rack_encoding_scrubber 0.2 → 0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rack_encoding_scrubber.rb +15 -3
- data/rack_encoding_scrubber.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b97f7ce7430b37a35ccf1053b0900a51397772a9
|
4
|
+
data.tar.gz: 3c703aef6858a77b5881d4daa0b16670b04e5dfe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4251eb3439c033c5a7d9fc3937b2b7dde29c4bc93df9228f0140c5cd646841020f3e9dfa6dc3e611f1baa7b475c1a43096365d22849d76f5c03116abbf22c22b
|
7
|
+
data.tar.gz: 19b1e4d7a7bc7edd3b7072cc9bf7bdc6a788e28e3779eae0a2aa4b4215b0183df57a6e75bba95f95458fe6f21fe099798bfa705b48dd39191e6cc3907eb5545f
|
@@ -1,6 +1,8 @@
|
|
1
1
|
require "rack_encoding_scrubber/version"
|
2
2
|
|
3
3
|
class RackEncodingScrubber
|
4
|
+
REGEX_UTF = /%u00\h{0,2}/
|
5
|
+
REGEX_MB = /%[a-fA-F]\h/
|
4
6
|
def initialize(app)
|
5
7
|
@app = app
|
6
8
|
end
|
@@ -14,9 +16,19 @@ class RackEncodingScrubber
|
|
14
16
|
request_method = env['REQUEST_METHOD']
|
15
17
|
if request_method == 'GET'
|
16
18
|
%w[QUERY_STRING REQUEST_PATH PATH_INFO QUERY_STRING REQUEST_URI ORIGINAL_FULLPATH].each do |header|
|
17
|
-
if
|
18
|
-
|
19
|
-
|
19
|
+
if h = env[header]
|
20
|
+
if h["%u00"]
|
21
|
+
h.gsub!(REGEX_UTF, "")
|
22
|
+
end
|
23
|
+
if h[REGEX_MB] # check for byte
|
24
|
+
tmp = CGI.unescape(h).force_encoding('utf-8')
|
25
|
+
if !tmp.valid_encoding?
|
26
|
+
env[header] = CGI.escape(tmp.scrub(''))
|
27
|
+
if %w[REQUEST_PATH PATH_INFO REQUEST_URI].include? header
|
28
|
+
env[header].gsub! '%2F', '/'
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
20
32
|
end
|
21
33
|
end
|
22
34
|
end
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "rack_encoding_scrubber"
|
7
|
-
spec.version = '0.
|
7
|
+
spec.version = '0.3'
|
8
8
|
spec.authors = ["Andy Schreiter"]
|
9
9
|
spec.email = ["andy.schreiter@pludoni.de"]
|
10
10
|
spec.summary = %q{Removes invalid %-encoding}
|