sinatra 2.1.0 → 4.1.1

data/lib/sinatra/base.rb

@@ -1,16 +1,20 @@
-# coding: utf-8
 # frozen_string_literal: true
 
 # external dependencies
 require 'rack'
+begin
+  require 'rackup'
+rescue LoadError
+end
 require 'tilt'
 require 'rack/protection'
+require 'rack/session'
 require 'mustermann'
 require 'mustermann/sinatra'
 require 'mustermann/regular'
 
 # stdlib dependencies
-require 'thread'
+require 'ipaddr'
 require 'time'
 require 'uri'
 
@@ -19,23 +23,26 @@ require 'sinatra/indifferent_hash'
 require 'sinatra/show_exceptions'
 require 'sinatra/version'
 
+require_relative 'middleware/logger'
+
 module Sinatra
   # The request object. See Rack::Request for more info:
-  # http://rubydoc.info/github/rack/rack/master/Rack/Request
+  # https://rubydoc.info/github/rack/rack/main/Rack/Request
   class Request < Rack::Request
-    HEADER_PARAM = /\s*[\w.]+=(?:[\w.]+|"(?:[^"\\]|\\.)*")?\s*/
-    HEADER_VALUE_WITH_PARAMS = /(?:(?:\w+|\*)\/(?:\w+(?:\.|\-|\+)?|\*)*)\s*(?:;#{HEADER_PARAM})*/
+    HEADER_PARAM = /\s*[\w.]+=(?:[\w.]+|"(?:[^"\\]|\\.)*")?\s*/.freeze
+    HEADER_VALUE_WITH_PARAMS = %r{(?:(?:\w+|\*)/(?:\w+(?:\.|-|\+)?|\*)*)\s*(?:;#{HEADER_PARAM})*}.freeze
 
     # Returns an array of acceptable media types for the response
     def accept
-      @env['sinatra.accept'] ||= begin
-        if @env.include? 'HTTP_ACCEPT' and @env['HTTP_ACCEPT'].to_s != ''
-          @env['HTTP_ACCEPT'].to_s.scan(HEADER_VALUE_WITH_PARAMS).
-            map! { |e| AcceptEntry.new(e) }.sort
-        else
-          [AcceptEntry.new('*/*')]
-        end
-      end
+      @env['sinatra.accept'] ||= if @env.include?('HTTP_ACCEPT') && (@env['HTTP_ACCEPT'].to_s != '')
+                                   @env['HTTP_ACCEPT']
+                                     .to_s
+                                     .scan(HEADER_VALUE_WITH_PARAMS)
+                                     .map! { |e| AcceptEntry.new(e) }
+                                     .sort
+                                 else
+                                   [AcceptEntry.new('*/*')]
+                                 end
     end
 
     def accept?(type)
@@ -44,8 +51,10 @@ module Sinatra
 
     def preferred_type(*types)
       return accept.first if types.empty?
+
       types.flatten!
       return types.first if accept.empty?
+
       accept.detect do |accept_header|
         type = types.detect { |t| MimeTypeEntry.new(t).accepts?(accept_header) }
         return type if type
@@ -55,29 +64,31 @@ module Sinatra
     alias secure? ssl?
 
     def forwarded?
-      @env.include? "HTTP_X_FORWARDED_HOST"
+      !forwarded_authority.nil?
     end
 
     def safe?
-      get? or head? or options? or trace?
+      get? || head? || options? || trace?
     end
 
     def idempotent?
-      safe? or put? or delete? or link? or unlink?
+      safe? || put? || delete? || link? || unlink?
     end
 
     def link?
-      request_method == "LINK"
+      request_method == 'LINK'
     end
 
     def unlink?
-      request_method == "UNLINK"
+      request_method == 'UNLINK'
     end
 
     def params
       super
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
       raise BadRequest, "Invalid query parameters: #{Rack::Utils.escape_html(e.message)}"
+    rescue EOFError => e
+      raise BadRequest, "Invalid multipart/form-data: #{Rack::Utils.escape_html(e.message)}"
     end
 
     class AcceptEntry
@@ -93,17 +104,17 @@ module Sinatra
 
         @entry  = entry
         @type   = entry[/[^;]+/].delete(' ')
-        @params = Hash[params]
+        @params = params.to_h
         @q      = @params.delete('q') { 1.0 }.to_f
       end
 
       def <=>(other)
-        other.priority <=> self.priority
+        other.priority <=> priority
       end
 
       def priority
         # We sort in descending order; better matches should be higher.
-        [ @q, -@type.count('*'), @params.size ]
+        [@q, -@type.count('*'), @params.size]
       end
 
       def to_str
@@ -115,7 +126,7 @@ module Sinatra
       end
 
       def respond_to?(*args)
-        super or to_str.respond_to?(*args)
+        super || to_str.respond_to?(*args)
       end
 
       def method_missing(*args, &block)
@@ -134,7 +145,7 @@ module Sinatra
         end
 
         @type   = entry[/[^;]+/].delete(' ')
-        @params = Hash[params]
+        @params = params.to_h
       end
 
       def accepts?(entry)
@@ -148,17 +159,17 @@ module Sinatra
       def matches_params?(params)
         return true if @params.empty?
 
-        params.all? { |k,v| !@params.has_key?(k) || @params[k] == v }
+        params.all? { |k, v| !@params.key?(k) || @params[k] == v }
       end
     end
   end
 
   # The response object. See Rack::Response and Rack::Response::Helpers for
   # more info:
-  # http://rubydoc.info/github/rack/rack/master/Rack/Response
-  # http://rubydoc.info/github/rack/rack/master/Rack/Response/Helpers
+  # https://rubydoc.info/github/rack/rack/main/Rack/Response
+  # https://rubydoc.info/github/rack/rack/main/Rack/Response/Helpers
   class Response < Rack::Response
-    DROP_BODY_RESPONSES = [204, 304]
+    DROP_BODY_RESPONSES = [204, 304].freeze
 
     def body=(value)
       value = value.body while Rack::Response === value
@@ -173,8 +184,8 @@ module Sinatra
       result = body
 
       if drop_content_info?
-        headers.delete "Content-Length"
-        headers.delete "Content-Type"
+        headers.delete 'content-length'
+        headers.delete 'content-type'
       end
 
       if drop_body?
@@ -183,38 +194,40 @@ module Sinatra
       end
 
       if calculate_content_length?
-        # if some other code has already set Content-Length, don't muck with it
+        # if some other code has already set content-length, don't muck with it
         # currently, this would be the static file-handler
-        headers["Content-Length"] = body.map(&:bytesize).reduce(0, :+).to_s
+        headers['content-length'] = body.map(&:bytesize).reduce(0, :+).to_s
       end
 
-      [status.to_i, headers, result]
+      [status, headers, result]
     end
 
     private
 
     def calculate_content_length?
-      headers["Content-Type"] and not headers["Content-Length"] and Array === body
+      headers['content-type'] && !headers['content-length'] && (Array === body)
     end
 
     def drop_content_info?
-      status.to_i / 100 == 1 or drop_body?
+      informational? || drop_body?
     end
 
     def drop_body?
-      DROP_BODY_RESPONSES.include?(status.to_i)
+      DROP_BODY_RESPONSES.include?(status)
     end
   end
 
-  # Some Rack handlers (Rainbows!) implement an extended body object protocol, however,
+  # Some Rack handlers implement an extended body object protocol, however,
   # some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
   # This middleware will detect an extended body object and will make sure it reaches the
   # handler directly. We do this here, so our middleware and middleware set up by the app will
   # still be able to run.
   class ExtendedRack < Struct.new(:app)
     def call(env)
-      result, callback = app.call(env), env['async.callback']
-      return result unless callback and async?(*result)
+      result = app.call(env)
+      callback = env['async.callback']
+      return result unless callback && async?(*result)
+
       after_response { callback.call result }
       setup_close(env, *result)
       throw :async
@@ -222,20 +235,23 @@ module Sinatra
 
     private
 
-    def setup_close(env, status, headers, body)
-      return unless body.respond_to? :close and env.include? 'async.close'
+    def setup_close(env, _status, _headers, body)
+      return unless body.respond_to?(:close) && env.include?('async.close')
+
       env['async.close'].callback { body.close }
       env['async.close'].errback { body.close }
     end
 
     def after_response(&block)
-      raise NotImplementedError, "only supports EventMachine at the moment" unless defined? EventMachine
+      raise NotImplementedError, 'only supports EventMachine at the moment' unless defined? EventMachine
+
       EventMachine.next_tick(&block)
     end
 
-    def async?(status, headers, body)
+    def async?(status, _headers, body)
       return true if status == -1
-      body.respond_to? :callback and body.respond_to? :errback
+
+      body.respond_to?(:callback) && body.respond_to?(:errback)
     end
   end
 
@@ -247,7 +263,7 @@ module Sinatra
     end
 
     superclass.class_eval do
-      alias call_without_check call unless method_defined? :call_without_check
+      alias_method :call_without_check, :call unless method_defined? :call_without_check
       def call(env)
         env['sinatra.commonlogger'] = true
         call_without_check(env)
@@ -255,11 +271,14 @@ module Sinatra
     end
   end
 
-  class BadRequest < TypeError #:nodoc:
+  class Error < StandardError # :nodoc:
+  end
+
+  class BadRequest < Error # :nodoc:
     def http_status; 400 end
   end
 
-  class NotFound < NameError #:nodoc:
+  class NotFound < Error # :nodoc:
     def http_status; 404 end
   end
 
@@ -278,10 +297,8 @@ module Sinatra
         def block.each; yield(call) end
         response.body = block
       elsif value
-        # Rack 2.0 returns a Rack::File::Iterator here instead of
-        # Rack::File as it was in the previous API.
-        unless request.head? || value.is_a?(Rack::File::Iterator) || value.is_a?(Stream)
-          headers.delete 'Content-Length'
+        unless request.head? || value.is_a?(Rack::Files::BaseIterator) || value.is_a?(Stream)
+          headers.delete 'content-length'
         end
         response.body = value
       else
@@ -291,7 +308,10 @@ module Sinatra
 
     # Halt processing and redirect to the URI provided.
     def redirect(uri, *args)
-      if env['HTTP_VERSION'] == 'HTTP/1.1' and env["REQUEST_METHOD"] != 'GET'
+      # SERVER_PROTOCOL is required in Rack 3, fall back to HTTP_VERSION
+      # for servers not updated for Rack 3 (like Puma 5)
+      http_version = env['SERVER_PROTOCOL'] || env['HTTP_VERSION']
+      if (http_version == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
         status 303
       else
         status 302
@@ -306,18 +326,19 @@ module Sinatra
     # Generates the absolute URI for a given path in the app.
     # Takes Rack routers and reverse proxies into account.
     def uri(addr = nil, absolute = true, add_script_name = true)
-      return addr if addr =~ /\A[a-z][a-z0-9\+\.\-]*:/i
+      return addr if addr.to_s =~ /\A[a-z][a-z0-9+.\-]*:/i
+
       uri = [host = String.new]
       if absolute
         host << "http#{'s' if request.secure?}://"
-        if request.forwarded? or request.port != (request.secure? ? 443 : 80)
-          host << request.host_with_port
-        else
-          host << request.host
-        end
+        host << if request.forwarded? || (request.port != (request.secure? ? 443 : 80))
+                  request.host_with_port
+                else
+                  request.host
+                end
       end
       uri << request.script_name.to_s if add_script_name
-      uri << (addr ? addr : request.path_info).to_s
+      uri << (addr || request.path_info).to_s
       File.join uri
     end
 
@@ -326,7 +347,10 @@ module Sinatra
 
     # Halt processing and return the error status provided.
     def error(code, body = nil)
-      code, body    = 500, code.to_str if code.respond_to? :to_str
+      if code.respond_to? :to_str
+        body = code.to_str
+        code = 500
+      end
       response.body = body unless body.nil?
       halt code
     end
@@ -357,15 +381,17 @@ module Sinatra
       Base.mime_type(type)
     end
 
-    # Set the Content-Type of the response body given a media type or file
+    # Set the content-type of the response body given a media type or file
     # extension.
     def content_type(type = nil, params = {})
-      return response['Content-Type'] unless type
+      return response['content-type'] unless type
+
       default = params.delete :default
       mime_type = mime_type(type) || default
-      fail "Unknown media type: %p" % type if mime_type.nil?
+      raise format('Unknown media type: %p', type) if mime_type.nil?
+
       mime_type = mime_type.dup
-      unless params.include? :charset or settings.add_charset.all? { |p| not p === mime_type }
+      unless params.include?(:charset) || settings.add_charset.all? { |p| !(p === mime_type) }
         params[:charset] = params.delete('charset') || settings.default_encoding
       end
       params.delete :charset if mime_type.include? 'charset'
@@ -376,40 +402,47 @@ module Sinatra
           "#{key}=#{val}"
         end.join(', ')
       end
-      response['Content-Type'] = mime_type
+      response['content-type'] = mime_type
     end
 
+    # https://html.spec.whatwg.org/#multipart-form-data
+    MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
+      '"'  => '%22',
+      "\r" => '%0D',
+      "\n" => '%0A'
+    }.freeze
+
     # Set the Content-Disposition to "attachment" with the specified filename,
     # instructing the user agents to prompt to save.
     def attachment(filename = nil, disposition = :attachment)
       response['Content-Disposition'] = disposition.to_s.dup
-      if filename
-        params = '; filename="%s"' % File.basename(filename)
-        response['Content-Disposition'] << params
-        ext = File.extname(filename)
-        content_type(ext) unless response['Content-Type'] or ext.empty?
-      end
+      return unless filename
+
+      params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
+      response['Content-Disposition'] << params
+      ext = File.extname(filename)
+      content_type(ext) unless response['content-type'] || ext.empty?
     end
 
     # Use the contents of the file at +path+ as the response body.
     def send_file(path, opts = {})
-      if opts[:type] or not response['Content-Type']
-        content_type opts[:type] || File.extname(path), :default => 'application/octet-stream'
+      if opts[:type] || !response['content-type']
+        content_type opts[:type] || File.extname(path), default: 'application/octet-stream'
       end
 
       disposition = opts[:disposition]
       filename    = opts[:filename]
-      disposition = :attachment if disposition.nil? and filename
+      disposition = :attachment if disposition.nil? && filename
       filename    = path        if filename.nil?
       attachment(filename, disposition) if disposition
 
       last_modified opts[:last_modified] if opts[:last_modified]
 
-      file   = Rack::File.new(File.dirname(settings.app_file))
+      file   = Rack::Files.new(File.dirname(settings.app_file))
       result = file.serving(request, path)
 
-      result[1].each { |k,v| headers[k] ||= v }
-      headers['Content-Length'] = result[1]['Content-Length']
+      result[1].each { |k, v| headers[k] ||= v }
+      headers['content-length'] = result[1]['content-length']
       opts[:status] &&= Integer(opts[:status])
       halt (opts[:status] || result[0]), result[2]
     rescue Errno::ENOENT
@@ -429,12 +462,16 @@ module Sinatra
       def self.defer(*)    yield end
 
       def initialize(scheduler = self.class, keep_open = false, &back)
-        @back, @scheduler, @keep_open = back.to_proc, scheduler, keep_open
-        @callbacks, @closed = [], false
+        @back = back.to_proc
+        @scheduler = scheduler
+        @keep_open = keep_open
+        @callbacks = []
+        @closed = false
       end
 
       def close
         return if closed?
+
         @closed = true
         @scheduler.schedule { @callbacks.each { |c| c.call } }
       end
@@ -446,8 +483,9 @@ module Sinatra
             @back.call(self)
           rescue Exception => e
             @scheduler.schedule { raise e }
+          ensure
+            close unless @keep_open
           end
-          close unless @keep_open
         end
       end
 
@@ -458,6 +496,7 @@ module Sinatra
 
       def callback(&block)
         return yield if closed?
+
         @callbacks << block
       end
 
@@ -472,12 +511,20 @@ module Sinatra
     # the response body have not yet been generated.
     #
     # The close parameter specifies whether Stream#close should be called
-    # after the block has been executed. This is only relevant for evented
-    # servers like Rainbows.
+    # after the block has been executed.
     def stream(keep_open = false)
       scheduler = env['async.callback'] ? EventMachine : Stream
       current   = @params.dup
-      body Stream.new(scheduler, keep_open) { |out| with_params(current) { yield(out) } }
+      stream = if scheduler == Stream  && keep_open
+        Stream.new(scheduler, false) do |out|
+          until out.closed?
+            with_params(current) { yield(out) }
+          end
+        end
+      else
+        Stream.new(scheduler, keep_open) { |out| with_params(current) { yield(out) } }
+      end
+      body stream
     end
 
     # Specify response freshness policy for HTTP caches (Cache-Control header).
@@ -491,18 +538,18 @@ module Sinatra
     # See RFC 2616 / 14.9 for more on standard cache control directives:
     # http://tools.ietf.org/html/rfc2616#section-14.9.1
     def cache_control(*values)
-      if values.last.kind_of?(Hash)
+      if values.last.is_a?(Hash)
         hash = values.pop
-        hash.reject! { |k, v| v == false }
+        hash.reject! { |_k, v| v == false }
         hash.reject! { |k, v| values << k if v == true }
       else
         hash = {}
       end
 
-      values.map! { |value| value.to_s.tr('_','-') }
+      values.map! { |value| value.to_s.tr('_', '-') }
       hash.each do |key, value|
         key = key.to_s.tr('_', '-')
-        value = value.to_i if ['max-age', 's-maxage'].include? key
+        value = value.to_i if %w[max-age s-maxage].include? key
         values << "#{key}=#{value}"
       end
 
@@ -519,7 +566,7 @@ module Sinatra
     #   => Expires: Mon, 08 Jun 2009 08:50:17 GMT
     #
     def expires(amount, *values)
-      values << {} unless values.last.kind_of?(Hash)
+      values << {} unless values.last.is_a?(Hash)
 
       if amount.is_a? Integer
         time    = Time.now + amount.to_i
@@ -529,7 +576,7 @@ module Sinatra
         max_age = time - Time.now
       end
 
-      values.last.merge!(:max_age => max_age)
+      values.last.merge!(max_age: max_age) { |_key, v1, v2| v1 || v2 }
       cache_control(*values)
 
       response['Expires'] = time.httpdate
@@ -544,17 +591,18 @@ module Sinatra
     # with a '304 Not Modified' response.
     def last_modified(time)
       return unless time
+
       time = time_for time
       response['Last-Modified'] = time.httpdate
       return if env['HTTP_IF_NONE_MATCH']
 
-      if status == 200 and env['HTTP_IF_MODIFIED_SINCE']
+      if (status == 200) && env['HTTP_IF_MODIFIED_SINCE']
         # compare based on seconds since epoch
         since = Time.httpdate(env['HTTP_IF_MODIFIED_SINCE']).to_i
         halt 304 if since >= time.to_i
       end
 
-      if (success? or status == 412) and env['HTTP_IF_UNMODIFIED_SINCE']
+      if (success? || (status == 412)) && env['HTTP_IF_UNMODIFIED_SINCE']
         # compare based on seconds since epoch
         since = Time.httpdate(env['HTTP_IF_UNMODIFIED_SINCE']).to_i
         halt 412 if since < time.to_i
@@ -562,7 +610,7 @@ module Sinatra
     rescue ArgumentError
     end
 
-    ETAG_KINDS = [:strong, :weak]
+    ETAG_KINDS = %i[strong weak].freeze
     # Set the response entity tag (HTTP 'ETag' header) and halt if conditional
     # GET matches. The +value+ argument is an identifier that uniquely
     # identifies the current version of the resource. The +kind+ argument
@@ -574,27 +622,31 @@ module Sinatra
     # GET or HEAD, a '304 Not Modified' response is sent.
     def etag(value, options = {})
       # Before touching this code, please double check RFC 2616 14.24 and 14.26.
-      options      = {:kind => options} unless Hash === options
+      options      = { kind: options } unless Hash === options
       kind         = options[:kind] || :strong
       new_resource = options.fetch(:new_resource) { request.post? }
 
       unless ETAG_KINDS.include?(kind)
-        raise ArgumentError, ":strong or :weak expected"
+        raise ArgumentError, ':strong or :weak expected'
       end
 
-      value = '"%s"' % value
+      value = format('"%s"', value)
       value = "W/#{value}" if kind == :weak
       response['ETag'] = value
 
-      if success? or status == 304
-        if etag_matches? env['HTTP_IF_NONE_MATCH'], new_resource
-          halt(request.safe? ? 304 : 412)
-        end
+      return unless success? || status == 304
 
-        if env['HTTP_IF_MATCH']
-          halt 412 unless etag_matches? env['HTTP_IF_MATCH'], new_resource
-        end
+      if etag_matches?(env['HTTP_IF_NONE_MATCH'], new_resource)
+        halt(request.safe? ? 304 : 412)
       end
+
+      if env['HTTP_IF_MATCH']
+        return if etag_matches?(env['HTTP_IF_MATCH'], new_resource)
+
+        halt 412
+      end
+
+      nil
     end
 
     # Sugar for redirect (example:  redirect back)
@@ -647,8 +699,8 @@ module Sinatra
       else
         value.to_time
       end
-    rescue ArgumentError => boom
-      raise boom
+    rescue ArgumentError => e
+      raise e
     rescue Exception
       raise ArgumentError, "unable to convert #{value.inspect} to a Time object"
     end
@@ -658,11 +710,13 @@ module Sinatra
     # Helper method checking if a ETag value list includes the current ETag.
     def etag_matches?(list, new_resource = request.post?)
       return !new_resource if list == '*'
+
       list.to_s.split(/\s*,\s*/).include? response['ETag']
     end
 
     def with_params(temp_params)
-      original, @params = @params, temp_params
+      original = @params
+      @params = temp_params
       yield
     ensure
       @params = original if original
@@ -680,7 +734,7 @@ module Sinatra
   # Possible options are:
   #   :content_type   The content type to use, same arguments as content_type.
   #   :layout         If set to something falsy, no layout is rendered, otherwise
-  #                   the specified layout is used (Ignored for `sass` and `less`)
+  #                   the specified layout is used (Ignored for `sass`)
   #   :layout_engine  Engine to use for rendering the layout.
   #   :locals         A hash with local variables that should be available
   #                   in the template
@@ -702,36 +756,24 @@ module Sinatra
       render(:erb, template, options, locals, &block)
     end
 
-    def erubis(template, options = {}, locals = {})
-      warn "Sinatra::Templates#erubis is deprecated and will be removed, use #erb instead.\n" \
-        "If you have Erubis installed, it will be used automatically."
-      render :erubis, template, options, locals
-    end
-
     def haml(template, options = {}, locals = {}, &block)
       render(:haml, template, options, locals, &block)
     end
 
     def sass(template, options = {}, locals = {})
-      options.merge! :layout => false, :default_content_type => :css
+      options[:default_content_type] = :css
+      options[:exclude_outvar] = true
+      options[:layout] = nil
       render :sass, template, options, locals
     end
 
     def scss(template, options = {}, locals = {})
-      options.merge! :layout => false, :default_content_type => :css
+      options[:default_content_type] = :css
+      options[:exclude_outvar] = true
+      options[:layout] = nil
       render :scss, template, options, locals
     end
 
-    def less(template, options = {}, locals = {})
-      options.merge! :layout => false, :default_content_type => :css
-      render :less, template, options, locals
-    end
-
-    def stylus(template, options = {}, locals = {})
-      options.merge! :layout => false, :default_content_type => :css
-      render :styl, template, options, locals
-    end
-
     def builder(template = nil, options = {}, locals = {}, &block)
       options[:default_content_type] = :xml
       render_ruby(:builder, template, options, locals, &block)
@@ -746,10 +788,6 @@ module Sinatra
       render :markdown, template, options, locals
     end
 
-    def textile(template, options = {}, locals = {})
-      render :textile, template, options, locals
-    end
-
     def rdoc(template, options = {}, locals = {})
       render :rdoc, template, options, locals
     end
@@ -758,19 +796,10 @@ module Sinatra
       render :asciidoc, template, options, locals
     end
 
-    def radius(template, options = {}, locals = {})
-      render :radius, template, options, locals
-    end
-
     def markaby(template = nil, options = {}, locals = {}, &block)
       render_ruby(:mab, template, options, locals, &block)
     end
 
-    def coffee(template, options = {}, locals = {})
-      options.merge! :layout => false, :default_content_type => :js
-      render :coffee, template, options, locals
-    end
-
     def nokogiri(template = nil, options = {}, locals = {}, &block)
       options[:default_content_type] = :xml
       render_ruby(:nokogiri, template, options, locals, &block)
@@ -780,18 +809,6 @@ module Sinatra
       render(:slim, template, options, locals, &block)
     end
 
-    def creole(template, options = {}, locals = {})
-      render :creole, template, options, locals
-    end
-
-    def mediawiki(template, options = {}, locals = {})
-      render :mediawiki, template, options, locals
-    end
-
-    def wlang(template, options = {}, locals = {}, &block)
-      render(:wlang, template, options, locals, &block)
-    end
-
     def yajl(template, options = {}, locals = {})
       options[:default_content_type] = :json
       render :yajl, template, options, locals
@@ -816,24 +833,27 @@ module Sinatra
 
     # logic shared between builder and nokogiri
     def render_ruby(engine, template, options = {}, locals = {}, &block)
-      options, template = template, nil if template.is_a?(Hash)
-      template = Proc.new { block } if template.nil?
+      if template.is_a?(Hash)
+        options = template
+        template = nil
+      end
+      template = proc { block } if template.nil?
       render engine, template, options, locals
     end
 
     def render(engine, data, options = {}, locals = {}, &block)
       # merge app-level options
       engine_options = settings.respond_to?(engine) ? settings.send(engine) : {}
-      options.merge!(engine_options) { |key, v1, v2| v1 }
+      options.merge!(engine_options) { |_key, v1, _v2| v1 }
 
       # extract generic options
       locals          = options.delete(:locals) || locals         || {}
-      views           = options.delete(:views)  || settings.views || "./views"
+      views           = options.delete(:views)  || settings.views || './views'
       layout          = options[:layout]
       layout          = false if layout.nil? && options.include?(:layout)
       eat_errors      = layout.nil?
-      layout          = engine_options[:layout] if layout.nil? or (layout == true && engine_options[:layout] != false)
-      layout          = @default_layout         if layout.nil? or layout == true
+      layout          = engine_options[:layout] if layout.nil? || (layout == true && engine_options[:layout] != false)
+      layout          = @default_layout         if layout.nil? || (layout == true)
       layout_options  = options.delete(:layout_options) || {}
       content_type    = options.delete(:default_content_type)
       content_type    = options.delete(:content_type)   || content_type
@@ -858,23 +878,28 @@ module Sinatra
 
       # render layout
       if layout
-        options = options.merge(:views => views, :layout => false, :eat_errors => eat_errors, :scope => scope).
-                merge!(layout_options)
+        extra_options = { views: views, layout: false, eat_errors: eat_errors, scope: scope }
+        options = options.merge(extra_options).merge!(layout_options)
+
         catch(:layout_missing) { return render(layout_engine, layout, options, locals) { output } }
       end
 
-      output.extend(ContentTyped).content_type = content_type if content_type
+      if content_type
+        # sass-embedded returns a frozen string
+        output = +output
+        output.extend(ContentTyped).content_type = content_type
+      end
       output
     end
 
     def compile_template(engine, data, options, views)
       eat_errors = options.delete :eat_errors
-      template_cache.fetch engine, data, options, views do
-        template = Tilt[engine]
-        raise "Template engine not found: #{engine}" if template.nil?
+      template = Tilt[engine]
+      raise "Template engine not found: #{engine}" if template.nil?
 
-        case data
-        when Symbol
+      case data
+      when Symbol
+        template_cache.fetch engine, data, options, views do
           body, path, line = settings.templates[data]
           if body
             body = body.call if body.respond_to?(:call)
@@ -884,25 +909,64 @@ module Sinatra
             @preferred_extension = engine.to_s
             find_template(views, data, template) do |file|
               path ||= file # keep the initial path rather than the last one
-              if found = File.exist?(file)
+              found = File.exist?(file)
+              if found
                 path = file
                 break
               end
             end
-            throw :layout_missing if eat_errors and not found
+            throw :layout_missing if eat_errors && !found
             template.new(path, 1, options)
           end
-        when Proc, String
-          body = data.is_a?(String) ? Proc.new { data } : data
-          caller = settings.caller_locations.first
-          path = options[:path] || caller[0]
-          line = options[:line] || caller[1]
-          template.new(path, line.to_i, options, &body)
-        else
-          raise ArgumentError, "Sorry, don't know how to render #{data.inspect}."
         end
+      when Proc
+        compile_block_template(template, options, &data)
+      when String
+        template_cache.fetch engine, data, options, views do
+          compile_block_template(template, options) { data }
+        end
+      else
+        raise ArgumentError, "Sorry, don't know how to render #{data.inspect}."
+      end
+    end
+
+    def compile_block_template(template, options, &body)
+      first_location = caller_locations.first
+      path = first_location.path
+      line = first_location.lineno
+      path = options[:path] || path
+      line = options[:line] || line
+      template.new(path, line.to_i, options, &body)
+    end
+  end
+
+  # Extremely simple template cache implementation.
+  #   * Not thread-safe.
+  #   * Size is unbounded.
+  #   * Keys are not copied defensively, and should not be modified after
+  #     being passed to #fetch.  More specifically, the values returned by
+  #     key#hash and key#eql? should not change.
+  #
+  # Implementation copied from Tilt::Cache.
+  class TemplateCache
+    def initialize
+      @cache = {}
+    end
+
+    # Caches a value for key, or returns the previously cached value.
+    # If a value has been previously cached for key then it is
+    # returned. Otherwise, block is yielded to and its return value
+    # which may be nil, is cached under key and returned.
+    def fetch(*key)
+      @cache.fetch(key) do
+        @cache[key] = yield
       end
     end
+
+    # Clears the cache.
+    def clear
+      @cache = {}
+    end
   end
 
   # Base class for all Sinatra applications and middleware.
@@ -911,15 +975,15 @@ module Sinatra
     include Helpers
     include Templates
 
-    URI_INSTANCE = URI::Parser.new
+    URI_INSTANCE = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
 
     attr_accessor :app, :env, :request, :response, :params
     attr_reader   :template_cache
 
-    def initialize(app = nil)
+    def initialize(app = nil, **_kwargs)
       super()
       @app = app
-      @template_cache = Tilt::Cache.new
+      @template_cache = TemplateCache.new
       @pinned_response = nil # whether a before! filter pinned the content-type
       yield self if block_given?
     end
@@ -934,15 +998,16 @@ module Sinatra
       @params   = IndifferentHash.new
       @request  = Request.new(env)
       @response = Response.new
+      @pinned_response = nil
       template_cache.clear if settings.reload_templates
 
       invoke { dispatch! }
       invoke { error_block!(response.status) } unless @env['sinatra.error']
 
-      unless @response['Content-Type']
+      unless @response['content-type']
         if Array === body && body[0].respond_to?(:content_type)
           content_type body[0].content_type
-        elsif default = settings.default_content_type
+        elsif (default = settings.default_content_type)
           content_type default
         end
       end
@@ -960,12 +1025,6 @@ module Sinatra
       self.class.settings
     end
 
-    def options
-      warn "Sinatra::Base#options is deprecated and will be removed, " \
-        "use #settings instead."
-      settings
-    end
-
     # Exit the current block, halts any further processing
     # of the request, and returns the specified response.
     def halt(*response)
@@ -982,7 +1041,8 @@ module Sinatra
 
     # Forward the request to the downstream app -- middleware only.
     def forward
-      fail "downstream app not set" unless @app.respond_to? :call
+      raise 'downstream app not set' unless @app.respond_to? :call
+
       status, headers, body = @app.call env
       @response.status = status
       @response.body = body
@@ -994,28 +1054,28 @@ module Sinatra
 
     # Run filters defined on the class and all superclasses.
     # Accepts an optional block to call after each filter is applied.
-    def filter!(type, base = settings)
-      filter! type, base.superclass if base.superclass.respond_to?(:filters)
+    def filter!(type, base = settings, &block)
+      filter!(type, base.superclass, &block) if base.superclass.respond_to?(:filters)
       base.filters[type].each do |args|
         result = process_route(*args)
-        yield result if block_given?
+        block.call(result) if block_given?
       end
     end
 
     # Run routes defined on the class and all superclasses.
     def route!(base = settings, pass_block = nil)
-      if routes = base.routes[@request.request_method]
-        routes.each do |pattern, conditions, block|
-          @response.delete_header('Content-Type') unless @pinned_response
+      routes = base.routes[@request.request_method]
 
-          returned_pass_block = process_route(pattern, conditions) do |*args|
-            env['sinatra.route'] = "#{@request.request_method} #{pattern}"
-            route_eval { block[*args] }
-          end
+      routes&.each do |pattern, conditions, block|
+        response.delete_header('content-type') unless @pinned_response
 
-          # don't wipe out pass_block in superclass
-          pass_block = returned_pass_block if returned_pass_block
+        returned_pass_block = process_route(pattern, conditions) do |*args|
+          env['sinatra.route'] = "#{@request.request_method} #{pattern}"
+          route_eval { block[*args] }
         end
+
+        # don't wipe out pass_block in superclass
+        pass_block = returned_pass_block if returned_pass_block
       end
 
       # Run routes defined in superclass.
@@ -1039,15 +1099,17 @@ module Sinatra
     # Returns pass block.
     def process_route(pattern, conditions, block = nil, values = [])
       route = @request.path_info
-      route = '/' if route.empty? and not settings.empty_path_info?
+      route = '/' if route.empty? && !settings.empty_path_info?
       route = route[0..-2] if !settings.strict_paths? && route != '/' && route.end_with?('/')
-      return unless params = pattern.params(route)
 
-      params.delete("ignore") # TODO: better params handling, maybe turn it into "smart" object or detect changes
+      params = pattern.params(route)
+      return unless params
+
+      params.delete('ignore') # TODO: better params handling, maybe turn it into "smart" object or detect changes
       force_encoding(params)
-      @params = @params.merge(params) if params.any?
+      @params = @params.merge(params) { |_k, v1, v2| v2 || v1 } if params.any?
 
-      regexp_exists = pattern.is_a?(Mustermann::Regular) || (pattern.respond_to?(:patterns) && pattern.patterns.any? {|subpattern| subpattern.is_a?(Mustermann::Regular)} )
+      regexp_exists = pattern.is_a?(Mustermann::Regular) || (pattern.respond_to?(:patterns) && pattern.patterns.any? { |subpattern| subpattern.is_a?(Mustermann::Regular) })
       if regexp_exists
         captures           = pattern.match(route).captures.map { |c| URI_INSTANCE.unescape(c) if c }
         values            += captures
@@ -1060,7 +1122,7 @@ module Sinatra
         conditions.each { |c| throw :pass if c.bind(self).call == false }
         block ? block[self, values] : yield(self, values)
       end
-    rescue
+    rescue StandardError
       @env['sinatra.error.params'] = @params
       raise
     ensure
@@ -1074,34 +1136,35 @@ module Sinatra
     # a NotFound exception. Subclasses can override this method to perform
     # custom route miss logic.
     def route_missing
-      if @app
-        forward
-      else
-        raise NotFound, "#{request.request_method} #{request.path_info}"
-      end
+      raise NotFound unless @app
+
+      forward
     end
 
     # Attempt to serve static files from public directory. Throws :halt when
     # a matching file is found, returns nil otherwise.
     def static!(options = {})
       return if (public_dir = settings.public_folder).nil?
+
       path = "#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}"
       return unless valid_path?(path)
 
       path = File.expand_path(path)
+      return unless path.start_with?("#{File.expand_path(public_dir)}/")
+
       return unless File.file?(path)
 
       env['sinatra.static_file'] = path
       cache_control(*settings.static_cache_control) if settings.static_cache_control?
-      send_file path, options.merge(:disposition => nil)
+      send_file path, options.merge(disposition: nil)
     end
 
     # Run the block with 'throw :halt' support and apply result to the response.
-    def invoke
-      res = catch(:halt) { yield }
+    def invoke(&block)
+      res = catch(:halt, &block)
 
-      res = [res] if Integer === res or String === res
-      if Array === res and Integer === res.first
+      res = [res] if (Integer === res) || (String === res)
+      if (Array === res) && (Integer === res.first)
         res = res.dup
         status(res.shift)
         body(res.pop)
@@ -1117,6 +1180,7 @@ module Sinatra
       # Avoid passing frozen string in force_encoding
       @params.merge!(@request.params).each do |key, val|
         next unless val.respond_to?(:force_encoding)
+
         val = val.dup if val.frozen?
         @params[key] = force_encoding(val)
       end
@@ -1124,59 +1188,63 @@ module Sinatra
       invoke do
         static! if settings.static? && (request.get? || request.head?)
         filter! :before do
-          @pinned_response = !@response['Content-Type'].nil?
+          @pinned_response = !response['content-type'].nil?
         end
         route!
       end
-    rescue ::Exception => boom
-      invoke { handle_exception!(boom) }
+    rescue ::Exception => e
+      invoke { handle_exception!(e) }
     ensure
       begin
         filter! :after unless env['sinatra.static_file']
-      rescue ::Exception => boom
-        invoke { handle_exception!(boom) } unless @env['sinatra.error']
+      rescue ::Exception => e
+        invoke { handle_exception!(e) } unless @env['sinatra.error']
       end
     end
 
     # Error handling during requests.
     def handle_exception!(boom)
-      if error_params = @env['sinatra.error.params']
-        @params = @params.merge(error_params)
-      end
+      error_params = @env['sinatra.error.params']
+
+      @params = @params.merge(error_params) if error_params
+
       @env['sinatra.error'] = boom
 
-      if boom.respond_to? :http_status
-        status(boom.http_status)
-      elsif settings.use_code? and boom.respond_to? :code and boom.code.between? 400, 599
-        status(boom.code)
-      else
-        status(500)
-      end
+      http_status = if boom.is_a? Sinatra::Error
+                      if boom.respond_to? :http_status
+                        boom.http_status
+                      elsif settings.use_code? && boom.respond_to?(:code)
+                        boom.code
+                      end
+                    end
 
-      status(500) unless status.between? 400, 599
+      http_status = 500 unless http_status&.between?(400, 599)
+      status(http_status)
 
       if server_error?
         dump_errors! boom if settings.dump_errors?
-        raise boom if settings.show_exceptions? and settings.show_exceptions != :after_handler
+        raise boom if settings.show_exceptions? && (settings.show_exceptions != :after_handler)
       elsif not_found?
         headers['X-Cascade'] = 'pass' if settings.x_cascade?
       end
 
-      if res = error_block!(boom.class, boom) || error_block!(status, boom)
+      if (res = error_block!(boom.class, boom) || error_block!(status, boom))
         return res
       end
 
       if not_found? || bad_request?
         if boom.message && boom.message != boom.class.name
-          body boom.message
+          body Rack::Utils.escape_html(boom.message)
         else
           content_type 'text/html'
-          body '<h1>' + (not_found? ? 'Not Found' : 'Bad Request') + '</h1>'
+          body "<h1>#{not_found? ? 'Not Found' : 'Bad Request'}</h1>"
         end
       end
 
       return unless server_error?
-      raise boom if settings.raise_errors? or settings.show_exceptions?
+
+      raise boom if settings.raise_errors? || settings.show_exceptions?
+
       error_block! Exception, boom
     end
 
@@ -1184,7 +1252,10 @@ module Sinatra
     def error_block!(key, *block_params)
       base = settings
       while base.respond_to?(:errors)
-        next base = base.superclass unless args_array = base.errors[key]
+        args_array = base.errors[key]
+
+        next base = base.superclass unless args_array
+
         args_array.reverse_each do |args|
           first = args == args_array.first
           args += [block_params]
@@ -1192,51 +1263,63 @@ module Sinatra
           return resp unless resp.nil? && !first
         end
       end
-      return false unless key.respond_to? :superclass and key.superclass < Exception
+      return false unless key.respond_to?(:superclass) && (key.superclass < Exception)
+
       error_block!(key.superclass, *block_params)
     end
 
     def dump_errors!(boom)
-      msg = ["#{Time.now.strftime("%Y-%m-%d %H:%M:%S")} - #{boom.class} - #{boom.message}:", *boom.backtrace].join("\n\t")
+      if boom.respond_to?(:detailed_message)
+        msg = boom.detailed_message(highlight: false)
+        if msg =~ /\A(.*?)(?: \(#{ Regexp.quote(boom.class.to_s) }\))?\n/
+          msg = $1
+          additional_msg = $'.lines(chomp: true)
+        else
+          additional_msg = []
+        end
+      else
+        msg = boom.message
+        additional_msg = []
+      end
+      msg = ["#{Time.now.strftime('%Y-%m-%d %H:%M:%S')} - #{boom.class} - #{msg}:", *additional_msg, *boom.backtrace].join("\n\t")
       @env['rack.errors'].puts(msg)
     end
 
     class << self
       CALLERS_TO_IGNORE = [ # :nodoc:
-        /\/sinatra(\/(base|main|show_exceptions))?\.rb$/,   # all sinatra code
-        /lib\/tilt.*\.rb$/,                                 # all tilt code
+        %r{/sinatra(/(base|main|show_exceptions))?\.rb$},   # all sinatra code
+        %r{lib/tilt.*\.rb$},                                # all tilt code
         /^\(.*\)$/,                                         # generated code
-        /rubygems\/(custom|core_ext\/kernel)_require\.rb$/, # rubygems require hacks
+        /\/bundled_gems.rb$/,                               # ruby >= 3.3 with bundler >= 2.5
+        %r{rubygems/(custom|core_ext/kernel)_require\.rb$}, # rubygems require hacks
         /active_support/,                                   # active_support require hacks
-        /bundler(\/(?:runtime|inline))?\.rb/,               # bundler require hacks
+        %r{bundler(/(?:runtime|inline))?\.rb},              # bundler require hacks
         /<internal:/,                                       # internal in ruby >= 1.9.2
-        /src\/kernel\/bootstrap\/[A-Z]/                     # maglev kernel files
-      ]
+        %r{zeitwerk/(core_ext/)?kernel\.rb}                 # Zeitwerk kernel#require decorator
+      ].freeze
 
-      # contrary to what the comment said previously, rubinius never supported this
-      if defined?(RUBY_IGNORE_CALLERS)
-        warn "RUBY_IGNORE_CALLERS is deprecated and will no longer be supported by Sinatra 2.0"
-        CALLERS_TO_IGNORE.concat(RUBY_IGNORE_CALLERS)
-      end
+      attr_reader :routes, :filters, :templates, :errors, :on_start_callback, :on_stop_callback
 
-      attr_reader :routes, :filters, :templates, :errors
+      def callers_to_ignore
+        CALLERS_TO_IGNORE
+      end
 
       # Removes all routes, filters, middleware and extension hooks from the
       # current class (not routes/filters/... defined by its superclass).
       def reset!
         @conditions     = []
         @routes         = {}
-        @filters        = {:before => [], :after => []}
+        @filters        = { before: [], after: [] }
         @errors         = {}
         @middleware     = []
         @prototype      = nil
         @extensions     = []
 
-        if superclass.respond_to?(:templates)
-          @templates = Hash.new { |hash, key| superclass.templates[key] }
-        else
-          @templates = {}
-        end
+        @templates = if superclass.respond_to?(:templates)
+                       Hash.new { |_hash, key| superclass.templates[key] }
+                     else
+                       {}
+                     end
       end
 
       # Extension modules registered on this class and all superclasses.
@@ -1260,16 +1343,21 @@ module Sinatra
       # Sets an option to the given value.  If the value is a proc,
       # the proc will be called every time the option is accessed.
       def set(option, value = (not_set = true), ignore_setter = false, &block)
-        raise ArgumentError if block and !not_set
-        value, not_set = block, false if block
+        raise ArgumentError if block && !not_set
+
+        if block
+          value = block
+          not_set = false
+        end
 
         if not_set
           raise ArgumentError unless option.respond_to?(:each)
-          option.each { |k,v| set(k, v) }
+
+          option.each { |k, v| set(k, v) }
           return self
         end
 
-        if respond_to?("#{option}=") and not ignore_setter
+        if respond_to?("#{option}=") && !ignore_setter
           return __send__("#{option}=", value)
         end
 
@@ -1308,7 +1396,7 @@ module Sinatra
       # class, or an HTTP status code to specify which errors should be
       # handled.
       def error(*codes, &block)
-        args  = compile! "ERROR", /.*/, block
+        args  = compile! 'ERROR', /.*/, block
         codes = codes.flat_map(&method(:Array))
         codes << Exception if codes.empty?
         codes << Sinatra::NotFound if codes.include?(404)
@@ -1334,7 +1422,7 @@ module Sinatra
       # Load embedded templates from the file; uses the caller's __FILE__
       # when no file is specified.
       def inline_templates=(file = nil)
-        file = (file.nil? || file == true) ? (caller_files.first || File.expand_path($0)) : file
+        file = (caller_files.first || File.expand_path($0)) if file.nil? || file == true
 
         begin
           io = ::IO.respond_to?(:binread) ? ::IO.binread(file) : ::IO.read(file)
@@ -1343,23 +1431,24 @@ module Sinatra
           app, data = nil
         end
 
-        if data
-          if app and app =~ /([^\n]*\n)?#[^\n]*coding: *(\S+)/m
-            encoding = $2
-          else
-            encoding = settings.default_encoding
-          end
-          lines = app.count("\n") + 1
-          template = nil
-          force_encoding data, encoding
-          data.each_line do |line|
-            lines += 1
-            if line =~ /^@@\s*(.*\S)\s*$/
-              template = force_encoding(String.new, encoding)
-              templates[$1.to_sym] = [template, file, lines]
-            elsif template
-              template << line
-            end
+        return unless data
+
+        encoding = if app && app =~ /([^\n]*\n)?#[^\n]*coding: *(\S+)/m
+                     $2
+                   else
+                     settings.default_encoding
+                   end
+
+        lines = app.count("\n") + 1
+        template = nil
+        force_encoding data, encoding
+        data.each_line do |line|
+          lines += 1
+          if line =~ /^@@\s*(.*\S)\s*$/
+            template = force_encoding(String.new, encoding)
+            templates[$1.to_sym] = [template, file, lines]
+          elsif template
+            template << line
           end
         end
       end
@@ -1368,8 +1457,10 @@ module Sinatra
       def mime_type(type, value = nil)
         return type      if type.nil?
         return type.to_s if type.to_s.include?('/')
-        type = ".#{type}" unless type.to_s[0] == ?.
+
+        type = ".#{type}" unless type.to_s[0] == '.'
         return Rack::Mime.mime_type(type, nil) unless value
+
         Rack::Mime::MIME_TYPES[type] = value
       end
 
@@ -1378,7 +1469,13 @@ module Sinatra
       #   mime_types :js   # => ['application/javascript', 'text/javascript']
       def mime_types(type)
         type = mime_type type
-        type =~ /^application\/(xml|javascript)$/ ? [type, "text/#$1"] : [type]
+        if type =~ %r{^application/(xml|javascript)$}
+          [type, "text/#{$1}"]
+        elsif type =~ %r{^text/(xml|javascript)$}
+          [type, "application/#{$1}"]
+        else
+          [type]
+        end
       end
 
       # Define a before filter; runs before all requests within the same
@@ -1400,6 +1497,14 @@ module Sinatra
         filters[type] << compile!(type, path, block, **options)
       end
 
+      def on_start(&on_start_callback)
+        @on_start_callback = on_start_callback
+      end
+
+      def on_stop(&on_stop_callback)
+        @on_stop_callback = on_stop_callback
+      end
+
       # Add a route condition. The route is considered non-matching when the
       # block returns false.
       def condition(name = "#{caller.first[/`.*'/]} condition", &block)
@@ -1407,7 +1512,7 @@ module Sinatra
       end
 
       def public=(value)
-        warn ":public is no longer used to avoid overloading Module#public, use :public_folder or :public_dir instead"
+        warn_for_deprecation ':public is no longer used to avoid overloading Module#public, use :public_folder or :public_dir instead'
         set(:public_folder, value)
       end
 
@@ -1429,20 +1534,27 @@ module Sinatra
         route('HEAD', path, opts, &block)
       end
 
-      def put(path, opts = {}, &bk)     route 'PUT',     path, opts, &bk end
-      def post(path, opts = {}, &bk)    route 'POST',    path, opts, &bk end
-      def delete(path, opts = {}, &bk)  route 'DELETE',  path, opts, &bk end
-      def head(path, opts = {}, &bk)    route 'HEAD',    path, opts, &bk end
-      def options(path, opts = {}, &bk) route 'OPTIONS', path, opts, &bk end
-      def patch(path, opts = {}, &bk)   route 'PATCH',   path, opts, &bk end
-      def link(path, opts = {}, &bk)    route 'LINK',    path, opts, &bk end
-      def unlink(path, opts = {}, &bk)  route 'UNLINK',  path, opts, &bk end
+      def put(path, opts = {}, &block)     route 'PUT',     path, opts, &block end
+
+      def post(path, opts = {}, &block)    route 'POST',    path, opts, &block end
+
+      def delete(path, opts = {}, &block)  route 'DELETE',  path, opts, &block end
+
+      def head(path, opts = {}, &block)    route 'HEAD',    path, opts, &block end
+
+      def options(path, opts = {}, &block) route 'OPTIONS', path, opts, &block end
+
+      def patch(path, opts = {}, &block)   route 'PATCH',   path, opts, &block end
+
+      def link(path, opts = {}, &block)    route 'LINK',    path, opts, &block end
+
+      def unlink(path, opts = {}, &block)  route 'UNLINK',  path, opts, &block end
 
       # Makes the methods defined in the block and in the Modules given
       # in `extensions` available to the handlers and templates
       def helpers(*extensions, &block)
         class_eval(&block)   if block_given?
-        prepend(*extensions) if extensions.any?
+        include(*extensions) if extensions.any?
       end
 
       # Register an extension. Alternatively take a block from which an
@@ -1471,41 +1583,63 @@ module Sinatra
         @prototype = nil
         @middleware << [middleware, args, block]
       end
+      ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
 
       # Stop the self-hosted server if running.
       def quit!
         return unless running?
+
         # Use Thin's hard #stop! if available, otherwise just #stop.
         running_server.respond_to?(:stop!) ? running_server.stop! : running_server.stop
-        $stderr.puts "== Sinatra has ended his set (crowd applauds)" unless suppress_messages?
+        warn '== Sinatra has ended his set (crowd applauds)' unless suppress_messages?
         set :running_server, nil
         set :handler_name, nil
+
+        on_stop_callback.call unless on_stop_callback.nil?
       end
 
-      alias_method :stop!, :quit!
+      alias stop! quit!
 
       # Run the Sinatra app as a self-hosted server using
-      # Puma, Mongrel, or WEBrick (in that order). If given a block, will call
+      # Puma, Falcon (in that order). If given a block, will call
       # with the constructed handler once we have taken the stage.
       def run!(options = {}, &block)
+        unless defined?(Rackup::Handler)
+          rackup_warning = <<~MISSING_RACKUP
+            Sinatra could not start, the required gems weren't found!
+
+            Add them to your bundle with:
+
+                bundle add rackup puma
+
+            or install them with:
+
+                gem install rackup puma
+
+          MISSING_RACKUP
+          warn rackup_warning
+          exit 1
+        end
+
         return if running?
+
         set options
-        handler         = detect_rack_handler
+        handler         = Rackup::Handler.pick(server)
         handler_name    = handler.name.gsub(/.*::/, '')
         server_settings = settings.respond_to?(:server_settings) ? settings.server_settings : {}
-        server_settings.merge!(:Port => port, :Host => bind)
+        server_settings.merge!(Port: port, Host: bind)
 
         begin
           start_server(handler, server_settings, handler_name, &block)
         rescue Errno::EADDRINUSE
-          $stderr.puts "== Someone is already performing on port #{port}!"
+          warn "== Someone is already performing on port #{port}!"
           raise
         ensure
           quit!
         end
       end
 
-      alias_method :start!, :run!
+      alias start! run!
 
       # Check whether the self-hosted server is running or not.
       def running?
@@ -1523,10 +1657,11 @@ module Sinatra
       # Create a new instance of the class fronted by its middleware
       # pipeline. The object is guaranteed to respond to #call but may not be
       # an instance of the class new was called on.
-      def new(*args, &bk)
-        instance = new!(*args, &bk)
+      def new(*args, &block)
+        instance = new!(*args, &block)
         Wrapper.new(build(instance).to_app, instance)
       end
+      ruby2_keywords :new if respond_to?(:ruby2_keywords, true)
 
       # Creates a Rack::Builder instance with all the middleware set up and
       # the given +app+ as end point.
@@ -1548,12 +1683,6 @@ module Sinatra
         cleaned_caller(1).flatten
       end
 
-      # Like caller_files, but containing Arrays rather than strings with the
-      # first element being the file, and the second being the line.
-      def caller_locations
-        cleaned_caller 2
-      end
-
       private
 
       # Starts the server by running the Rack Handler.
@@ -1564,14 +1693,14 @@ module Sinatra
         # Run the instance we created:
         handler.run(self, **server_settings) do |server|
           unless suppress_messages?
-            $stderr.puts "== Sinatra (v#{Sinatra::VERSION}) has taken the stage on #{port} for #{environment} with backup from #{handler_name}"
+            warn "== Sinatra (v#{Sinatra::VERSION}) has taken the stage on #{port} for #{environment} with backup from #{handler_name}"
           end
 
           setup_traps
           set :running_server, server
           set :handler_name,   handler_name
           server.threaded = settings.threaded if server.respond_to? :threaded=
-
+          on_start_callback.call unless on_start_callback.nil?
           yield server if block_given?
         end
       end
@@ -1581,18 +1710,18 @@ module Sinatra
       end
 
       def setup_traps
-        if traps?
-          at_exit { quit! }
+        return unless traps?
 
-          [:INT, :TERM].each do |signal|
-            old_handler = trap(signal) do
-              quit!
-              old_handler.call if old_handler.respond_to?(:call)
-            end
-          end
+        at_exit { quit! }
 
-          set :traps, false
+        %i[INT TERM].each do |signal|
+          old_handler = trap(signal) do
+            quit!
+            old_handler.call if old_handler.respond_to?(:call)
+          end
         end
+
+        set :traps, false
       end
 
       # Dynamically defines a method on settings.
@@ -1620,18 +1749,21 @@ module Sinatra
           end
         end
       end
-      alias_method :agent, :user_agent
+      alias agent user_agent
 
       # Condition for matching mimetypes. Accepts file extensions.
       def provides(*types)
         types.map! { |t| mime_types(t) }
         types.flatten!
         condition do
-          if type = response['Content-Type']
-            types.include? type or types.include? type[/^[^;]+/]
-          elsif type = request.preferred_type(types)
-            params = (type.respond_to?(:params) ? type.params : {})
-            content_type(type, params)
+          response_content_type = response['content-type']
+          preferred_type = request.preferred_type(types)
+
+          if response_content_type
+            types.include?(response_content_type) || types.include?(response_content_type[/^[^;]+/])
+          elsif preferred_type
+            params = (preferred_type.respond_to?(:params) ? preferred_type.params : {})
+            content_type(preferred_type, params)
             true
           else
             false
@@ -1640,7 +1772,7 @@ module Sinatra
       end
 
       def route(verb, path, options = {}, &block)
-        enable :empty_path_info if path == "" and empty_path_info.nil?
+        enable :empty_path_info if path == '' && empty_path_info.nil?
         signature = compile!(verb, path, block, **options)
         (@routes[verb] ||= []) << signature
         invoke_hook(:route_added, verb, path, block)
@@ -1669,12 +1801,13 @@ module Sinatra
         pattern                 = compile(path, route_mustermann_opts)
         method_name             = "#{verb} #{path}"
         unbound_method          = generate_method(method_name, &block)
-        conditions, @conditions = @conditions, []
-        wrapper                 = block.arity != 0 ?
-          proc { |a, p| unbound_method.bind(a).call(*p) } :
-          proc { |a, p| unbound_method.bind(a).call }
+        conditions = @conditions
+        @conditions = []
+        wrapper = block.arity.zero? ?
+          proc { |a, _p| unbound_method.bind(a).call } :
+          proc { |a, p| unbound_method.bind(a).call(*p) }
 
-        [ pattern, conditions, wrapper ]
+        [pattern, conditions, wrapper]
       end
 
       def compile(path, route_mustermann_opts = {})
@@ -1689,10 +1822,11 @@ module Sinatra
         setup_logging    builder
         setup_sessions   builder
         setup_protection builder
+        setup_host_authorization builder
       end
 
       def setup_middleware(builder)
-        middleware.each { |c,a,b| builder.use(c, *a, &b) }
+        middleware.each { |c, a, b| builder.use(c, *a, &b) }
       end
 
       def setup_logging(builder)
@@ -1705,7 +1839,7 @@ module Sinatra
       end
 
       def setup_null_logger(builder)
-        builder.use Rack::NullLogger
+        builder.use Sinatra::Middleware::Logger, ::Logger::FATAL
       end
 
       def setup_common_logger(builder)
@@ -1714,17 +1848,18 @@ module Sinatra
 
       def setup_custom_logger(builder)
         if logging.respond_to? :to_int
-          builder.use Rack::Logger, logging
+          builder.use Sinatra::Middleware::Logger, logging
         else
-          builder.use Rack::Logger
+          builder.use Sinatra::Middleware::Logger
         end
       end
 
       def setup_protection(builder)
         return unless protection?
+
         options = Hash === protection ? protection.dup : {}
         options = {
-          img_src:  "'self' data:",
+          img_src: "'self' data:",
           font_src: "'self'"
         }.merge options
 
@@ -1736,25 +1871,19 @@ module Sinatra
         builder.use Rack::Protection, options
       end
 
+      def setup_host_authorization(builder)
+        builder.use Rack::Protection::HostAuthorization, host_authorization
+      end
+
       def setup_sessions(builder)
         return unless sessions?
+
         options = {}
         options[:secret] = session_secret if session_secret?
         options.merge! sessions.to_hash if sessions.respond_to? :to_hash
         builder.use session_store, options
       end
 
-      def detect_rack_handler
-        servers = Array(server)
-        servers.each do |server_name|
-          begin
-            return Rack::Handler.get(server_name.to_s)
-          rescue LoadError, NameError
-          end
-        end
-        fail "Server handler (#{servers.join(',')}) not found."
-      end
-
       def inherited(subclass)
         subclass.reset!
         subclass.set :app_file, caller_files.first unless subclass.app_file?
@@ -1771,15 +1900,15 @@ module Sinatra
       end
 
       # used for deprecation warnings
-      def warn(message)
-        super message + "\n\tfrom #{cleaned_caller.first.join(':')}"
+      def warn_for_deprecation(message)
+        warn message + "\n\tfrom #{cleaned_caller.first.join(':')}"
       end
 
       # Like Kernel#caller but excluding certain magic entries
       def cleaned_caller(keep = 3)
-        caller(1).
-          map!    { |line| line.split(/:(?=\d|in )/, 3)[0,keep] }.
-          reject { |file, *_| CALLERS_TO_IGNORE.any? { |pattern| file =~ pattern } }
+        caller(1)
+          .map! { |line| line.split(/:(?=\d|in )/, 3)[0, keep] }
+          .reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
       end
     end
 
@@ -1787,6 +1916,7 @@ module Sinatra
     # which is UTF-8 by default
     def self.force_encoding(data, encoding = default_encoding)
       return if data == settings || data.is_a?(Tempfile)
+
       if data.respond_to? :force_encoding
         data.force_encoding(encoding).encode!
       elsif data.respond_to? :each_value
@@ -1797,24 +1927,26 @@ module Sinatra
       data
     end
 
-    def force_encoding(*args) settings.force_encoding(*args) end
+    def force_encoding(*args)
+      settings.force_encoding(*args)
+    end
 
     reset!
 
     set :environment, (ENV['APP_ENV'] || ENV['RACK_ENV'] || :development).to_sym
-    set :raise_errors, Proc.new { test? }
-    set :dump_errors, Proc.new { !test? }
-    set :show_exceptions, Proc.new { development? }
+    set :raise_errors, proc { test? }
+    set :dump_errors, proc { !test? }
+    set :show_exceptions, proc { development? }
     set :sessions, false
     set :session_store, Rack::Session::Cookie
     set :logging, false
     set :protection, true
     set :method_override, false
     set :use_code, false
-    set :default_encoding, "utf-8"
+    set :default_encoding, 'utf-8'
     set :x_cascade, true
     set :add_charset, %w[javascript xml xhtml+xml].map { |t| "application/#{t}" }
-    settings.add_charset << /^text\//
+    settings.add_charset << %r{^text/}
     set :mustermann_opts, {}
     set :default_content_type, 'text/html'
 
@@ -1822,36 +1954,47 @@ module Sinatra
     begin
       require 'securerandom'
       set :session_secret, SecureRandom.hex(64)
-    rescue LoadError, NotImplementedError
+    rescue LoadError, NotImplementedError, RuntimeError
       # SecureRandom raises a NotImplementedError if no random device is available
-      set :session_secret, "%064x" % Kernel.rand(2**256-1)
+      # RuntimeError raised due to broken openssl backend: https://bugs.ruby-lang.org/issues/19230
+      set :session_secret, format('%064x', Kernel.rand((2**256) - 1))
     end
 
     class << self
-      alias_method :methodoverride?, :method_override?
-      alias_method :methodoverride=, :method_override=
+      alias methodoverride? method_override?
+      alias methodoverride= method_override=
     end
 
     set :run, false                       # start server via at-exit hook?
     set :running_server, nil
     set :handler_name, nil
     set :traps, true
-    set :server, %w[HTTP webrick]
-    set :bind, Proc.new { development? ? 'localhost' : '0.0.0.0' }
+    set :server, %w[webrick]
+    set :bind, proc { development? ? 'localhost' : '0.0.0.0' }
     set :port, Integer(ENV['PORT'] && !ENV['PORT'].empty? ? ENV['PORT'] : 4567)
     set :quiet, false
+    set :host_authorization, ->() do
+      if development?
+        {
+          permitted_hosts: [
+            "localhost",
+            ".localhost",
+            ".test",
+            IPAddr.new("0.0.0.0/0"),
+            IPAddr.new("::/0"),
+          ]
+        }
+      else
+        {}
+      end
+    end
 
     ruby_engine = defined?(RUBY_ENGINE) && RUBY_ENGINE
 
-    if ruby_engine == 'macruby'
-      server.unshift 'control_tower'
-    else
-      server.unshift 'reel'
-      server.unshift 'puma'
-      server.unshift 'mongrel'  if ruby_engine.nil?
-      server.unshift 'thin'     if ruby_engine != 'jruby'
-      server.unshift 'trinidad' if ruby_engine == 'jruby'
-    end
+    server.unshift 'thin'     if ruby_engine != 'jruby'
+    server.unshift 'falcon'   if ruby_engine != 'jruby'
+    server.unshift 'trinidad' if ruby_engine == 'jruby'
+    server.unshift 'puma'
 
     set :absolute_redirects, true
     set :prefixed_redirects, false
@@ -1859,14 +2002,14 @@ module Sinatra
     set :strict_paths, true
 
     set :app_file, nil
-    set :root, Proc.new { app_file && File.expand_path(File.dirname(app_file)) }
-    set :views, Proc.new { root && File.join(root, 'views') }
-    set :reload_templates, Proc.new { development? }
+    set :root, proc { app_file && File.expand_path(File.dirname(app_file)) }
+    set :views, proc { root && File.join(root, 'views') }
+    set :reload_templates, proc { development? }
     set :lock, false
     set :threaded, true
 
-    set :public_folder, Proc.new { root && File.join(root, 'public') }
-    set :static, Proc.new { public_folder && File.exist?(public_folder) }
+    set :public_folder, proc { root && File.join(root, 'public') }
+    set :static, proc { public_folder && File.exist?(public_folder) }
     set :static_cache_control, false
 
     error ::Exception do
@@ -1885,7 +2028,7 @@ module Sinatra
       error NotFound do
         content_type 'text/html'
 
-        if self.class == Sinatra::Application
+        if instance_of?(Sinatra::Application)
           code = <<-RUBY.gsub(/^ {12}/, '')
             #{request.request_method.downcase} '#{request.path_info}' do
               "Hello World"
@@ -1900,11 +2043,11 @@ module Sinatra
             end
           RUBY
 
-          file = settings.app_file.to_s.sub(settings.root.to_s, '').sub(/^\//, '')
+          file = settings.app_file.to_s.sub(settings.root.to_s, '').sub(%r{^/}, '')
           code = "# in #{file}\n#{code}" unless file.empty?
         end
 
-        (<<-HTML).gsub(/^ {10}/, '')
+        <<-HTML.gsub(/^ {10}/, '')
           <!DOCTYPE html>
           <html>
           <head>
@@ -1916,7 +2059,7 @@ module Sinatra
           </head>
           <body>
             <h2>Sinatra doesn’t know this ditty.</h2>
-            <img src='#{uri "/__sinatra__/404.png"}'>
+            <img src='#{request.script_name}/__sinatra__/404.png'>
             <div id="c">
               Try this:
               <pre>#{Rack::Utils.escape_html(code)}</pre>
@@ -1936,12 +2079,12 @@ module Sinatra
   # top-level. Subclassing Sinatra::Base is highly recommended for
   # modular applications.
   class Application < Base
-    set :logging, Proc.new { !test? }
+    set :logging, proc { !test? }
     set :method_override, true
-    set :run, Proc.new { !test? }
+    set :run, proc { !test? }
     set :app_file, nil
 
-    def self.register(*extensions, &block) #:nodoc:
+    def self.register(*extensions, &block) # :nodoc:
       added_methods = extensions.flat_map(&:public_instance_methods)
       Delegator.delegate(*added_methods)
       super(*extensions, &block)
@@ -1951,13 +2094,16 @@ module Sinatra
   # Sinatra delegation mixin. Mixing this module into an object causes all
   # methods to be delegated to the Sinatra::Application class. Used primarily
   # at the top-level.
-  module Delegator #:nodoc:
+  module Delegator # :nodoc:
     def self.delegate(*methods)
       methods.each do |method_name|
         define_method(method_name) do |*args, &block|
           return super(*args, &block) if respond_to? method_name
+
           Delegator.target.send(method_name, *args, &block)
         end
+        # ensure keyword argument passing is compatible with ruby >= 2.7
+        ruby2_keywords(method_name) if respond_to?(:ruby2_keywords, true)
         private method_name
       end
     end
@@ -1965,7 +2111,7 @@ module Sinatra
     delegate :get, :patch, :put, :post, :delete, :head, :options, :link, :unlink,
              :template, :layout, :before, :after, :error, :not_found, :configure,
              :set, :mime_type, :enable, :disable, :use, :development?, :test?,
-             :production?, :helpers, :settings, :register
+             :production?, :helpers, :settings, :register, :on_start, :on_stop
 
     class << self
       attr_accessor :target
@@ -1976,7 +2122,8 @@ module Sinatra
 
   class Wrapper
     def initialize(stack, instance)
-      @stack, @instance = stack, instance
+      @stack = stack
+      @instance = instance
     end
 
     def settings