sinatra 3.0.3 → 3.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of sinatra might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -2
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +8 -1
- data/lib/sinatra/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7596f4ab9a68b8aeebf1a916c1cd752a3e7dd2714dd7fa09b8def139f5b2b8f9
|
|
4
|
+
data.tar.gz: 38ee8094ab7b9bf06a30c4bbefa2b915af6a8c1d1c4c2ec4b97918e07e8dce25
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1f2f27088c9dfb616693cbac0bfc80a2c831e8c4126c3fc86d9b9888e0b5a20bab767d0120a1ef1045466e7d4228d265503b91cb23e2c4502d5dea494017cbda
|
|
7
|
+
data.tar.gz: 1e941fdfd3658202725a247ca4d363fb2d2026a9aa1176f61ca170620317e75dccca16b702ca377f65169a8633e43e9c724076581777e46a13e053b717b8212e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
* _Your new feature here._
|
|
4
4
|
|
|
5
|
+
## 3.0.4 / 2022-11-25
|
|
6
|
+
|
|
7
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
|
8
|
+
|
|
5
9
|
## 3.0.3 / 2022-11-11
|
|
6
10
|
|
|
7
11
|
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
|
@@ -74,6 +78,8 @@
|
|
|
74
78
|
|
|
75
79
|
## 2.2.0 / 2022-02-15
|
|
76
80
|
|
|
81
|
+
* Breaking change: Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. If hash keys need to be converted to symbols, call `#to_h` to get a `Hash` instance first. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
82
|
+
|
|
77
83
|
* Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
|
|
78
84
|
|
|
79
85
|
* Minor refactors in `base.rb`. [#1640](https://github.com/sinatra/sinatra/pull/1640) by ceclinux
|
|
@@ -104,8 +110,6 @@
|
|
|
104
110
|
|
|
105
111
|
* Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
|
|
106
112
|
|
|
107
|
-
* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
|
108
|
-
|
|
109
113
|
* Docs: Spanish documentation: Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
|
|
110
114
|
|
|
111
115
|
* Docs: German documentation: Fixed typos in German README.md. [#1648](https://github.com/sinatra/sinatra/pull/1648) by Juri
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.0.
|
|
1
|
+
3.0.4
|
data/lib/sinatra/base.rb
CHANGED
|
@@ -396,13 +396,20 @@ module Sinatra
|
|
|
396
396
|
response['Content-Type'] = mime_type
|
|
397
397
|
end
|
|
398
398
|
|
|
399
|
+
# https://html.spec.whatwg.org/#multipart-form-data
|
|
400
|
+
MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
|
|
401
|
+
'"' => '%22',
|
|
402
|
+
"\r" => '%0D',
|
|
403
|
+
"\n" => '%0A'
|
|
404
|
+
}.freeze
|
|
405
|
+
|
|
399
406
|
# Set the Content-Disposition to "attachment" with the specified filename,
|
|
400
407
|
# instructing the user agents to prompt to save.
|
|
401
408
|
def attachment(filename = nil, disposition = :attachment)
|
|
402
409
|
response['Content-Disposition'] = disposition.to_s.dup
|
|
403
410
|
return unless filename
|
|
404
411
|
|
|
405
|
-
params = format('; filename="%s"', File.basename(filename))
|
|
412
|
+
params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
|
|
406
413
|
response['Content-Disposition'] << params
|
|
407
414
|
ext = File.extname(filename)
|
|
408
415
|
content_type(ext) unless response['Content-Type'] || ext.empty?
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Blake Mizerany
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2022-11-
|
|
14
|
+
date: 2022-11-25 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: mustermann
|
|
@@ -53,14 +53,14 @@ dependencies:
|
|
|
53
53
|
requirements:
|
|
54
54
|
- - '='
|
|
55
55
|
- !ruby/object:Gem::Version
|
|
56
|
-
version: 3.0.
|
|
56
|
+
version: 3.0.4
|
|
57
57
|
type: :runtime
|
|
58
58
|
prerelease: false
|
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
60
60
|
requirements:
|
|
61
61
|
- - '='
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
|
-
version: 3.0.
|
|
63
|
+
version: 3.0.4
|
|
64
64
|
- !ruby/object:Gem::Dependency
|
|
65
65
|
name: tilt
|
|
66
66
|
requirement: !ruby/object:Gem::Requirement
|