RubyGems - rack - Versions diffs - 1.6.2 → 1.6.3 - Mend

rack 1.6.2 → 1.6.3

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/rack.rb +1 -1
data/lib/rack/methodoverride.rb +1 -0
data/lib/rack/multipart/parser.rb +5 -4
data/lib/rack/request.rb +4 -4
data/rack.gemspec +1 -1
data/test/cgi/lighttpd.errors +1 -0
data/test/multipart/three_files_three_fields +31 -0
data/test/spec_methodoverride.rb +7 -0
data/test/spec_multipart.rb +27 -0
data/test/spec_request.rb +17 -6
metadata +4 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ab38bb5c60cd46486301f9260b5a573ee1f433f2
-  data.tar.gz: e17cf5cf671ebd4aa03826847d006be00c964c4a
+  metadata.gz: 18409710545555f64ea2d3aae2d27c67431f1739
+  data.tar.gz: c3d4be3aae53f787d7a1218b717918d1ab135ba0
 SHA512:
-  metadata.gz: 71969e78c1454c8dcf6bd20e0fcb59f367d0e1a1b6ad32a512c866cb88f18ca1d98cb2074e704596a84fb91b64760e730dc590c1caf4b480ab5dae50994d776d
-  data.tar.gz: 5748ff056a909a1d1ee5ef717ccca1b04a5c6a076397cdefc05b23235a1f4fb3e8d3b833a65e3dbaa57c29efe7184eba7a69b47c59d5ca7d5e004cff228538e2
+  metadata.gz: 57deaefb6167c41011dfe2f466df7e3ef82868e84ab91201aa21092bd832f37bf1d2d0da2b722db4e3221e0587d39909ec7cb6bbe171e568c66af2996d5ff515
+  data.tar.gz: 970e4c2f51194b3c5f1d162ec09d1430d55efe2d6f68c3dcb1b93e5b896048ea8053c56d1161c3aa91adbdddb6f276d3a0b6f2606c5d9e59443698b7db65cfac

data/lib/rack.rb CHANGED

@@ -20,7 +20,7 @@ module Rack
   # Return the Rack release as a dotted string.
   def self.release
-    "1.6.2"
+    "1.6.3"
   end
   PATH_INFO      = 'PATH_INFO'.freeze
   REQUEST_METHOD = 'REQUEST_METHOD'.freeze

data/lib/rack/methodoverride.rb CHANGED

@@ -37,6 +37,7 @@ module Rack
     def method_override_param(req)
       req.POST[METHOD_OVERRIDE_PARAM_KEY]
+    rescue Utils::InvalidParameterError, Utils::ParameterTypeError
     end
   end
 end

data/lib/rack/multipart/parser.rb CHANGED

@@ -54,14 +54,15 @@ module Rack
         opened_files = 0
         loop do
-          if Utils.multipart_part_limit > 0
-            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
-            opened_files += 1
-          end
           head, filename, content_type, name, body =
             get_current_head_and_filename_and_content_type_and_name_and_body
+          if Utils.multipart_part_limit > 0
+            opened_files += 1 if filename
+            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+          end
           # Save the rest.
           if i = @buf.index(rx)
             body << @buf.slice!(0, i)

data/lib/rack/request.rb CHANGED

@@ -188,7 +188,7 @@ module Rack
       if @env["rack.request.query_string"] == query_string
         @env["rack.request.query_hash"]
       else
-        p = parse_query(query_string)
+        p = parse_query(query_string, '&;')
         @env["rack.request.query_string"] = query_string
         @env["rack.request.query_hash"]   = p
       end
@@ -212,7 +212,7 @@ module Rack
           form_vars.slice!(-1) if form_vars[-1] == ?\0
           @env["rack.request.form_vars"] = form_vars
-          @env["rack.request.form_hash"] = parse_query(form_vars)
+          @env["rack.request.form_hash"] = parse_query(form_vars, '&')
           @env["rack.input"].rewind
         end
@@ -365,8 +365,8 @@ module Rack
         ip_addresses.reject { |ip| trusted_proxy?(ip) }
       end
-      def parse_query(qs)
-        Utils.parse_nested_query(qs, '&')
+      def parse_query(qs, d)
+        Utils.parse_nested_query(qs, d)
       end
       def parse_multipart(env)

data/rack.gemspec CHANGED

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = "rack"
-  s.version         = "1.6.2"
+  s.version         = "1.6.3"
   s.platform        = Gem::Platform::RUBY
   s.summary         = "a modular Ruby webserver interface"
   s.license         = "MIT"

data/test/cgi/lighttpd.errors ADDED

	@@ -0,0 +1 @@
1	+ 2015-06-16 14:11:43: (log.c.164) server started

data/test/multipart/three_files_three_fields ADDED

@@ -0,0 +1,31 @@
+--AaB03x
+content-disposition: form-data; name="reply"
+yes
+--AaB03x
+content-disposition: form-data; name="to"
+people
+--AaB03x
+content-disposition: form-data; name="from"
+others
+--AaB03x
+content-disposition: form-data; name="fileupload1"; filename="file1.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload2"; filename="file2.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload3"; filename="file3.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x--

data/test/spec_methodoverride.rb CHANGED

@@ -72,4 +72,11 @@ EOF
     env["REQUEST_METHOD"].should.equal "POST"
   end
+  should "not modify REQUEST_METHOD for POST requests when the params are unparseable" do
+    env = Rack::MockRequest.env_for("/", :method => "POST", :input => "(%bad-params%)")
+    app.call env
+    env["REQUEST_METHOD"].should.equal "POST"
+  end
 end

data/test/spec_multipart.rb CHANGED

@@ -476,6 +476,33 @@ Content-Type: image/jpeg\r
     end
   end
+ should "not reach a multi-part limit" do
+    begin
+      previous_limit = Rack::Utils.multipart_part_limit
+      Rack::Utils.multipart_part_limit = 4
+      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
+      params = Rack::Multipart.parse_multipart(env)
+      params['reply'].should.equal 'yes'
+      params['to'].should.equal 'people'
+      params['from'].should.equal 'others'
+    ensure
+      Rack::Utils.multipart_part_limit = previous_limit
+    end
+  end
+  should "reach a multipart limit" do
+    begin
+      previous_limit = Rack::Utils.multipart_part_limit
+      Rack::Utils.multipart_part_limit = 3
+      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
+      lambda { Rack::Multipart.parse_multipart(env) }.should.raise(Rack::Multipart::MultipartPartLimitError)
+    ensure
+      Rack::Utils.multipart_part_limit = previous_limit
+    end
+  end
   should "return nil if no UploadedFiles were used" do
     data = Rack::Multipart.build_multipart("people" => [{"submit-name" => "Larry", "files" => "contents"}])
     data.should.equal nil

data/test/spec_request.rb CHANGED

@@ -134,14 +134,25 @@ describe Rack::Request do
     req.params.should.equal "foo" => "bar", "quux" => "bla"
   end
-  should "not truncate query strings containing semi-colons #543" do
-    req = Rack::Request.new(Rack::MockRequest.env_for("/?foo=bar&quux=b;la"))
-    req.query_string.should.equal "foo=bar&quux=b;la"
-    req.GET.should.equal "foo" => "bar", "quux" => "b;la"
-    req.POST.should.be.empty
-    req.params.should.equal "foo" => "bar", "quux" => "b;la"
+  should "not truncate query strings containing semi-colons #543 only in POST" do
+    mr = Rack::MockRequest.env_for("/",
+      "REQUEST_METHOD" => 'POST',
+      :input => "foo=bar&quux=b;la")
+    req = Rack::Request.new mr
+    req.query_string.should.equal ""
+    req.GET.should.be.empty
+    req.POST.should.equal "foo" => "bar", "quux" => "b;la"
+    req.params.should.equal req.GET.merge(req.POST)
   end
+  should "use semi-colons as separators for query strings in GET" do
+    req = Rack::Request.new(Rack::MockRequest.env_for("/?foo=bar&quux=b;la;wun=duh"))
+    req.query_string.should.equal "foo=bar&quux=b;la;wun=duh"
+    req.GET.should.equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh"
+    req.POST.should.be.empty
+    req.params.should.equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh"
+  end
   should "limit the keys from the GET query string" do
     env = Rack::MockRequest.env_for("/?foo=bar")

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 1.6.2
+  version: 1.6.3
 platform: ruby
 authors:
 - Christian Neukirchen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-16 00:00:00.000000000 Z
+date: 2015-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bacon
@@ -148,6 +148,7 @@ files:
 - test/cgi/assets/javascripts/app.js
 - test/cgi/assets/stylesheets/app.css
 - test/cgi/lighttpd.conf
+- test/cgi/lighttpd.errors
 - test/cgi/rackup_stub.rb
 - test/cgi/sample_rackup.ru
 - test/cgi/test
@@ -177,6 +178,7 @@ files:
 - test/multipart/none
 - test/multipart/semicolon
 - test/multipart/text
+- test/multipart/three_files_three_fields
 - test/multipart/webkit
 - test/rackup/config.ru
 - test/registering_handler/rack/handler/registering_myself.rb