sinatra 3.0.2 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sinatra might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -2
- data/Gemfile +6 -2
- data/README.md +4 -4
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +15 -3
- data/lib/sinatra/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 253794a685657aa33414a6384abfa99f0c4b0a8aa97a9f15aa6d5ae88bcd747e
|
|
4
|
+
data.tar.gz: 455faa2397e06210cdeeb6e90eb5b8ec56908695585c869bb9241afc1e480cca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b8ca8d0630ca6a5b420a6066ac6bb0375092e92a549bf623974a8780b576b859a227eccf32402ffb4628a04523c107420cda5982bcc69a14dbb3779ff299b255
|
|
7
|
+
data.tar.gz: 85352987ea63bcbdfa6a80af67a59e5e3e4e812f1aaf4f28016ebd085805934ffa2787278b3034cef623ee5ed278bb5b66eeb02f390b6b8fea5326f7f039c4d7
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,20 @@
|
|
|
2
2
|
|
|
3
3
|
* _Your new feature here._
|
|
4
4
|
|
|
5
|
+
## 3.0.5 / 2022-12-16
|
|
6
|
+
|
|
7
|
+
* Fix: Add Zeitwerk compatibility. [#1831](https://github.com/sinatra/sinatra/pull/1831) by Dawid Janczak
|
|
8
|
+
|
|
9
|
+
* Fix: Allow CALLERS_TO_IGNORE to be overridden
|
|
10
|
+
|
|
11
|
+
## 3.0.4 / 2022-11-25
|
|
12
|
+
|
|
13
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
|
14
|
+
|
|
15
|
+
## 3.0.3 / 2022-11-11
|
|
16
|
+
|
|
17
|
+
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
|
18
|
+
|
|
5
19
|
## 3.0.2 / 2022-10-01
|
|
6
20
|
|
|
7
21
|
* New: Add Haml 6 support. [#1820](https://github.com/sinatra/sinatra/pull/1820) by Jordan Owens
|
|
@@ -58,6 +72,12 @@
|
|
|
58
72
|
|
|
59
73
|
* Docs: Japanese documentation: Make Session section reflect changes done to README.md. [#1731](https://github.com/sinatra/sinatra/pull/1731) by @shu-i-chi
|
|
60
74
|
|
|
75
|
+
## 2.2.3 / 2022-11-25
|
|
76
|
+
|
|
77
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
|
78
|
+
|
|
79
|
+
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
|
80
|
+
|
|
61
81
|
## 2.2.2 / 2022-07-23
|
|
62
82
|
|
|
63
83
|
* Update mustermann dependency to version 2.
|
|
@@ -70,6 +90,8 @@
|
|
|
70
90
|
|
|
71
91
|
## 2.2.0 / 2022-02-15
|
|
72
92
|
|
|
93
|
+
* Breaking change: Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. If hash keys need to be converted to symbols, call `#to_h` to get a `Hash` instance first. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
94
|
+
|
|
73
95
|
* Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
|
|
74
96
|
|
|
75
97
|
* Minor refactors in `base.rb`. [#1640](https://github.com/sinatra/sinatra/pull/1640) by ceclinux
|
|
@@ -100,8 +122,6 @@
|
|
|
100
122
|
|
|
101
123
|
* Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
|
|
102
124
|
|
|
103
|
-
* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
104
|
-
|
|
105
125
|
* Docs: Spanish documentation: Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
|
|
106
126
|
|
|
107
127
|
* Docs: German documentation: Fixed typos in German README.md. [#1648](https://github.com/sinatra/sinatra/pull/1648) by Juri
|
data/Gemfile
CHANGED
|
@@ -15,9 +15,14 @@ gem 'rake'
|
|
|
15
15
|
|
|
16
16
|
rack_version = ENV['rack'].to_s
|
|
17
17
|
rack_version = nil if rack_version.empty? || (rack_version == 'stable')
|
|
18
|
-
rack_version = { github: 'rack/rack' } if rack_version == '
|
|
18
|
+
rack_version = { github: 'rack/rack' } if rack_version == 'latest'
|
|
19
19
|
gem 'rack', rack_version
|
|
20
20
|
|
|
21
|
+
puma_version = ENV['puma'].to_s
|
|
22
|
+
puma_version = nil if puma_version.empty? || (puma_version == 'stable')
|
|
23
|
+
puma_version = { github: 'puma/puma' } if puma_version == 'latest'
|
|
24
|
+
gem 'puma', puma_version
|
|
25
|
+
|
|
21
26
|
gem 'minitest', '~> 5.0'
|
|
22
27
|
gem 'rack-test', github: 'rack/rack-test'
|
|
23
28
|
gem 'rubocop', '~> 1.32.0', require: false
|
|
@@ -40,7 +45,6 @@ gem 'liquid'
|
|
|
40
45
|
gem 'markaby'
|
|
41
46
|
gem 'nokogiri', '> 1.5.0'
|
|
42
47
|
gem 'pandoc-ruby', '~> 2.0.2'
|
|
43
|
-
gem 'puma'
|
|
44
48
|
gem 'rabl'
|
|
45
49
|
gem 'rainbows', platforms: [:mri] # uses #fork
|
|
46
50
|
gem 'rdiscount', platforms: [:ruby]
|
data/README.md
CHANGED
|
@@ -938,7 +938,7 @@ __END__
|
|
|
938
938
|
|
|
939
939
|
@@ layout
|
|
940
940
|
%html
|
|
941
|
-
|
|
941
|
+
!= yield
|
|
942
942
|
|
|
943
943
|
@@ index
|
|
944
944
|
%div.title Hello world.
|
|
@@ -984,7 +984,7 @@ To associate a file extension with a template engine, use
|
|
|
984
984
|
`tt` for Haml templates, you can do the following:
|
|
985
985
|
|
|
986
986
|
```ruby
|
|
987
|
-
Tilt.register
|
|
987
|
+
Tilt.register Tilt[:haml], :tt
|
|
988
988
|
```
|
|
989
989
|
|
|
990
990
|
### Adding Your Own Template Engine
|
|
@@ -992,7 +992,7 @@ Tilt.register :tt, Tilt[:haml]
|
|
|
992
992
|
First, register your engine with Tilt, then create a rendering method:
|
|
993
993
|
|
|
994
994
|
```ruby
|
|
995
|
-
Tilt.register :myat
|
|
995
|
+
Tilt.register MyAwesomeTemplateEngine, :myat
|
|
996
996
|
|
|
997
997
|
helpers do
|
|
998
998
|
def myat(*args) render(:myat, *args) end
|
|
@@ -2903,4 +2903,4 @@ SemVerTag.
|
|
|
2903
2903
|
* API documentation for the [latest release](http://www.rubydoc.info/gems/sinatra)
|
|
2904
2904
|
or the [current HEAD](http://www.rubydoc.info/github/sinatra/sinatra) on
|
|
2905
2905
|
[RubyDoc](http://www.rubydoc.info/)
|
|
2906
|
-
* [CI
|
|
2906
|
+
* [CI Actions](https://github.com/sinatra/sinatra/actions)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.0.
|
|
1
|
+
3.0.5
|
data/lib/sinatra/base.rb
CHANGED
|
@@ -396,13 +396,20 @@ module Sinatra
|
|
|
396
396
|
response['Content-Type'] = mime_type
|
|
397
397
|
end
|
|
398
398
|
|
|
399
|
+
# https://html.spec.whatwg.org/#multipart-form-data
|
|
400
|
+
MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
|
|
401
|
+
'"' => '%22',
|
|
402
|
+
"\r" => '%0D',
|
|
403
|
+
"\n" => '%0A'
|
|
404
|
+
}.freeze
|
|
405
|
+
|
|
399
406
|
# Set the Content-Disposition to "attachment" with the specified filename,
|
|
400
407
|
# instructing the user agents to prompt to save.
|
|
401
408
|
def attachment(filename = nil, disposition = :attachment)
|
|
402
409
|
response['Content-Disposition'] = disposition.to_s.dup
|
|
403
410
|
return unless filename
|
|
404
411
|
|
|
405
|
-
params = format('; filename="%s"', File.basename(filename))
|
|
412
|
+
params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
|
|
406
413
|
response['Content-Disposition'] << params
|
|
407
414
|
ext = File.extname(filename)
|
|
408
415
|
content_type(ext) unless response['Content-Type'] || ext.empty?
|
|
@@ -1209,11 +1216,16 @@ module Sinatra
|
|
|
1209
1216
|
%r{rubygems/(custom|core_ext/kernel)_require\.rb$}, # rubygems require hacks
|
|
1210
1217
|
/active_support/, # active_support require hacks
|
|
1211
1218
|
%r{bundler(/(?:runtime|inline))?\.rb}, # bundler require hacks
|
|
1212
|
-
/<internal
|
|
1219
|
+
/<internal:/, # internal in ruby >= 1.9.2
|
|
1220
|
+
%r{zeitwerk/kernel\.rb} # Zeitwerk kernel#require decorator
|
|
1213
1221
|
].freeze
|
|
1214
1222
|
|
|
1215
1223
|
attr_reader :routes, :filters, :templates, :errors
|
|
1216
1224
|
|
|
1225
|
+
def callers_to_ignore
|
|
1226
|
+
CALLERS_TO_IGNORE
|
|
1227
|
+
end
|
|
1228
|
+
|
|
1217
1229
|
# Removes all routes, filters, middleware and extension hooks from the
|
|
1218
1230
|
# current class (not routes/filters/... defined by its superclass).
|
|
1219
1231
|
def reset!
|
|
@@ -1780,7 +1792,7 @@ module Sinatra
|
|
|
1780
1792
|
def cleaned_caller(keep = 3)
|
|
1781
1793
|
caller(1)
|
|
1782
1794
|
.map! { |line| line.split(/:(?=\d|in )/, 3)[0, keep] }
|
|
1783
|
-
.reject { |file, *_|
|
|
1795
|
+
.reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
|
|
1784
1796
|
end
|
|
1785
1797
|
end
|
|
1786
1798
|
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Blake Mizerany
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2022-
|
|
14
|
+
date: 2022-12-16 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: mustermann
|
|
@@ -53,14 +53,14 @@ dependencies:
|
|
|
53
53
|
requirements:
|
|
54
54
|
- - '='
|
|
55
55
|
- !ruby/object:Gem::Version
|
|
56
|
-
version: 3.0.
|
|
56
|
+
version: 3.0.5
|
|
57
57
|
type: :runtime
|
|
58
58
|
prerelease: false
|
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
60
60
|
requirements:
|
|
61
61
|
- - '='
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
|
-
version: 3.0.
|
|
63
|
+
version: 3.0.5
|
|
64
64
|
- !ruby/object:Gem::Dependency
|
|
65
65
|
name: tilt
|
|
66
66
|
requirement: !ruby/object:Gem::Requirement
|