sinatra 2.2.2 → 2.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6b8730578692f8db32fb574c1cf27c820afae370f0de28de6e3b96523130fd8
-  data.tar.gz: 22a5f5e701f27316173b91346823e0b82219627fb01008477434ca2a41a1bf5d
+  metadata.gz: 80e0d4f746b7bf91aecaa4af649cb63f04212975287e6ef37288a9e71e73a4ec
+  data.tar.gz: 5fcda18c311ca7ba08a2cbdf9ed60f97ed564bc9d54af4b600a86c2c6103ddc3
 SHA512:
-  metadata.gz: 436f31687f5d18ca518e55c30ce2223dd585bd2366ed03236bbf3f90a1047ed4cac669755a13e10c83f6554fc07c8dcb48492b831df722c26f0015cce0499f30
-  data.tar.gz: d535d71adf2d75f9f2d1e29f3bd9b4cc6e60f34e77f9a38d9b65e8494b5fe372c77142ddd161730388966c557b9e89b21eb5a0c9300e3761ff00e528c0ac3cb9
+  metadata.gz: 82d744ca87a984b3e96175269d1225184f885f8ae052c1089cc2973fb740376ca354579fd1c463ad4accb38e9c27bc200d0344290258ecdeb7d347b81a3ab7f6
+  data.tar.gz: 8242b52ec226acf2c29fc902b9d5855c7090f60191c874b1fbaf68ead68b15ad47257a0bfdfd2648173f8545158b2cab7fe262ff74a2d3e0d9a692b84dfd8c32

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.2.3 / 2022-11-25
+
+* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
+
+## 2.2.2 / 2022-07-23
+
+* Update mustermann dependency to version 2.
+
 ## 2.2.1 / 2022-07-15
 
 * Fix JRuby regression by using ruby2_keywords for delegation. [#1750](https://github.com/sinatra/sinatra/pull/1750) by Patrik Ragnarsson
@@ -6,6 +14,8 @@
 
 ## 2.2.0 / 2022-02-15
 
+* Breaking change: Add #select, #reject and #compact methods to Sinatra::IndifferentHash. If hash keys need to be converted to symbols, call #to_h to get a Hash instance first. #1711 by Olivier Bellone
+
 * Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
 
 * Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
@@ -48,9 +58,6 @@
 
 * Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
 
-* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
-
-
 ### CI
 
 * Use latest JRuby 9.2.16.0 on CI. [#1682](https://github.com/sinatra/sinatra/pull/1682) by Olle Jonsson

data/Gemfile

@@ -23,7 +23,7 @@ gem "twitter-text", "1.14.7"
 
 if RUBY_ENGINE == 'jruby'
   gem 'nokogiri', '!= 1.5.0'
-  gem 'puma'
+  gem 'puma', '~> 5'
 end
 
 if RUBY_ENGINE == 'jruby' || RUBY_ENGINE == 'ruby'
@@ -38,14 +38,13 @@ if RUBY_ENGINE == "ruby"
   gem 'bluecloth'
   gem 'rdiscount'
   gem 'RedCloth'
-  gem 'puma'
+  gem 'puma', '~> 5'
   gem 'yajl-ruby'
   gem 'nokogiri'
   gem 'rainbows'
   gem 'eventmachine'
   gem 'slim', '~> 2.0'
   gem 'coffee-script', '>= 2.0'
-  gem 'rdoc'
   gem 'kramdown'
   gem 'maruku'
   gem 'creole'

data/VERSION

@@ -1 +1 @@
-2.2.2
+2.2.3

data/lib/sinatra/base.rb

@@ -381,16 +381,23 @@ module Sinatra
       response['Content-Type'] = mime_type
     end
 
+    # https://html.spec.whatwg.org/#multipart-form-data
+    MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
+      '"'  => '%22',
+      "\r" => '%0D',
+      "\n" => '%0A'
+    }.freeze
+
     # Set the Content-Disposition to "attachment" with the specified filename,
     # instructing the user agents to prompt to save.
     def attachment(filename = nil, disposition = :attachment)
       response['Content-Disposition'] = disposition.to_s.dup
-      if filename
-        params = '; filename="%s"' % File.basename(filename)
-        response['Content-Disposition'] << params
-        ext = File.extname(filename)
-        content_type(ext) unless response['Content-Type'] or ext.empty?
-      end
+      return unless filename
+
+      params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
+      response['Content-Disposition'] << params
+      ext = File.extname(filename)
+      content_type(ext) unless response['Content-Type'] || ext.empty?
     end
 
     # Use the contents of the file at +path+ as the response body.

data/lib/sinatra/version.rb

@@ -1,3 +1,3 @@
 module Sinatra
-  VERSION = '2.2.1'
+  VERSION = '2.2.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.3
 platform: ruby
 authors:
 - Blake Mizerany
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-23 00:00:00.000000000 Z
+date: 2022-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -47,14 +47,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: mustermann
   requirement: !ruby/object:Gem::Requirement
@@ -145,7 +145,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubyforge_project:
+rubygems_version: 2.7.6.3
 signing_key:
 specification_version: 4
 summary: Classy web-development dressed in a DSL