rack 1.6.2 → 1.6.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/rack.rb +1 -1
- data/lib/rack/methodoverride.rb +1 -0
- data/lib/rack/multipart/parser.rb +5 -4
- data/lib/rack/request.rb +4 -4
- data/rack.gemspec +1 -1
- data/test/cgi/lighttpd.errors +1 -0
- data/test/multipart/three_files_three_fields +31 -0
- data/test/spec_methodoverride.rb +7 -0
- data/test/spec_multipart.rb +27 -0
- data/test/spec_request.rb +17 -6
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 18409710545555f64ea2d3aae2d27c67431f1739
|
4
|
+
data.tar.gz: c3d4be3aae53f787d7a1218b717918d1ab135ba0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 57deaefb6167c41011dfe2f466df7e3ef82868e84ab91201aa21092bd832f37bf1d2d0da2b722db4e3221e0587d39909ec7cb6bbe171e568c66af2996d5ff515
|
7
|
+
data.tar.gz: 970e4c2f51194b3c5f1d162ec09d1430d55efe2d6f68c3dcb1b93e5b896048ea8053c56d1161c3aa91adbdddb6f276d3a0b6f2606c5d9e59443698b7db65cfac
|
data/lib/rack.rb
CHANGED
data/lib/rack/methodoverride.rb
CHANGED
@@ -54,14 +54,15 @@ module Rack
|
|
54
54
|
|
55
55
|
opened_files = 0
|
56
56
|
loop do
|
57
|
-
if Utils.multipart_part_limit > 0
|
58
|
-
raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
|
59
|
-
opened_files += 1
|
60
|
-
end
|
61
57
|
|
62
58
|
head, filename, content_type, name, body =
|
63
59
|
get_current_head_and_filename_and_content_type_and_name_and_body
|
64
60
|
|
61
|
+
if Utils.multipart_part_limit > 0
|
62
|
+
opened_files += 1 if filename
|
63
|
+
raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
|
64
|
+
end
|
65
|
+
|
65
66
|
# Save the rest.
|
66
67
|
if i = @buf.index(rx)
|
67
68
|
body << @buf.slice!(0, i)
|
data/lib/rack/request.rb
CHANGED
@@ -188,7 +188,7 @@ module Rack
|
|
188
188
|
if @env["rack.request.query_string"] == query_string
|
189
189
|
@env["rack.request.query_hash"]
|
190
190
|
else
|
191
|
-
p = parse_query(query_string)
|
191
|
+
p = parse_query(query_string, '&;')
|
192
192
|
@env["rack.request.query_string"] = query_string
|
193
193
|
@env["rack.request.query_hash"] = p
|
194
194
|
end
|
@@ -212,7 +212,7 @@ module Rack
|
|
212
212
|
form_vars.slice!(-1) if form_vars[-1] == ?\0
|
213
213
|
|
214
214
|
@env["rack.request.form_vars"] = form_vars
|
215
|
-
@env["rack.request.form_hash"] = parse_query(form_vars)
|
215
|
+
@env["rack.request.form_hash"] = parse_query(form_vars, '&')
|
216
216
|
|
217
217
|
@env["rack.input"].rewind
|
218
218
|
end
|
@@ -365,8 +365,8 @@ module Rack
|
|
365
365
|
ip_addresses.reject { |ip| trusted_proxy?(ip) }
|
366
366
|
end
|
367
367
|
|
368
|
-
def parse_query(qs)
|
369
|
-
Utils.parse_nested_query(qs,
|
368
|
+
def parse_query(qs, d)
|
369
|
+
Utils.parse_nested_query(qs, d)
|
370
370
|
end
|
371
371
|
|
372
372
|
def parse_multipart(env)
|
data/rack.gemspec
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
2015-06-16 14:11:43: (log.c.164) server started
|
@@ -0,0 +1,31 @@
|
|
1
|
+
--AaB03x
|
2
|
+
content-disposition: form-data; name="reply"
|
3
|
+
|
4
|
+
yes
|
5
|
+
--AaB03x
|
6
|
+
content-disposition: form-data; name="to"
|
7
|
+
|
8
|
+
people
|
9
|
+
--AaB03x
|
10
|
+
content-disposition: form-data; name="from"
|
11
|
+
|
12
|
+
others
|
13
|
+
--AaB03x
|
14
|
+
content-disposition: form-data; name="fileupload1"; filename="file1.jpg"
|
15
|
+
Content-Type: image/jpeg
|
16
|
+
Content-Transfer-Encoding: base64
|
17
|
+
|
18
|
+
/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
|
19
|
+
--AaB03x
|
20
|
+
content-disposition: form-data; name="fileupload2"; filename="file2.jpg"
|
21
|
+
Content-Type: image/jpeg
|
22
|
+
Content-Transfer-Encoding: base64
|
23
|
+
|
24
|
+
/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
|
25
|
+
--AaB03x
|
26
|
+
content-disposition: form-data; name="fileupload3"; filename="file3.jpg"
|
27
|
+
Content-Type: image/jpeg
|
28
|
+
Content-Transfer-Encoding: base64
|
29
|
+
|
30
|
+
/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
|
31
|
+
--AaB03x--
|
data/test/spec_methodoverride.rb
CHANGED
@@ -72,4 +72,11 @@ EOF
|
|
72
72
|
|
73
73
|
env["REQUEST_METHOD"].should.equal "POST"
|
74
74
|
end
|
75
|
+
|
76
|
+
should "not modify REQUEST_METHOD for POST requests when the params are unparseable" do
|
77
|
+
env = Rack::MockRequest.env_for("/", :method => "POST", :input => "(%bad-params%)")
|
78
|
+
app.call env
|
79
|
+
|
80
|
+
env["REQUEST_METHOD"].should.equal "POST"
|
81
|
+
end
|
75
82
|
end
|
data/test/spec_multipart.rb
CHANGED
@@ -476,6 +476,33 @@ Content-Type: image/jpeg\r
|
|
476
476
|
end
|
477
477
|
end
|
478
478
|
|
479
|
+
should "not reach a multi-part limit" do
|
480
|
+
begin
|
481
|
+
previous_limit = Rack::Utils.multipart_part_limit
|
482
|
+
Rack::Utils.multipart_part_limit = 4
|
483
|
+
|
484
|
+
env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
|
485
|
+
params = Rack::Multipart.parse_multipart(env)
|
486
|
+
params['reply'].should.equal 'yes'
|
487
|
+
params['to'].should.equal 'people'
|
488
|
+
params['from'].should.equal 'others'
|
489
|
+
ensure
|
490
|
+
Rack::Utils.multipart_part_limit = previous_limit
|
491
|
+
end
|
492
|
+
end
|
493
|
+
|
494
|
+
should "reach a multipart limit" do
|
495
|
+
begin
|
496
|
+
previous_limit = Rack::Utils.multipart_part_limit
|
497
|
+
Rack::Utils.multipart_part_limit = 3
|
498
|
+
|
499
|
+
env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
|
500
|
+
lambda { Rack::Multipart.parse_multipart(env) }.should.raise(Rack::Multipart::MultipartPartLimitError)
|
501
|
+
ensure
|
502
|
+
Rack::Utils.multipart_part_limit = previous_limit
|
503
|
+
end
|
504
|
+
end
|
505
|
+
|
479
506
|
should "return nil if no UploadedFiles were used" do
|
480
507
|
data = Rack::Multipart.build_multipart("people" => [{"submit-name" => "Larry", "files" => "contents"}])
|
481
508
|
data.should.equal nil
|
data/test/spec_request.rb
CHANGED
@@ -134,14 +134,25 @@ describe Rack::Request do
|
|
134
134
|
req.params.should.equal "foo" => "bar", "quux" => "bla"
|
135
135
|
end
|
136
136
|
|
137
|
-
should "not truncate query strings containing semi-colons #543" do
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
req.
|
142
|
-
req.
|
137
|
+
should "not truncate query strings containing semi-colons #543 only in POST" do
|
138
|
+
mr = Rack::MockRequest.env_for("/",
|
139
|
+
"REQUEST_METHOD" => 'POST',
|
140
|
+
:input => "foo=bar&quux=b;la")
|
141
|
+
req = Rack::Request.new mr
|
142
|
+
req.query_string.should.equal ""
|
143
|
+
req.GET.should.be.empty
|
144
|
+
req.POST.should.equal "foo" => "bar", "quux" => "b;la"
|
145
|
+
req.params.should.equal req.GET.merge(req.POST)
|
143
146
|
end
|
144
147
|
|
148
|
+
should "use semi-colons as separators for query strings in GET" do
|
149
|
+
req = Rack::Request.new(Rack::MockRequest.env_for("/?foo=bar&quux=b;la;wun=duh"))
|
150
|
+
req.query_string.should.equal "foo=bar&quux=b;la;wun=duh"
|
151
|
+
req.GET.should.equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh"
|
152
|
+
req.POST.should.be.empty
|
153
|
+
req.params.should.equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh"
|
154
|
+
end
|
155
|
+
|
145
156
|
should "limit the keys from the GET query string" do
|
146
157
|
env = Rack::MockRequest.env_for("/?foo=bar")
|
147
158
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.6.
|
4
|
+
version: 1.6.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Christian Neukirchen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-06-
|
11
|
+
date: 2015-06-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bacon
|
@@ -148,6 +148,7 @@ files:
|
|
148
148
|
- test/cgi/assets/javascripts/app.js
|
149
149
|
- test/cgi/assets/stylesheets/app.css
|
150
150
|
- test/cgi/lighttpd.conf
|
151
|
+
- test/cgi/lighttpd.errors
|
151
152
|
- test/cgi/rackup_stub.rb
|
152
153
|
- test/cgi/sample_rackup.ru
|
153
154
|
- test/cgi/test
|
@@ -177,6 +178,7 @@ files:
|
|
177
178
|
- test/multipart/none
|
178
179
|
- test/multipart/semicolon
|
179
180
|
- test/multipart/text
|
181
|
+
- test/multipart/three_files_three_fields
|
180
182
|
- test/multipart/webkit
|
181
183
|
- test/rackup/config.ru
|
182
184
|
- test/registering_handler/rack/handler/registering_myself.rb
|