sinatra 2.2.2 → 2.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of sinatra might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -3
- data/Gemfile +2 -3
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +18 -7
- data/lib/sinatra/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e7c0f0444061d6ca90cf2956cb78a750065625116500dafde2da94ec133c1c4
|
|
4
|
+
data.tar.gz: 03ae4a16304045e5a52a8f98e07922ab0c5351889a1106942a22d89445dfcef4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41c6dc03102ac2ca8735d30a4cd1646d803be5a7fbd9cae0702cb3b41419e6b17451707498749baf0c06d2002b075e3f9d06a1eef1d4a4ee35dee95c73dd2bc3
|
|
7
|
+
data.tar.gz: 4c7ebcf714cb7f73f8fa5b179f41f978994126c90c775d4a3a4aa944c6146ece45cb9c797b130ab8a2575e177fd7128b8c5da7f6cdb440a18a2110cc7aca215e
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
## 2.2.3 / 2022-11-25
|
|
2
|
+
|
|
3
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
|
4
|
+
|
|
5
|
+
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
|
6
|
+
|
|
7
|
+
## 2.2.2 / 2022-07-23
|
|
8
|
+
|
|
9
|
+
* Update mustermann dependency to version 2.
|
|
10
|
+
|
|
1
11
|
## 2.2.1 / 2022-07-15
|
|
2
12
|
|
|
3
13
|
* Fix JRuby regression by using ruby2_keywords for delegation. [#1750](https://github.com/sinatra/sinatra/pull/1750) by Patrik Ragnarsson
|
|
@@ -6,6 +16,8 @@
|
|
|
6
16
|
|
|
7
17
|
## 2.2.0 / 2022-02-15
|
|
8
18
|
|
|
19
|
+
* Breaking change: Add #select, #reject and #compact methods to Sinatra::IndifferentHash. If hash keys need to be converted to symbols, call #to_h to get a Hash instance first. #1711 by Olivier Bellone
|
|
20
|
+
|
|
9
21
|
* Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
|
|
10
22
|
|
|
11
23
|
* Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
|
|
@@ -48,9 +60,6 @@
|
|
|
48
60
|
|
|
49
61
|
* Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
|
|
50
62
|
|
|
51
|
-
* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
52
|
-
|
|
53
|
-
|
|
54
63
|
### CI
|
|
55
64
|
|
|
56
65
|
* Use latest JRuby 9.2.16.0 on CI. [#1682](https://github.com/sinatra/sinatra/pull/1682) by Olle Jonsson
|
data/Gemfile
CHANGED
|
@@ -23,7 +23,7 @@ gem "twitter-text", "1.14.7"
|
|
|
23
23
|
|
|
24
24
|
if RUBY_ENGINE == 'jruby'
|
|
25
25
|
gem 'nokogiri', '!= 1.5.0'
|
|
26
|
-
gem 'puma'
|
|
26
|
+
gem 'puma', '~> 5'
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
if RUBY_ENGINE == 'jruby' || RUBY_ENGINE == 'ruby'
|
|
@@ -38,14 +38,13 @@ if RUBY_ENGINE == "ruby"
|
|
|
38
38
|
gem 'bluecloth'
|
|
39
39
|
gem 'rdiscount'
|
|
40
40
|
gem 'RedCloth'
|
|
41
|
-
gem 'puma'
|
|
41
|
+
gem 'puma', '~> 5'
|
|
42
42
|
gem 'yajl-ruby'
|
|
43
43
|
gem 'nokogiri'
|
|
44
44
|
gem 'rainbows'
|
|
45
45
|
gem 'eventmachine'
|
|
46
46
|
gem 'slim', '~> 2.0'
|
|
47
47
|
gem 'coffee-script', '>= 2.0'
|
|
48
|
-
gem 'rdoc'
|
|
49
48
|
gem 'kramdown'
|
|
50
49
|
gem 'maruku'
|
|
51
50
|
gem 'creole'
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.2.
|
|
1
|
+
2.2.4
|
data/lib/sinatra/base.rb
CHANGED
|
@@ -381,16 +381,23 @@ module Sinatra
|
|
|
381
381
|
response['Content-Type'] = mime_type
|
|
382
382
|
end
|
|
383
383
|
|
|
384
|
+
# https://html.spec.whatwg.org/#multipart-form-data
|
|
385
|
+
MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
|
|
386
|
+
'"' => '%22',
|
|
387
|
+
"\r" => '%0D',
|
|
388
|
+
"\n" => '%0A'
|
|
389
|
+
}.freeze
|
|
390
|
+
|
|
384
391
|
# Set the Content-Disposition to "attachment" with the specified filename,
|
|
385
392
|
# instructing the user agents to prompt to save.
|
|
386
393
|
def attachment(filename = nil, disposition = :attachment)
|
|
387
394
|
response['Content-Disposition'] = disposition.to_s.dup
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
395
|
+
return unless filename
|
|
396
|
+
|
|
397
|
+
params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
|
|
398
|
+
response['Content-Disposition'] << params
|
|
399
|
+
ext = File.extname(filename)
|
|
400
|
+
content_type(ext) unless response['Content-Type'] || ext.empty?
|
|
394
401
|
end
|
|
395
402
|
|
|
396
403
|
# Use the contents of the file at +path+ as the response body.
|
|
@@ -1230,6 +1237,10 @@ module Sinatra
|
|
|
1230
1237
|
|
|
1231
1238
|
attr_reader :routes, :filters, :templates, :errors
|
|
1232
1239
|
|
|
1240
|
+
def callers_to_ignore
|
|
1241
|
+
CALLERS_TO_IGNORE
|
|
1242
|
+
end
|
|
1243
|
+
|
|
1233
1244
|
# Removes all routes, filters, middleware and extension hooks from the
|
|
1234
1245
|
# current class (not routes/filters/... defined by its superclass).
|
|
1235
1246
|
def reset!
|
|
@@ -1779,7 +1790,7 @@ module Sinatra
|
|
|
1779
1790
|
def cleaned_caller(keep = 3)
|
|
1780
1791
|
caller(1).
|
|
1781
1792
|
map! { |line| line.split(/:(?=\d|in )/, 3)[0,keep] }.
|
|
1782
|
-
reject { |file, *_|
|
|
1793
|
+
reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
|
|
1783
1794
|
end
|
|
1784
1795
|
end
|
|
1785
1796
|
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Blake Mizerany
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2022-
|
|
14
|
+
date: 2022-12-16 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rack
|
|
@@ -47,14 +47,14 @@ dependencies:
|
|
|
47
47
|
requirements:
|
|
48
48
|
- - '='
|
|
49
49
|
- !ruby/object:Gem::Version
|
|
50
|
-
version: 2.2.
|
|
50
|
+
version: 2.2.4
|
|
51
51
|
type: :runtime
|
|
52
52
|
prerelease: false
|
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
54
54
|
requirements:
|
|
55
55
|
- - '='
|
|
56
56
|
- !ruby/object:Gem::Version
|
|
57
|
-
version: 2.2.
|
|
57
|
+
version: 2.2.4
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: mustermann
|
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -145,7 +145,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
145
145
|
- !ruby/object:Gem::Version
|
|
146
146
|
version: '0'
|
|
147
147
|
requirements: []
|
|
148
|
-
|
|
148
|
+
rubyforge_project:
|
|
149
|
+
rubygems_version: 2.7.6.3
|
|
149
150
|
signing_key:
|
|
150
151
|
specification_version: 4
|
|
151
152
|
summary: Classy web-development dressed in a DSL
|