rack 1.6.5 → 1.6.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/rack.rb +1 -1
- data/lib/rack/multipart/parser.rb +1 -2
- data/lib/rack/server.rb +2 -1
- data/rack.gemspec +1 -1
- data/test/multipart/filename_with_null_byte +7 -0
- data/test/spec_multipart.rb +6 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 06de71024a96e8adb2d56a5a71d19c27108d9092
|
|
4
|
+
data.tar.gz: f88faaa3f6981a646989fd5c6e7284ae7ef9fdc7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 87a659e1fa075bcbd285f8aa484dac13d60835c69b0346429d7973095446478dcc409965caf6c35e5e46f73df3db97b0faf261d75785ca9f6b0605baf73088bd
|
|
7
|
+
data.tar.gz: 9f956b12721c8f3858adb604fabe11e9bf823bfb750ff0da1d313ee597e461d2a022dc560a39a13ba279afbb0c6d6d763f15aba3fbf41e77a1b5c344e3b6b4d3
|
data/lib/rack.rb
CHANGED
|
@@ -6,7 +6,6 @@ module Rack
|
|
|
6
6
|
|
|
7
7
|
class Parser
|
|
8
8
|
BUFSIZE = 16384
|
|
9
|
-
|
|
10
9
|
DUMMY = Struct.new(:parse).new
|
|
11
10
|
|
|
12
11
|
def self.create(env)
|
|
@@ -19,7 +18,7 @@ module Rack
|
|
|
19
18
|
content_length = content_length.to_i if content_length
|
|
20
19
|
|
|
21
20
|
tempfile = env['rack.multipart.tempfile_factory'] ||
|
|
22
|
-
lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename)]) }
|
|
21
|
+
lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
|
|
23
22
|
bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
|
|
24
23
|
|
|
25
24
|
new($1, io, content_length, env, tempfile, bufsize)
|
data/lib/rack/server.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'optparse'
|
|
2
|
+
require 'fileutils'
|
|
2
3
|
|
|
3
4
|
|
|
4
5
|
module Rack
|
|
@@ -352,7 +353,7 @@ module Rack
|
|
|
352
353
|
|
|
353
354
|
def write_pid
|
|
354
355
|
::File.open(options[:pid], ::File::CREAT | ::File::EXCL | ::File::WRONLY ){ |f| f.write("#{Process.pid}") }
|
|
355
|
-
at_exit { ::
|
|
356
|
+
at_exit { ::FileUtils.rm_f(options[:pid]) }
|
|
356
357
|
rescue Errno::EEXIST
|
|
357
358
|
check_pid!
|
|
358
359
|
retry
|
data/rack.gemspec
CHANGED
data/test/spec_multipart.rb
CHANGED
|
@@ -261,6 +261,12 @@ describe Rack::Multipart do
|
|
|
261
261
|
params["files"].size.should.equal 252
|
|
262
262
|
end
|
|
263
263
|
|
|
264
|
+
should "parse multipart form with a null byte in the filename" do
|
|
265
|
+
env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_null_byte)
|
|
266
|
+
params = Rack::Multipart.parse_multipart(env)
|
|
267
|
+
params["files"][:filename].should.equal "flowers.exe\u0000.jpg"
|
|
268
|
+
end
|
|
269
|
+
|
|
264
270
|
should "parse multipart/mixed" do
|
|
265
271
|
env = Rack::MockRequest.env_for("/", multipart_fixture(:mixed_files))
|
|
266
272
|
params = Rack::Utils::Multipart.parse_multipart(env)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Christian Neukirchen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-05-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bacon
|
|
@@ -165,6 +165,7 @@ files:
|
|
|
165
165
|
- test/multipart/filename_and_no_name
|
|
166
166
|
- test/multipart/filename_with_escaped_quotes
|
|
167
167
|
- test/multipart/filename_with_escaped_quotes_and_modification_param
|
|
168
|
+
- test/multipart/filename_with_null_byte
|
|
168
169
|
- test/multipart/filename_with_percent_escaped_quotes
|
|
169
170
|
- test/multipart/filename_with_unescaped_percentages
|
|
170
171
|
- test/multipart/filename_with_unescaped_percentages2
|
|
@@ -255,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
255
256
|
version: '0'
|
|
256
257
|
requirements: []
|
|
257
258
|
rubyforge_project: rack
|
|
258
|
-
rubygems_version: 2.
|
|
259
|
+
rubygems_version: 2.6.8
|
|
259
260
|
signing_key:
|
|
260
261
|
specification_version: 4
|
|
261
262
|
summary: a modular Ruby webserver interface
|
|
@@ -309,4 +310,3 @@ test_files:
|
|
|
309
310
|
- test/spec_utils.rb
|
|
310
311
|
- test/spec_version.rb
|
|
311
312
|
- test/spec_webrick.rb
|
|
312
|
-
has_rdoc:
|