rack 3.2.2 → 3.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +53 -14
- data/lib/rack/multipart/parser.rb +1 -1
- data/lib/rack/query_parser.rb +3 -1
- data/lib/rack/request.rb +4 -1
- data/lib/rack/sendfile.rb +50 -20
- data/lib/rack/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c8830e7467cbfb11b649492479a89660919c738ea98d4903215d413b981c0ab
|
|
4
|
+
data.tar.gz: 9b5ffea244da69c22d243ebb9a8779f5b38fbe014f5a6992f181c17c2939f198
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 604e146a609767332da5dea6f4aef3e9a5dd41b15577a2fa91c6b56fccaf705f0e37b86e11532e252e1c2a70e5950e2c6a59b6d7daddd7de84f33c1946615f18
|
|
7
|
+
data.tar.gz: e1c4d36619ab862546301ce9bcd722e1a432d04d2c39988acf6df636936a1d855b75e133381af683f2a2bb4a8a9b908a2594db68cc6246dfa2d38f1f0956a71a
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,19 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
+
## [3.2.4] - 2025-11-03
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
|
|
9
|
+
- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
|
|
10
|
+
|
|
11
|
+
## [3.2.3] - 2025-10-10
|
|
12
|
+
|
|
13
|
+
### Security
|
|
14
|
+
|
|
15
|
+
- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
|
|
16
|
+
- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
|
|
17
|
+
|
|
5
18
|
## [3.2.2] - 2025-10-07
|
|
6
19
|
|
|
7
20
|
### Security
|
|
@@ -67,6 +80,19 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
|
|
|
67
80
|
- `SERVER_NAME` and `HTTP_HOST` are now more strictly validated according to the relevant specifications. ([#2298](https://github.com/rack/rack/pull/2298), [@ioquatix])
|
|
68
81
|
- `Rack::Lint` now disallows `PATH_INFO="" SCRIPT_NAME=""`. ([#2298](https://github.com/rack/rack/issues/2307), [@jeremyevans])
|
|
69
82
|
|
|
83
|
+
## [3.1.19] - 2025-11-03
|
|
84
|
+
|
|
85
|
+
### Fixed
|
|
86
|
+
|
|
87
|
+
- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
|
|
88
|
+
|
|
89
|
+
## [3.1.18] - 2025-10-10
|
|
90
|
+
|
|
91
|
+
### Security
|
|
92
|
+
|
|
93
|
+
- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
|
|
94
|
+
- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
|
|
95
|
+
|
|
70
96
|
## [3.1.17] - 2025-10-07
|
|
71
97
|
|
|
72
98
|
### Security
|
|
@@ -91,7 +117,7 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
|
|
|
91
117
|
|
|
92
118
|
### Security
|
|
93
119
|
|
|
94
|
-
- [CVE-2025-46727](https://github.com/
|
|
120
|
+
- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
|
|
95
121
|
|
|
96
122
|
## [3.1.13] - 2025-04-13
|
|
97
123
|
|
|
@@ -101,19 +127,19 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
|
|
|
101
127
|
|
|
102
128
|
### Security
|
|
103
129
|
|
|
104
|
-
- [CVE-2025-27610](https://github.com/
|
|
130
|
+
- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
|
|
105
131
|
|
|
106
132
|
## [3.1.11] - 2025-03-04
|
|
107
133
|
|
|
108
134
|
### Security
|
|
109
135
|
|
|
110
|
-
- [CVE-2025-27111](https://github.com/
|
|
136
|
+
- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
|
|
111
137
|
|
|
112
138
|
## [3.1.10] - 2025-02-12
|
|
113
139
|
|
|
114
140
|
### Security
|
|
115
141
|
|
|
116
|
-
- [CVE-2025-25184](https://github.com/
|
|
142
|
+
- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
|
|
117
143
|
|
|
118
144
|
## [3.1.9] - 2025-01-31
|
|
119
145
|
|
|
@@ -146,7 +172,7 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
|
|
|
146
172
|
|
|
147
173
|
### Security
|
|
148
174
|
|
|
149
|
-
- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/
|
|
175
|
+
- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
|
|
150
176
|
|
|
151
177
|
## [3.1.4] - 2024-06-22
|
|
152
178
|
|
|
@@ -238,7 +264,7 @@ This release is primarily a maintenance release that removes features deprecated
|
|
|
238
264
|
|
|
239
265
|
### Security
|
|
240
266
|
|
|
241
|
-
- [CVE-2025-46727](https://github.com/
|
|
267
|
+
- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
|
|
242
268
|
|
|
243
269
|
## [3.0.15] - 2025-04-13
|
|
244
270
|
|
|
@@ -248,13 +274,13 @@ This release is primarily a maintenance release that removes features deprecated
|
|
|
248
274
|
|
|
249
275
|
### Security
|
|
250
276
|
|
|
251
|
-
- [CVE-2025-27610](https://github.com/
|
|
277
|
+
- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
|
|
252
278
|
|
|
253
279
|
## [3.0.13] - 2025-03-04
|
|
254
280
|
|
|
255
281
|
### Security
|
|
256
282
|
|
|
257
|
-
- [CVE-2025-27111](https://github.com/
|
|
283
|
+
- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
|
|
258
284
|
|
|
259
285
|
### Fixed
|
|
260
286
|
|
|
@@ -264,7 +290,7 @@ This release is primarily a maintenance release that removes features deprecated
|
|
|
264
290
|
|
|
265
291
|
### Security
|
|
266
292
|
|
|
267
|
-
- [CVE-2025-25184](https://github.com/
|
|
293
|
+
- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
|
|
268
294
|
|
|
269
295
|
## [3.0.11] - 2024-05-10
|
|
270
296
|
|
|
@@ -444,6 +470,19 @@ This release introduces major improvements to Rack, including enhanced support f
|
|
|
444
470
|
- Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
|
|
445
471
|
- `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
|
|
446
472
|
|
|
473
|
+
## [2.2.21] - 2025-11-03
|
|
474
|
+
|
|
475
|
+
### Fixed
|
|
476
|
+
|
|
477
|
+
- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
|
|
478
|
+
|
|
479
|
+
## [2.2.20] - 2025-10-10
|
|
480
|
+
|
|
481
|
+
### Security
|
|
482
|
+
|
|
483
|
+
- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
|
|
484
|
+
- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
|
|
485
|
+
|
|
447
486
|
## [2.2.19] - 2025-10-07
|
|
448
487
|
|
|
449
488
|
### Security
|
|
@@ -456,7 +495,7 @@ This release introduces major improvements to Rack, including enhanced support f
|
|
|
456
495
|
|
|
457
496
|
### Security
|
|
458
497
|
|
|
459
|
-
- [CVE-2025-59830](https://github.com/
|
|
498
|
+
- [CVE-2025-59830](https://github.com/advisories/GHSA-625h-95r8-8xpm) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion via semicolon-separated parameters.
|
|
460
499
|
|
|
461
500
|
## [2.2.17] - 2025-06-03
|
|
462
501
|
|
|
@@ -476,25 +515,25 @@ This release introduces major improvements to Rack, including enhanced support f
|
|
|
476
515
|
|
|
477
516
|
### Security
|
|
478
517
|
|
|
479
|
-
- [CVE-2025-46727](https://github.com/
|
|
518
|
+
- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
|
|
480
519
|
|
|
481
520
|
## [2.2.13] - 2025-03-11
|
|
482
521
|
|
|
483
522
|
### Security
|
|
484
523
|
|
|
485
|
-
- [CVE-2025-27610](https://github.com/
|
|
524
|
+
- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
|
|
486
525
|
|
|
487
526
|
## [2.2.12] - 2025-03-04
|
|
488
527
|
|
|
489
528
|
### Security
|
|
490
529
|
|
|
491
|
-
- [CVE-2025-27111](https://github.com/
|
|
530
|
+
- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
|
|
492
531
|
|
|
493
532
|
## [2.2.11] - 2025-02-12
|
|
494
533
|
|
|
495
534
|
### Security
|
|
496
535
|
|
|
497
|
-
- [CVE-2025-25184](https://github.com/
|
|
536
|
+
- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
|
|
498
537
|
|
|
499
538
|
## [2.2.10] - 2024-10-14
|
|
500
539
|
|
|
@@ -451,7 +451,7 @@ module Rack
|
|
|
451
451
|
else
|
|
452
452
|
# We raise if the mime part header is too large, to avoid unbounded memory
|
|
453
453
|
# buffering. Note that the actual limit is the higher of 64KB and the buffer size (1MB by default)
|
|
454
|
-
raise Error, "multipart mime part header too large" if @sbuf.
|
|
454
|
+
raise Error, "multipart mime part header too large" if @sbuf.rest.bytesize > MIME_HEADER_BYTESIZE_LIMIT
|
|
455
455
|
|
|
456
456
|
return :want_read
|
|
457
457
|
end
|
data/lib/rack/query_parser.rb
CHANGED
|
@@ -57,6 +57,8 @@ module Rack
|
|
|
57
57
|
PARAMS_LIMIT = env_int.call("RACK_QUERY_PARSER_PARAMS_LIMIT", 4096)
|
|
58
58
|
private_constant :PARAMS_LIMIT
|
|
59
59
|
|
|
60
|
+
attr_reader :bytesize_limit
|
|
61
|
+
|
|
60
62
|
def initialize(params_class, param_depth_limit, bytesize_limit: BYTESIZE_LIMIT, params_limit: PARAMS_LIMIT)
|
|
61
63
|
@params_class = params_class
|
|
62
64
|
@param_depth_limit = param_depth_limit
|
|
@@ -221,7 +223,7 @@ module Rack
|
|
|
221
223
|
return if !qs || qs.empty?
|
|
222
224
|
|
|
223
225
|
if qs.bytesize > @bytesize_limit
|
|
224
|
-
raise QueryLimitError, "total query size
|
|
226
|
+
raise QueryLimitError, "total query size exceeds limit (#{@bytesize_limit})"
|
|
225
227
|
end
|
|
226
228
|
|
|
227
229
|
pairs = qs.split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP, @params_limit + 1)
|
data/lib/rack/request.rb
CHANGED
|
@@ -513,7 +513,10 @@ module Rack
|
|
|
513
513
|
if pairs = Rack::Multipart.parse_multipart(env, Rack::Multipart::ParamList)
|
|
514
514
|
set_header RACK_REQUEST_FORM_PAIRS, pairs
|
|
515
515
|
else
|
|
516
|
-
|
|
516
|
+
# Add 2 bytes. One to check whether it is over the limit, and a second
|
|
517
|
+
# in case the slice! call below removes the last byte
|
|
518
|
+
# If read returns nil, use the empty string
|
|
519
|
+
form_vars = get_header(RACK_INPUT).read(query_parser.bytesize_limit + 2) || ''
|
|
517
520
|
|
|
518
521
|
# Fix for Safari Ajax postings that always append \0
|
|
519
522
|
# form_vars.sub!(/\0\z/, '') # performance replacement:
|
data/lib/rack/sendfile.rb
CHANGED
|
@@ -16,21 +16,21 @@ module Rack
|
|
|
16
16
|
# delivery code.
|
|
17
17
|
#
|
|
18
18
|
# In order to take advantage of this middleware, the response body must
|
|
19
|
-
# respond to +to_path+ and the request must include an x-sendfile-type
|
|
19
|
+
# respond to +to_path+ and the request must include an `x-sendfile-type`
|
|
20
20
|
# header. Rack::Files and other components implement +to_path+ so there's
|
|
21
|
-
# rarely anything you need to do in your application. The x-sendfile-type
|
|
21
|
+
# rarely anything you need to do in your application. The `x-sendfile-type`
|
|
22
22
|
# header is typically set in your web servers configuration. The following
|
|
23
23
|
# sections attempt to document
|
|
24
24
|
#
|
|
25
25
|
# === Nginx
|
|
26
26
|
#
|
|
27
|
-
# Nginx supports the x-accel-redirect header. This is similar to x-sendfile
|
|
27
|
+
# Nginx supports the `x-accel-redirect` header. This is similar to `x-sendfile`
|
|
28
28
|
# but requires parts of the filesystem to be mapped into a private URL
|
|
29
29
|
# hierarchy.
|
|
30
30
|
#
|
|
31
31
|
# The following example shows the Nginx configuration required to create
|
|
32
|
-
# a private "/files/" area, enable x-accel-redirect
|
|
33
|
-
# x-
|
|
32
|
+
# a private "/files/" area, enable `x-accel-redirect`, and pass the special
|
|
33
|
+
# `x-accel-mapping` header to the backend:
|
|
34
34
|
#
|
|
35
35
|
# location ~ /files/(.*) {
|
|
36
36
|
# internal;
|
|
@@ -44,24 +44,29 @@ module Rack
|
|
|
44
44
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
45
45
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
46
46
|
#
|
|
47
|
-
# proxy_set_header x-sendfile-type x-accel-redirect;
|
|
48
47
|
# proxy_set_header x-accel-mapping /var/www/=/files/;
|
|
49
48
|
#
|
|
50
49
|
# proxy_pass http://127.0.0.1:8080/;
|
|
51
50
|
# }
|
|
52
51
|
#
|
|
53
|
-
#
|
|
54
|
-
# The x-accel-mapping header should specify the location on the file system,
|
|
52
|
+
# The `x-accel-mapping` header should specify the location on the file system,
|
|
55
53
|
# followed by an equals sign (=), followed name of the private URL pattern
|
|
56
54
|
# that it maps to. The middleware performs a simple substitution on the
|
|
57
55
|
# resulting path.
|
|
58
56
|
#
|
|
57
|
+
# To enable `x-accel-redirect`, you must configure the middleware explicitly:
|
|
58
|
+
#
|
|
59
|
+
# use Rack::Sendfile, "x-accel-redirect"
|
|
60
|
+
#
|
|
61
|
+
# For security reasons, the `x-sendfile-type` header from requests is ignored.
|
|
62
|
+
# The sendfile variation must be set via the middleware constructor.
|
|
63
|
+
#
|
|
59
64
|
# See Also: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile
|
|
60
65
|
#
|
|
61
66
|
# === lighttpd
|
|
62
67
|
#
|
|
63
|
-
# Lighttpd has supported some variation of the x-sendfile header for some
|
|
64
|
-
# time, although only recent version support x-sendfile in a reverse proxy
|
|
68
|
+
# Lighttpd has supported some variation of the `x-sendfile` header for some
|
|
69
|
+
# time, although only recent version support `x-sendfile` in a reverse proxy
|
|
65
70
|
# configuration.
|
|
66
71
|
#
|
|
67
72
|
# $HTTP["host"] == "example.com" {
|
|
@@ -83,7 +88,7 @@ module Rack
|
|
|
83
88
|
#
|
|
84
89
|
# === Apache
|
|
85
90
|
#
|
|
86
|
-
# x-sendfile is supported under Apache 2.x using a separate module:
|
|
91
|
+
# `x-sendfile` is supported under Apache 2.x using a separate module:
|
|
87
92
|
#
|
|
88
93
|
# https://tn123.org/mod_xsendfile/
|
|
89
94
|
#
|
|
@@ -97,16 +102,28 @@ module Rack
|
|
|
97
102
|
# === Mapping parameter
|
|
98
103
|
#
|
|
99
104
|
# The third parameter allows for an overriding extension of the
|
|
100
|
-
# x-accel-mapping header. Mappings should be provided in tuples of internal to
|
|
105
|
+
# `x-accel-mapping` header. Mappings should be provided in tuples of internal to
|
|
101
106
|
# external. The internal values may contain regular expression syntax, they
|
|
102
107
|
# will be matched with case indifference.
|
|
108
|
+
#
|
|
109
|
+
# When `x-accel-redirect` is explicitly enabled via the variation parameter,
|
|
110
|
+
# and no application-level mappings are provided, the middleware will read
|
|
111
|
+
# the `x-accel-mapping` header from the proxy. This allows nginx to control
|
|
112
|
+
# the path mapping without requiring application-level configuration.
|
|
113
|
+
#
|
|
114
|
+
# === Security
|
|
115
|
+
#
|
|
116
|
+
# For security reasons, the `x-sendfile-type` header from HTTP requests is
|
|
117
|
+
# ignored. The sendfile variation must be explicitly configured via the
|
|
118
|
+
# middleware constructor to prevent information disclosure vulnerabilities
|
|
119
|
+
# where attackers could bypass proxy restrictions.
|
|
103
120
|
|
|
104
121
|
class Sendfile
|
|
105
122
|
def initialize(app, variation = nil, mappings = [])
|
|
106
123
|
@app = app
|
|
107
124
|
@variation = variation
|
|
108
125
|
@mappings = mappings.map do |internal, external|
|
|
109
|
-
[
|
|
126
|
+
[/\A#{internal}/i, external]
|
|
110
127
|
end
|
|
111
128
|
end
|
|
112
129
|
|
|
@@ -145,22 +162,35 @@ module Rack
|
|
|
145
162
|
end
|
|
146
163
|
|
|
147
164
|
private
|
|
165
|
+
|
|
148
166
|
def variation(env)
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
167
|
+
# Note: HTTP_X_SENDFILE_TYPE is intentionally NOT read for security reasons.
|
|
168
|
+
# Attackers could use this header to enable x-accel-redirect and bypass proxy restrictions.
|
|
169
|
+
@variation || env['sendfile.type']
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
def x_accel_mapping(env)
|
|
173
|
+
# Only allow header when:
|
|
174
|
+
# 1. `x-accel-redirect` is explicitly enabled via constructor.
|
|
175
|
+
# 2. No application-level mappings are configured.
|
|
176
|
+
return nil unless @variation =~ /x-accel-redirect/i
|
|
177
|
+
return nil if @mappings.any?
|
|
178
|
+
|
|
179
|
+
env['HTTP_X_ACCEL_MAPPING']
|
|
152
180
|
end
|
|
153
181
|
|
|
154
182
|
def map_accel_path(env, path)
|
|
155
183
|
if mapping = @mappings.find { |internal, _| internal =~ path }
|
|
156
|
-
path.sub(*mapping)
|
|
157
|
-
elsif mapping = env
|
|
184
|
+
return path.sub(*mapping)
|
|
185
|
+
elsif mapping = x_accel_mapping(env)
|
|
186
|
+
# Safe to use header: explicit config + no app mappings:
|
|
158
187
|
mapping.split(',').map(&:strip).each do |m|
|
|
159
188
|
internal, external = m.split('=', 2).map(&:strip)
|
|
160
|
-
new_path = path.sub(
|
|
189
|
+
new_path = path.sub(/\A#{internal}/i, external)
|
|
161
190
|
return new_path unless path == new_path
|
|
162
191
|
end
|
|
163
|
-
|
|
192
|
+
|
|
193
|
+
return path
|
|
164
194
|
end
|
|
165
195
|
end
|
|
166
196
|
end
|
data/lib/rack/version.rb
CHANGED