsub(/\s|-/, '_').to_sym, code]
     }.flatten]
 
+    OBSOLETE_SYMBOLS_TO_STATUS_CODES = {
+      payload_too_large: 413,
+      unprocessable_entity: 422,
+      bandwidth_limit_exceeded: 509,
+      not_extended: 510
+    }.freeze
+    private_constant :OBSOLETE_SYMBOLS_TO_STATUS_CODES
+
+    OBSOLETE_SYMBOL_MAPPINGS = {
+      payload_too_large: :content_too_large,
+      unprocessable_entity: :unprocessable_content
+    }.freeze
+    private_constant :OBSOLETE_SYMBOL_MAPPINGS
+
     def status_code(status)
       if status.is_a?(Symbol)
-        SYMBOL_TO_STATUS_CODE.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
+        SYMBOL_TO_STATUS_CODE.fetch(status) do
+          fallback_code = OBSOLETE_SYMBOLS_TO_STATUS_CODES.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
+          message = "Status code #{status.inspect} is deprecated and will be removed in a future version of Rack."
+          if canonical_symbol = OBSOLETE_SYMBOL_MAPPINGS[status]
+            # message = "#{message} Please use #{canonical_symbol.inspect} instead."
+            # For now, let's not emit any warning when there is a mapping.
+          else
+            warn message, uplevel: 3
+          end
+          fallback_code
+        end
       else
         status.to_i
       end

data/lib/rack/version.rb

@@ -12,20 +12,7 @@
 # so it should be enough just to <tt>require 'rack'</tt> in your code.
 
 module Rack
-  # The Rack protocol version number implemented.
-  VERSION = [1, 3].freeze
-  deprecate_constant :VERSION
-
-  VERSION_STRING = "1.3".freeze
-  deprecate_constant :VERSION_STRING
-
-  # The Rack protocol version number implemented.
-  def self.version
-    warn "Rack.version is deprecated and will be removed in Rack 3.1!", uplevel: 1
-    VERSION
-  end
-
-  RELEASE = "3.0.8"
+  RELEASE = "3.1.7"
 
   # Return the Rack release as a dotted string.
   def self.release

data/lib/rack.rb

@@ -15,23 +15,21 @@ require_relative 'rack/version'
 require_relative 'rack/constants'
 
 module Rack
-  autoload :Builder, "rack/builder"
+  autoload :BadRequest, "rack/bad_request"
   autoload :BodyProxy, "rack/body_proxy"
+  autoload :Builder, "rack/builder"
   autoload :Cascade, "rack/cascade"
-  autoload :Chunked, "rack/chunked"
   autoload :CommonLogger, "rack/common_logger"
   autoload :ConditionalGet, "rack/conditional_get"
   autoload :Config, "rack/config"
   autoload :ContentLength, "rack/content_length"
   autoload :ContentType, "rack/content_type"
+  autoload :Deflater, "rack/deflater"
+  autoload :Directory, "rack/directory"
   autoload :ETag, "rack/etag"
   autoload :Events, "rack/events"
-  autoload :File, "rack/file"
   autoload :Files, "rack/files"
-  autoload :Deflater, "rack/deflater"
-  autoload :Directory, "rack/directory"
   autoload :ForwardRequest, "rack/recursive"
-  autoload :Handler, "rack/handler"
   autoload :Head, "rack/head"
   autoload :Headers, "rack/headers"
   autoload :Lint, "rack/lint"
@@ -40,32 +38,28 @@ module Rack
   autoload :MediaType, "rack/media_type"
   autoload :MethodOverride, "rack/method_override"
   autoload :Mime, "rack/mime"
+  autoload :MockRequest, "rack/mock_request"
+  autoload :MockResponse, "rack/mock_response"
+  autoload :Multipart, "rack/multipart"
   autoload :NullLogger, "rack/null_logger"
   autoload :QueryParser, "rack/query_parser"
   autoload :Recursive, "rack/recursive"
   autoload :Reloader, "rack/reloader"
+  autoload :Request, "rack/request"
+  autoload :Response, "rack/response"
   autoload :RewindableInput, "rack/rewindable_input"
   autoload :Runtime, "rack/runtime"
   autoload :Sendfile, "rack/sendfile"
-  autoload :Server, "rack/server"
   autoload :ShowExceptions, "rack/show_exceptions"
   autoload :ShowStatus, "rack/show_status"
   autoload :Static, "rack/static"
   autoload :TempfileReaper, "rack/tempfile_reaper"
   autoload :URLMap, "rack/urlmap"
   autoload :Utils, "rack/utils"
-  autoload :Multipart, "rack/multipart"
-
-  autoload :MockRequest, "rack/mock_request"
-  autoload :MockResponse, "rack/mock_response"
-
-  autoload :Request, "rack/request"
-  autoload :Response, "rack/response"
 
   module Auth
     autoload :Basic, "rack/auth/basic"
-    autoload :AbstractRequest, "rack/auth/abstract/request"
     autoload :AbstractHandler, "rack/auth/abstract/handler"
-    autoload :Digest, "rack/auth/digest"
+    autoload :AbstractRequest, "rack/auth/abstract/request"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.0.8
+  version: 3.1.7
 platform: ruby
 authors:
 - Leah Neukirchen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-14 00:00:00.000000000 Z
+date: 2024-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -89,15 +89,10 @@ files:
 - lib/rack/auth/abstract/handler.rb
 - lib/rack/auth/abstract/request.rb
 - lib/rack/auth/basic.rb
-- lib/rack/auth/digest.rb
-- lib/rack/auth/digest/md5.rb
-- lib/rack/auth/digest/nonce.rb
-- lib/rack/auth/digest/params.rb
-- lib/rack/auth/digest/request.rb
+- lib/rack/bad_request.rb
 - lib/rack/body_proxy.rb
 - lib/rack/builder.rb
 - lib/rack/cascade.rb
-- lib/rack/chunked.rb
 - lib/rack/common_logger.rb
 - lib/rack/conditional_get.rb
 - lib/rack/config.rb
@@ -108,7 +103,6 @@ files:
 - lib/rack/directory.rb
 - lib/rack/etag.rb
 - lib/rack/events.rb
-- lib/rack/file.rb
 - lib/rack/files.rb
 - lib/rack/head.rb
 - lib/rack/headers.rb
@@ -164,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: A modular Ruby webserver interface.

data/lib/rack/auth/digest/md5.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/nonce.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/params.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/request.rb

@@ -1 +0,0 @@
-require_relative '../digest'