rack 1.6.3 → 1.6.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/HISTORY.md +4 -0
  3. data/lib/rack.rb +1 -1
  4. data/lib/rack/request.rb +5 -3
  5. data/rack.gemspec +1 -1
  6. data/test/spec_request.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 18409710545555f64ea2d3aae2d27c67431f1739
4
- data.tar.gz: c3d4be3aae53f787d7a1218b717918d1ab135ba0
3
+ metadata.gz: fb00d79382a3da4823e22b19a39e44c18b6ecf95
4
+ data.tar.gz: 5bb320ab78e603bb4da43d757bba382654562f3a
5
5
  SHA512:
6
- metadata.gz: 57deaefb6167c41011dfe2f466df7e3ef82868e84ab91201aa21092bd832f37bf1d2d0da2b722db4e3221e0587d39909ec7cb6bbe171e568c66af2996d5ff515
7
- data.tar.gz: 970e4c2f51194b3c5f1d162ec09d1430d55efe2d6f68c3dcb1b93e5b896048ea8053c56d1161c3aa91adbdddb6f276d3a0b6f2606c5d9e59443698b7db65cfac
6
+ metadata.gz: b3ef871417f3da49fac5952395efb126fe540303227f6a1a1f0bedc08b33abfed4cef4a001e788284ca0135eed3e39b0471cd865af78f1b1ef2efcb076ba07c8
7
+ data.tar.gz: a1fd7d68a5503e67c985089855c2544e10009677949fe6945bd51cfe59796eb5d60879687884b46319ebd7b0858723caa57ee68a4d9cf8f7463b355591905500
data/HISTORY.md CHANGED
@@ -1,3 +1,7 @@
1
+ Fri Jun 19 07:14:50 2015 Matthew Draper <matthew@trebex.net>
2
+
3
+ * Work around a Rails incompatibility in our private API
4
+
1
5
  Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
2
6
 
3
7
  * Prevent extremely deep parameters from being parsed. CVE-2015-3225
data/lib/rack.rb CHANGED
@@ -20,7 +20,7 @@ module Rack
20
20
 
21
21
  # Return the Rack release as a dotted string.
22
22
  def self.release
23
- "1.6.3"
23
+ "1.6.4"
24
24
  end
25
25
  PATH_INFO = 'PATH_INFO'.freeze
26
26
  REQUEST_METHOD = 'REQUEST_METHOD'.freeze
data/lib/rack/request.rb CHANGED
@@ -188,7 +188,7 @@ module Rack
188
188
  if @env["rack.request.query_string"] == query_string
189
189
  @env["rack.request.query_hash"]
190
190
  else
191
- p = parse_query(query_string, '&;')
191
+ p = parse_query({ :query => query_string, :separator => '&;' })
192
192
  @env["rack.request.query_string"] = query_string
193
193
  @env["rack.request.query_hash"] = p
194
194
  end
@@ -212,7 +212,7 @@ module Rack
212
212
  form_vars.slice!(-1) if form_vars[-1] == ?\0
213
213
 
214
214
  @env["rack.request.form_vars"] = form_vars
215
- @env["rack.request.form_hash"] = parse_query(form_vars, '&')
215
+ @env["rack.request.form_hash"] = parse_query({ :query => form_vars, :separator => '&' })
216
216
 
217
217
  @env["rack.input"].rewind
218
218
  end
@@ -365,7 +365,9 @@ module Rack
365
365
  ip_addresses.reject { |ip| trusted_proxy?(ip) }
366
366
  end
367
367
 
368
- def parse_query(qs, d)
368
+ def parse_query(qs)
369
+ d = '&'
370
+ qs, d = qs[:query], qs[:separator] if Hash === qs
369
371
  Utils.parse_nested_query(qs, d)
370
372
  end
371
373
 
data/rack.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "rack"
3
- s.version = "1.6.3"
3
+ s.version = "1.6.4"
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.summary = "a modular Ruby webserver interface"
6
6
  s.license = "MIT"
data/test/spec_request.rb CHANGED
@@ -152,7 +152,7 @@ describe Rack::Request do
152
152
  req.POST.should.be.empty
153
153
  req.params.should.equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh"
154
154
  end
155
-
155
+
156
156
  should "limit the keys from the GET query string" do
157
157
  env = Rack::MockRequest.env_for("/?foo=bar")
158
158
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.3
4
+ version: 1.6.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Neukirchen