sinatra 2.2.2 → 2.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -3
- data/Gemfile +2 -3
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +18 -7
- data/lib/sinatra/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e7c0f0444061d6ca90cf2956cb78a750065625116500dafde2da94ec133c1c4
|
|
4
|
+
data.tar.gz: 03ae4a16304045e5a52a8f98e07922ab0c5351889a1106942a22d89445dfcef4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41c6dc03102ac2ca8735d30a4cd1646d803be5a7fbd9cae0702cb3b41419e6b17451707498749baf0c06d2002b075e3f9d06a1eef1d4a4ee35dee95c73dd2bc3
|
|
7
|
+
data.tar.gz: 4c7ebcf714cb7f73f8fa5b179f41f978994126c90c775d4a3a4aa944c6146ece45cb9c797b130ab8a2575e177fd7128b8c5da7f6cdb440a18a2110cc7aca215e
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
## 2.2.3 / 2022-11-25
|
|
2
|
+
|
|
3
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
|
4
|
+
|
|
5
|
+
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
|
6
|
+
|
|
7
|
+
## 2.2.2 / 2022-07-23
|
|
8
|
+
|
|
9
|
+
* Update mustermann dependency to version 2.
|
|
10
|
+
|
|
1
11
|
## 2.2.1 / 2022-07-15
|
|
2
12
|
|
|
3
13
|
* Fix JRuby regression by using ruby2_keywords for delegation. [#1750](https://github.com/sinatra/sinatra/pull/1750) by Patrik Ragnarsson
|
|
@@ -6,6 +16,8 @@
|
|
|
6
16
|
|
|
7
17
|
## 2.2.0 / 2022-02-15
|
|
8
18
|
|
|
19
|
+
* Breaking change: Add #select, #reject and #compact methods to Sinatra::IndifferentHash. If hash keys need to be converted to symbols, call #to_h to get a Hash instance first. #1711 by Olivier Bellone
|
|
20
|
+
|
|
9
21
|
* Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
|
|
10
22
|
|
|
11
23
|
* Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
|
|
@@ -48,9 +60,6 @@
|
|
|
48
60
|
|
|
49
61
|
* Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
|
|
50
62
|
|
|
51
|
-
* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
52
|
-
|
|
53
|
-
|
|
54
63
|
### CI
|
|
55
64
|
|
|
56
65
|
* Use latest JRuby 9.2.16.0 on CI. [#1682](https://github.com/sinatra/sinatra/pull/1682) by Olle Jonsson
|
data/Gemfile
CHANGED
|
@@ -23,7 +23,7 @@ gem "twitter-text", "1.14.7"
|
|
|
23
23
|
|
|
24
24
|
if RUBY_ENGINE == 'jruby'
|
|
25
25
|
gem 'nokogiri', '!= 1.5.0'
|
|
26
|
-
gem 'puma'
|
|
26
|
+
gem 'puma', '~> 5'
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
if RUBY_ENGINE == 'jruby' || RUBY_ENGINE == 'ruby'
|
|
@@ -38,14 +38,13 @@ if RUBY_ENGINE == "ruby"
|
|
|
38
38
|
gem 'bluecloth'
|
|
39
39
|
gem 'rdiscount'
|
|
40
40
|
gem 'RedCloth'
|
|
41
|
-
gem 'puma'
|
|
41
|
+
gem 'puma', '~> 5'
|
|
42
42
|
gem 'yajl-ruby'
|
|
43
43
|
gem 'nokogiri'
|
|
44
44
|
gem 'rainbows'
|
|
45
45
|
gem 'eventmachine'
|
|
46
46
|
gem 'slim', '~> 2.0'
|
|
47
47
|
gem 'coffee-script', '>= 2.0'
|
|
48
|
-
gem 'rdoc'
|
|
49
48
|
gem 'kramdown'
|
|
50
49
|
gem 'maruku'
|
|
51
50
|
gem 'creole'
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.2.
|
|
1
|
+
2.2.4
|
data/lib/sinatra/base.rb
CHANGED
|
@@ -381,16 +381,23 @@ module Sinatra
|
|
|
381
381
|
response['Content-Type'] = mime_type
|
|
382
382
|
end
|
|
383
383
|
|
|
384
|
+
# https://html.spec.whatwg.org/#multipart-form-data
|
|
385
|
+
MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
|
|
386
|
+
'"' => '%22',
|
|
387
|
+
"\r" => '%0D',
|
|
388
|
+
"\n" => '%0A'
|
|
389
|
+
}.freeze
|
|
390
|
+
|
|
384
391
|
# Set the Content-Disposition to "attachment" with the specified filename,
|
|
385
392
|
# instructing the user agents to prompt to save.
|
|
386
393
|
def attachment(filename = nil, disposition = :attachment)
|
|
387
394
|
response['Content-Disposition'] = disposition.to_s.dup
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
395
|
+
return unless filename
|
|
396
|
+
|
|
397
|
+
params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
|
|
398
|
+
response['Content-Disposition'] << params
|
|
399
|
+
ext = File.extname(filename)
|
|
400
|
+
content_type(ext) unless response['Content-Type'] || ext.empty?
|
|
394
401
|
end
|
|
395
402
|
|
|
396
403
|
# Use the contents of the file at +path+ as the response body.
|
|
@@ -1230,6 +1237,10 @@ module Sinatra
|
|
|
1230
1237
|
|
|
1231
1238
|
attr_reader :routes, :filters, :templates, :errors
|
|
1232
1239
|
|
|
1240
|
+
def callers_to_ignore
|
|
1241
|
+
CALLERS_TO_IGNORE
|
|
1242
|
+
end
|
|
1243
|
+
|
|
1233
1244
|
# Removes all routes, filters, middleware and extension hooks from the
|
|
1234
1245
|
# current class (not routes/filters/... defined by its superclass).
|
|
1235
1246
|
def reset!
|
|
@@ -1779,7 +1790,7 @@ module Sinatra
|
|
|
1779
1790
|
def cleaned_caller(keep = 3)
|
|
1780
1791
|
caller(1).
|
|
1781
1792
|
map! { |line| line.split(/:(?=\d|in )/, 3)[0,keep] }.
|
|
1782
|
-
reject { |file, *_|
|
|
1793
|
+
reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
|
|
1783
1794
|
end
|
|
1784
1795
|
end
|
|
1785
1796
|
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Blake Mizerany
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2022-
|
|
14
|
+
date: 2022-12-16 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rack
|
|
@@ -47,14 +47,14 @@ dependencies:
|
|
|
47
47
|
requirements:
|
|
48
48
|
- - '='
|
|
49
49
|
- !ruby/object:Gem::Version
|
|
50
|
-
version: 2.2.
|
|
50
|
+
version: 2.2.4
|
|
51
51
|
type: :runtime
|
|
52
52
|
prerelease: false
|
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
54
54
|
requirements:
|
|
55
55
|
- - '='
|
|
56
56
|
- !ruby/object:Gem::Version
|
|
57
|
-
version: 2.2.
|
|
57
|
+
version: 2.2.4
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: mustermann
|
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -145,7 +145,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
145
145
|
- !ruby/object:Gem::Version
|
|
146
146
|
version: '0'
|
|
147
147
|
requirements: []
|
|
148
|
-
|
|
148
|
+
rubyforge_project:
|
|
149
|
+
rubygems_version: 2.7.6.3
|
|
149
150
|
signing_key:
|
|
150
151
|
specification_version: 4
|
|
151
152
|
summary: Classy web-development dressed in a DSL
|