rack 1.1.6 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack might be problematic. Click here for more details.

Files changed (105) hide show
  1. data/README +9 -205
  2. data/SPEC +3 -3
  3. data/lib/rack.rb +1 -24
  4. data/lib/rack/auth/abstract/request.rb +1 -5
  5. data/lib/rack/auth/digest/md5.rb +1 -2
  6. data/lib/rack/auth/digest/params.rb +1 -1
  7. data/lib/rack/content_length.rb +1 -1
  8. data/lib/rack/etag.rb +15 -6
  9. data/lib/rack/file.rb +3 -1
  10. data/lib/rack/handler/cgi.rb +8 -7
  11. data/lib/rack/handler/fastcgi.rb +1 -1
  12. data/lib/rack/handler/lsws.rb +1 -1
  13. data/lib/rack/handler/mongrel.rb +1 -1
  14. data/lib/rack/handler/scgi.rb +1 -4
  15. data/lib/rack/handler/webrick.rb +10 -6
  16. data/lib/rack/lint.rb +29 -37
  17. data/lib/rack/mime.rb +2 -0
  18. data/lib/rack/mock.rb +2 -1
  19. data/lib/rack/recursive.rb +4 -0
  20. data/lib/rack/request.rb +8 -6
  21. data/lib/rack/response.rb +1 -0
  22. data/lib/rack/rewindable_input.rb +13 -10
  23. data/lib/rack/sendfile.rb +8 -6
  24. data/lib/rack/server.rb +68 -9
  25. data/lib/rack/session/cookie.rb +1 -10
  26. data/lib/rack/session/memcache.rb +1 -1
  27. data/lib/rack/urlmap.rb +6 -7
  28. data/lib/rack/utils.rb +40 -71
  29. data/rack.gemspec +7 -11
  30. data/spec/cgi/lighttpd.conf +25 -0
  31. data/spec/cgi/rackup_stub.rb +6 -0
  32. data/spec/cgi/sample_rackup.ru +5 -0
  33. data/spec/cgi/test +9 -0
  34. data/spec/cgi/test.fcgi +8 -0
  35. data/spec/cgi/test.ru +5 -0
  36. data/spec/multipart/bad_robots +259 -0
  37. data/spec/multipart/binary +0 -0
  38. data/spec/multipart/empty +10 -0
  39. data/spec/multipart/fail_16384_nofile +814 -0
  40. data/spec/multipart/file1.txt +1 -0
  41. data/spec/multipart/filename_and_modification_param +7 -0
  42. data/spec/multipart/filename_with_escaped_quotes +6 -0
  43. data/spec/multipart/filename_with_escaped_quotes_and_modification_param +7 -0
  44. data/spec/multipart/filename_with_percent_escaped_quotes +6 -0
  45. data/spec/multipart/filename_with_unescaped_quotes +6 -0
  46. data/spec/multipart/ie +6 -0
  47. data/spec/multipart/nested +10 -0
  48. data/spec/multipart/none +9 -0
  49. data/spec/multipart/semicolon +6 -0
  50. data/spec/multipart/text +10 -0
  51. data/spec/rackup/config.ru +31 -0
  52. data/{test/spec_rack_auth_basic.rb → spec/spec_auth_basic.rb} +11 -14
  53. data/{test/spec_rack_auth_digest.rb → spec/spec_auth_digest.rb} +18 -27
  54. data/{test/spec_rack_builder.rb → spec/spec_builder.rb} +49 -10
  55. data/{test/spec_rack_cascade.rb → spec/spec_cascade.rb} +7 -10
  56. data/{test/spec_rack_cgi.rb → spec/spec_cgi.rb} +34 -32
  57. data/{test/spec_rack_chunked.rb → spec/spec_chunked.rb} +8 -10
  58. data/{test/spec_rack_commonlogger.rb → spec/spec_commonlogger.rb} +10 -15
  59. data/{test/spec_rack_conditionalget.rb → spec/spec_conditionalget.rb} +5 -7
  60. data/{test/spec_rack_config.rb → spec/spec_config.rb} +6 -7
  61. data/{test/spec_rack_content_length.rb → spec/spec_content_length.rb} +7 -8
  62. data/{test/spec_rack_content_type.rb → spec/spec_content_type.rb} +5 -6
  63. data/{test/spec_rack_deflater.rb → spec/spec_deflater.rb} +11 -13
  64. data/{test/spec_rack_directory.rb → spec/spec_directory.rb} +6 -10
  65. data/{test/spec_rack_etag.rb → spec/spec_etag.rb} +3 -5
  66. data/{test/spec_rack_fastcgi.rb → spec/spec_fastcgi.rb} +36 -29
  67. data/{test/spec_rack_file.rb → spec/spec_file.rb} +9 -13
  68. data/{test/spec_rack_handler.rb → spec/spec_handler.rb} +10 -12
  69. data/{test/spec_rack_head.rb → spec/spec_head.rb} +3 -3
  70. data/{test/spec_rack_lint.rb → spec/spec_lint.rb} +19 -32
  71. data/{test/spec_rack_lobster.rb → spec/spec_lobster.rb} +9 -11
  72. data/{test/spec_rack_lock.rb → spec/spec_lock.rb} +15 -17
  73. data/{test/spec_rack_logger.rb → spec/spec_logger.rb} +6 -7
  74. data/{test/spec_rack_methodoverride.rb → spec/spec_methodoverride.rb} +15 -17
  75. data/{test/spec_rack_mock.rb → spec/spec_mock.rb} +30 -32
  76. data/{test/spec_rack_mongrel.rb → spec/spec_mongrel.rb} +40 -46
  77. data/{test/spec_rack_nulllogger.rb → spec/spec_nulllogger.rb} +4 -5
  78. data/{test/spec_rack_recursive.rb → spec/spec_recursive.rb} +28 -36
  79. data/{test/spec_rack_request.rb → spec/spec_request.rb} +84 -98
  80. data/{test/spec_rack_response.rb → spec/spec_response.rb} +46 -27
  81. data/spec/spec_rewindable_input.rb +118 -0
  82. data/{test/spec_rack_runtime.rb → spec/spec_runtime.rb} +15 -11
  83. data/{test/spec_rack_sendfile.rb → spec/spec_sendfile.rb} +11 -14
  84. data/{test/spec_rack_session_cookie.rb → spec/spec_session_cookie.rb} +14 -36
  85. data/{test/spec_rack_session_memcache.rb → spec/spec_session_memcache.rb} +32 -26
  86. data/{test/spec_rack_session_pool.rb → spec/spec_session_pool.rb} +36 -31
  87. data/spec/spec_showexceptions.rb +23 -0
  88. data/spec/spec_showstatus.rb +79 -0
  89. data/{test/spec_rack_static.rb → spec/spec_static.rb} +5 -9
  90. data/{test/spec_rack_thin.rb → spec/spec_thin.rb} +30 -35
  91. data/{test/spec_rack_urlmap.rb → spec/spec_urlmap.rb} +6 -8
  92. data/{test/spec_rack_utils.rb → spec/spec_utils.rb} +134 -74
  93. data/{test/spec_rack_webrick.rb → spec/spec_webrick.rb} +28 -36
  94. data/spec/testrequest.rb +77 -0
  95. data/spec/unregistered_handler/rack/handler/unregistered.rb +7 -0
  96. data/spec/unregistered_handler/rack/handler/unregistered_long_one.rb +7 -0
  97. metadata +176 -191
  98. data/RDOX +0 -0
  99. data/lib/rack/adapter/camping.rb +0 -22
  100. data/test/spec_auth.rb +0 -57
  101. data/test/spec_rack_camping.rb +0 -55
  102. data/test/spec_rack_rewindable_input.rb +0 -118
  103. data/test/spec_rack_showexceptions.rb +0 -21
  104. data/test/spec_rack_showstatus.rb +0 -72
  105. data/test/spec_rackup.rb +0 -164
data/README CHANGED
@@ -1,4 +1,4 @@
1
- = Rack, a modular Ruby webserver interface {<img src="https://secure.travis-ci.org/rack/rack.png" alt="Build Status" />}[http://travis-ci.org/rack/rack] {<img src="https://gemnasium.com/rack/rack.png" alt="Dependency Status" />}[https://gemnasium.com/rack/rack]
1
+ = Rack, a modular Ruby webserver interface
2
2
 
3
3
  Rack provides a minimal, modular and adaptable interface for developing
4
4
  web applications in Ruby. By wrapping HTTP requests and responses in
@@ -27,11 +27,8 @@ These web servers include Rack handlers in their distributions:
27
27
  * Fuzed
28
28
  * Glassfish v3
29
29
  * Phusion Passenger (which is mod_rack for Apache and for nginx)
30
- * Puma
31
30
  * Rainbows!
32
31
  * Unicorn
33
- * unixrack
34
- * uWSGI
35
32
  * Zbatery
36
33
 
37
34
  Any valid Rack app will run the same on all these handlers, without
@@ -122,7 +119,7 @@ By default, the lobster is found at http://localhost:9292.
122
119
 
123
120
  == Installing with RubyGems
124
121
 
125
- A Gem of Rack is available at rubygems.org. You can install it with:
122
+ A Gem of Rack is available at gemcutter.org. You can install it with:
126
123
 
127
124
  gem install rack
128
125
 
@@ -133,9 +130,9 @@ at my site:
133
130
 
134
131
  == Running the tests
135
132
 
136
- Testing Rack requires the test/spec testing framework:
133
+ Testing Rack requires the bacon testing framework:
137
134
 
138
- gem install test-spec
135
+ gem install bacon
139
136
 
140
137
  There are two rake-based test tasks:
141
138
 
@@ -143,7 +140,7 @@ There are two rake-based test tasks:
143
140
  rake fulltest runs all the tests
144
141
 
145
142
  The fast testsuite has no dependencies outside of the core Ruby
146
- installation and test-spec.
143
+ installation and bacon.
147
144
 
148
145
  To run the test suite completely, you need:
149
146
 
@@ -311,202 +308,11 @@ run on port 11211) and memcache-client installed.
311
308
  * Various multipart fixes
312
309
  * Switch test suite to bacon
313
310
 
314
- * June 15th, 2010: Eleventh public release 1.2.1.
315
- * Make CGI handler rewindable
316
- * Rename spec/ to test/ to not conflict with SPEC on lesser
317
- operating systems
318
-
319
- * March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
320
- * Security fix in Rack::Auth::Digest::MD5: when authenticator
321
- returned nil, permission was granted on empty password.
322
-
323
- * May 22nd, 2011: Thirteenth public release 1.3.0
324
- * Various performance optimizations
325
- * Various multipart fixes
326
- * Various multipart refactors
327
- * Infinite loop fix for multipart
328
- * Test coverage for Rack::Server returns
329
- * Allow files with '..', but not path components that are '..'
330
- * rackup accepts handler-specific options on the command line
331
- * Request#params no longer merges POST into GET (but returns the same)
332
- * Use URI.encode_www_form_component instead. Use core methods for escaping.
333
- * Allow multi-line comments in the config file
334
- * Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
335
- * Rack::Response now deletes Content-Length when appropriate
336
- * Rack::Deflater now supports streaming
337
- * Improved Rack::Handler loading and searching
338
- * Support for the PATCH verb
339
- * env['rack.session.options'] now contains session options
340
- * Cookies respect renew
341
- * Session middleware uses SecureRandom.hex
342
-
343
- * May 22nd, 2011: Fourteenth public release 1.2.3
344
- * Pulled in relevant bug fixes from 1.3
345
- * Fixed 1.8.6 support
346
-
347
- * July 13, 2011: Fifteenth public release 1.3.1
348
- * Fix 1.9.1 support
349
- * Fix JRuby support
350
- * Properly handle $KCODE in Rack::Utils.escape
351
- * Make method_missing/respond_to behavior consistent for Rack::Lock,
352
- Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
353
- * Reenable passing rack.session to session middleware
354
- * Rack::CommonLogger handles streaming responses correctly
355
- * Rack::MockResponse calls close on the body object
356
- * Fix a DOS vector from MRI stdlib backport
357
-
358
- * July 16, 2011: Sixteenth public release 1.3.2
359
- * Fix for Rails and rack-test, Rack::Utils#escape calls to_s
360
-
361
- * Not Yet Released: Seventeenth public release 1.3.3
362
- * Fix bug with broken query parameters in Rack::ShowExceptions
363
- * Rack::Request#cookies no longer swallows exceptions on broken input
364
- * Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
365
- * Rack::ConditionalGet handles broken If-Modified-Since helpers
366
-
367
- * September 16, 2011: Eighteenth public release 1.2.4
368
- * Fix a bug with MRI regex engine to prevent XSS by malformed unicode
369
-
370
- * October 1, 2011: Nineteenth public release 1.3.4
371
- * Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
372
- * Small documentation update
373
- * Fix an issue where BodyProxy could cause an infinite recursion
374
- * Add some supporting files for travis-ci
375
-
376
- * October 17, 2011: Twentieth public release 1.3.5
377
- * Fix annoying warnings caused by the backport in 1.3.4
378
-
379
- * December 28th, 2011: Twenty first public release: 1.1.3.
380
- * Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
381
- Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
382
-
383
- * December 28th, 2011: Twenty fourth public release 1.4.0
384
- * Ruby 1.8.6 support has officially been dropped. Not all tests pass.
385
- * Raise sane error messages for broken config.ru
386
- * Allow combining run and map in a config.ru
387
- * Rack::ContentType will not set Content-Type for responses without a body
388
- * Status code 205 does not send a response body
389
- * Rack::Response::Helpers will not rely on instance variables
390
- * Rack::Utils.build_query no longer outputs '=' for nil query values
391
- * Various mime types added
392
- * Rack::MockRequest now supports HEAD
393
- * Rack::Directory now supports files that contain RFC3986 reserved chars
394
- * Rack::File now only supports GET and HEAD requests
395
- * Rack::Server#start now passes the block to Rack::Handler::<h>#run
396
- * Rack::Static now supports an index option
397
- * Added the Teapot status code
398
- * rackup now defaults to Thin instead of Mongrel (if installed)
399
- * Support added for HTTP_X_FORWARDED_SCHEME
400
- * Numerous bug fixes, including many fixes for new and alternate rubies
401
-
402
- * January 22nd, 2012: Twenty fifth public release 1.4.1
403
- * Alter the keyspace limit calculations to reduce issues with nested params
404
- * Add a workaround for multipart parsing where files contain unescaped "%"
405
- * Added Rack::Response::Helpers#method_not_allowed? (code 405)
406
- * Rack::File now returns 404 for illegal directory traversals
407
- * Rack::File now returns 405 for illegal methods (non HEAD/GET)
408
- * Rack::Cascade now catches 405 by default, as well as 404
409
- * Cookies missing '--' no longer cause an exception to be raised
410
- * Various style changes and documentation spelling errors
411
- * Rack::BodyProxy always ensures to execute its block
412
- * Additional test coverage around cookies and secrets
413
- * Rack::Session::Cookie can now be supplied either secret or old_secret
414
- * Tests are no longer dependent on set order
415
- * Rack::Static no longer defaults to serving index files
416
- * Rack.release was fixed
417
-
418
- * January 6th, 2013: Twenty sixth public release 1.1.4
419
- * Add warnings when users do not provide a session secret
420
-
421
- * January 6th, 2013: Twenty seventh public release 1.2.6
422
- * Add warnings when users do not provide a session secret
423
- * Fix parsing performance for unquoted filenames
424
-
425
- * January 6th, 2013: Twenty eighth public release 1.3.7
426
- * Add warnings when users do not provide a session secret
427
- * Fix parsing performance for unquoted filenames
428
- * Updated URI backports
429
- * Fix URI backport version matching, and silence constant warnings
430
- * Correct parameter parsing with empty values
431
- * Correct rackup '-I' flag, to allow multiple uses
432
- * Correct rackup pidfile handling
433
- * Report rackup line numbers correctly
434
- * Fix request loops caused by non-stale nonces with time limits
435
- * Fix reloader on Windows
436
- * Prevent infinite recursions from Response#to_ary
437
- * Various middleware better conforms to the body close specification
438
- * Updated language for the body close specification
439
- * Additional notes regarding ECMA escape compatibility issues
440
- * Fix the parsing of multiple ranges in range headers
441
-
442
- * January 6th, 2013: Twenty ninth public release 1.4.2
443
- * Add warnings when users do not provide a session secret
444
- * Fix parsing performance for unquoted filenames
445
- * Updated URI backports
446
- * Fix URI backport version matching, and silence constant warnings
447
- * Correct parameter parsing with empty values
448
- * Correct rackup '-I' flag, to allow multiple uses
449
- * Correct rackup pidfile handling
450
- * Report rackup line numbers correctly
451
- * Fix request loops caused by non-stale nonces with time limits
452
- * Fix reloader on Windows
453
- * Prevent infinite recursions from Response#to_ary
454
- * Various middleware better conforms to the body close specification
455
- * Updated language for the body close specification
456
- * Additional notes regarding ECMA escape compatibility issues
457
- * Fix the parsing of multiple ranges in range headers
458
- * Prevent errors from empty parameter keys
459
- * Added PATCH verb to Rack::Request
460
- * Various documentation updates
461
- * Fix session merge semantics (fixes rack-test)
462
- * Rack::Static :index can now handle multiple directories
463
- * All tests now utilize Rack::Lint (special thanks to Lars Gierth)
464
- * Rack::File cache_control parameter is now deprecated, and removed by 1.5
465
- * Correct Rack::Directory script name escaping
466
- * Rack::Static supports header rules for sophisticated configurations
467
- * Multipart parsing now works without a Content-Length header
468
- * New logos courtesy of Zachary Scott!
469
- * Rack::BodyProxy now explicitly defines #each, useful for C extensions
470
- * Cookies that are not URI escaped no longer cause exceptions
471
-
472
- * January 7th, 2013: Thirtieth public release 1.3.8
473
- * Security: Prevent unbounded reads in large multipart boundaries
474
-
475
- * January 7th, 2013: Thirty first public release 1.4.3
476
- * Security: Prevent unbounded reads in large multipart boundaries
477
-
478
- * January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
479
- * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
480
- * Fixed erroneous test case in the 1.3.x series
481
-
482
- * February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
483
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
484
-
485
- * February 7th, Thirty fifth public release 1.4.5
486
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
487
- * Fix CVE-2013-0262, symlink path traversal in Rack::File
488
-
489
- * February 7th, Thirty fifth public release 1.5.2
490
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
491
- * Fix CVE-2013-0262, symlink path traversal in Rack::File
492
- * Add various methods to Session for enhanced Rails compatibility
493
- * Request#trusted_proxy? now only matches whole stirngs
494
- * Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
495
- * URLMap host matching in environments that don't set the Host header fixed
496
- * Fix a race condition that could result in overwritten pidfiles
497
- * Various documentation additions
498
-
499
311
  == Contact
500
312
 
501
313
  Please post bugs, suggestions and patches to
502
314
  the bug tracker at <http://github.com/rack/rack/issues>.
503
315
 
504
- Please post security related bugs and suggestions to the core team at
505
- <https://groups.google.com/group/rack-core> or rack-core@googlegroups.com. Due
506
- to wide usage of the library, it is strongly preferred that we manage timing in
507
- order to provide viable patches at the time of disclosure. Your assistance in
508
- this matter is greatly appreciated.
509
-
510
316
  Mailing list archives are available at
511
317
  <http://groups.google.com/group/rack-devel>.
512
318
 
@@ -526,8 +332,6 @@ The Rack Core Team, consisting of
526
332
  * Michael Fellinger (manveru)
527
333
  * Ryan Tomayko (rtomayko)
528
334
  * Scytrin dai Kinthra (scytrin)
529
- * Aaron Patterson (tenderlove)
530
- * Konstantin Haase (rkh)
531
335
 
532
336
  would like to thank:
533
337
 
@@ -557,7 +361,7 @@ would like to thank:
557
361
  * Marcus Rückert, for help with configuring and debugging lighttpd.
558
362
  * The WSGI team for the well-done and documented work they've done and
559
363
  Rack builds up on.
560
- * All bug reporters and patch contributors not mentioned above.
364
+ * All bug reporters and patch contributers not mentioned above.
561
365
 
562
366
  == Copyright
563
367
 
@@ -582,11 +386,11 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
582
386
 
583
387
  == Links
584
388
 
585
- Rack:: <http://rack.github.com/>
389
+ Rack:: <http://rack.rubyforge.org/>
390
+ Rack's Rubyforge project:: <http://rubyforge.org/projects/rack>
586
391
  Official Rack repositories:: <http://github.com/rack>
587
- Rack Bug Tracking:: <http://github.com/rack/rack/issues>
392
+ Rack Lighthouse Bug Tracking:: <http://rack.lighthouseapp.com/>
588
393
  rack-devel mailing list:: <http://groups.google.com/group/rack-devel>
589
- Rack's Rubyforge project:: <http://rubyforge.org/projects/rack>
590
394
 
591
395
  Christian Neukirchen:: <http://chneukirchen.org/>
592
396
 
data/SPEC CHANGED
@@ -11,9 +11,9 @@ The *status*,
11
11
  the *headers*,
12
12
  and the *body*.
13
13
  == The Environment
14
- The environment must be an true instance of Hash (no
15
- subclassing allowed) that includes CGI-like headers.
16
- The application is free to modify the environment.
14
+ The environment must be an instance of Hash that includes
15
+ CGI-like headers. The application is free to modify the
16
+ environment.
17
17
  The environment is required to include these variables
18
18
  (adopted from PEP333), except when they'd be empty, but see
19
19
  below.
@@ -20,7 +20,7 @@ module Rack
20
20
 
21
21
  # Return the Rack release as a dotted string.
22
22
  def self.release
23
- "1.1.6"
23
+ "1.2"
24
24
  end
25
25
 
26
26
  autoload :Builder, "rack/builder"
@@ -71,18 +71,6 @@ module Rack
71
71
  autoload :Params, "rack/auth/digest/params"
72
72
  autoload :Request, "rack/auth/digest/request"
73
73
  end
74
-
75
- # Not all of the following schemes are "standards", but they are used often.
76
- @schemes = %w[basic digest bearer mac token oauth oauth2]
77
-
78
- def self.add_scheme scheme
79
- @schemes << scheme
80
- @schemes.uniq!
81
- end
82
-
83
- def self.schemes
84
- @schemes.dup
85
- end
86
74
  end
87
75
 
88
76
  module Session
@@ -90,15 +78,4 @@ module Rack
90
78
  autoload :Pool, "rack/session/pool"
91
79
  autoload :Memcache, "rack/session/memcache"
92
80
  end
93
-
94
- # *Adapters* connect Rack with third party web frameworks.
95
- #
96
- # Rack includes an adapter for Camping, see README for other
97
- # frameworks supporting Rack in their code bases.
98
- #
99
- # Refer to the submodules for framework-specific calling details.
100
-
101
- module Adapter
102
- autoload :Camping, "rack/adapter/camping"
103
- end
104
81
  end
@@ -15,11 +15,7 @@ module Rack
15
15
  end
16
16
 
17
17
  def scheme
18
- @scheme ||=
19
- begin
20
- s = parts.first.downcase
21
- Rack::Auth.schemes.include?(s) ? s.to_sym : s
22
- end
18
+ @scheme ||= parts.first.downcase.to_sym
23
19
  end
24
20
 
25
21
  def params
@@ -91,8 +91,7 @@ module Rack
91
91
  end
92
92
 
93
93
  def valid_digest?(auth)
94
- pw = @authenticator.call(auth.username)
95
- pw && digest(auth, pw) == auth.response
94
+ digest(auth, @authenticator.call(auth.username)) == auth.response
96
95
  end
97
96
 
98
97
  def md5(data)
@@ -35,7 +35,7 @@ module Rack
35
35
  super k.to_s, v.to_s
36
36
  end
37
37
 
38
- UNQUOTED = ['qop', 'nc', 'stale']
38
+ UNQUOTED = ['nc', 'stale']
39
39
 
40
40
  def to_s
41
41
  inject([]) do |parts, (k, v)|
@@ -13,7 +13,7 @@ module Rack
13
13
  status, headers, body = @app.call(env)
14
14
  headers = HeaderHash.new(headers)
15
15
 
16
- if !STATUS_WITH_NO_ENTITY_BODY.include?(status) &&
16
+ if !STATUS_WITH_NO_ENTITY_BODY.include?(status.to_i) &&
17
17
  !headers['Content-Length'] &&
18
18
  !headers['Transfer-Encoding'] &&
19
19
  (body.respond_to?(:to_ary) || body.respond_to?(:to_str))
@@ -11,13 +11,22 @@ module Rack
11
11
  status, headers, body = @app.call(env)
12
12
 
13
13
  if !headers.has_key?('ETag')
14
- parts = []
15
- body.each { |part| parts << part.to_s }
16
- headers['ETag'] = %("#{Digest::MD5.hexdigest(parts.join(""))}")
17
- [status, headers, parts]
18
- else
19
- [status, headers, body]
14
+ digest, body = digest_body(body)
15
+ headers['ETag'] = %("#{digest}")
20
16
  end
17
+
18
+ [status, headers, body]
21
19
  end
20
+
21
+ private
22
+ def digest_body(body)
23
+ digest = Digest::MD5.new
24
+ parts = []
25
+ body.each do |part|
26
+ digest << part
27
+ parts << part
28
+ end
29
+ [digest.hexdigest, parts]
30
+ end
22
31
  end
23
32
  end
@@ -3,8 +3,10 @@ require 'rack/utils'
3
3
  require 'rack/mime'
4
4
 
5
5
  module Rack
6
- # Rack::File serves files below the +root+ given, according to the
6
+ # Rack::File serves files below the +root+ directory given, according to the
7
7
  # path info of the Rack request.
8
+ # e.g. when Rack::File.new("/etc") is used, you can access 'passwd' file
9
+ # as http://localhost:9292/passwd
8
10
  #
9
11
  # Handlers can detect if bodies are a Rack::File, and use mechanisms
10
12
  # like sendfile on the +path+.
@@ -4,6 +4,7 @@ module Rack
4
4
  module Handler
5
5
  class CGI
6
6
  def self.run(app, options=nil)
7
+ $stdin.binmode
7
8
  serve app
8
9
  end
9
10
 
@@ -15,7 +16,7 @@ module Rack
15
16
 
16
17
  env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
17
18
 
18
- env.update({"rack.version" => [1,1],
19
+ env.update({"rack.version" => Rack::VERSION,
19
20
  "rack.input" => $stdin,
20
21
  "rack.errors" => $stderr,
21
22
 
@@ -40,20 +41,20 @@ module Rack
40
41
  end
41
42
 
42
43
  def self.send_headers(status, headers)
43
- STDOUT.print "Status: #{status}\r\n"
44
+ $stdout.print "Status: #{status}\r\n"
44
45
  headers.each { |k, vs|
45
46
  vs.split("\n").each { |v|
46
- STDOUT.print "#{k}: #{v}\r\n"
47
+ $stdout.print "#{k}: #{v}\r\n"
47
48
  }
48
49
  }
49
- STDOUT.print "\r\n"
50
- STDOUT.flush
50
+ $stdout.print "\r\n"
51
+ $stdout.flush
51
52
  end
52
53
 
53
54
  def self.send_body(body)
54
55
  body.each { |part|
55
- STDOUT.print part
56
- STDOUT.flush
56
+ $stdout.print part
57
+ $stdout.flush
57
58
  }
58
59
  end
59
60
  end