sinatra 3.0.3 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of sinatra might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +18 -2
  3. data/README.md +2 -2
  4. data/VERSION +1 -1
  5. data/lib/sinatra/base.rb +15 -3
  6. data/lib/sinatra/version.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 860a421d40a861cf3e72e70593f1f5efb8f62ab3437b2b33480f49760157a4b4
4
- data.tar.gz: 1315cc471ba7015ceba615fefc85b71b798bf11e9b743df603759b9e9c7066d7
3
+ metadata.gz: 253794a685657aa33414a6384abfa99f0c4b0a8aa97a9f15aa6d5ae88bcd747e
4
+ data.tar.gz: 455faa2397e06210cdeeb6e90eb5b8ec56908695585c869bb9241afc1e480cca
5
5
  SHA512:
6
- metadata.gz: 82916e7a13f0a5ba10c5a39f771de44b1f40164ef6ba1c140907b5a6d17066632998721d9a5cc132b445fda5d10948b30ee071adc3f7dd4ab23f2fe46df420d7
7
- data.tar.gz: 401077fd189ff1c79aa97d266b1f4e5ec14560a9ddd0ceb4f810815f340159b96a752523b7e79432d02d8aa92cc0a61c54c20eba58ab336b0f3a3c3409168617
6
+ metadata.gz: b8ca8d0630ca6a5b420a6066ac6bb0375092e92a549bf623974a8780b576b859a227eccf32402ffb4628a04523c107420cda5982bcc69a14dbb3779ff299b255
7
+ data.tar.gz: 85352987ea63bcbdfa6a80af67a59e5e3e4e812f1aaf4f28016ebd085805934ffa2787278b3034cef623ee5ed278bb5b66eeb02f390b6b8fea5326f7f039c4d7
data/CHANGELOG.md CHANGED
@@ -2,6 +2,16 @@
2
2
 
3
3
  * _Your new feature here._
4
4
 
5
+ ## 3.0.5 / 2022-12-16
6
+
7
+ * Fix: Add Zeitwerk compatibility. [#1831](https://github.com/sinatra/sinatra/pull/1831) by Dawid Janczak
8
+
9
+ * Fix: Allow CALLERS_TO_IGNORE to be overridden
10
+
11
+ ## 3.0.4 / 2022-11-25
12
+
13
+ * Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
14
+
5
15
  ## 3.0.3 / 2022-11-11
6
16
 
7
17
  * Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
@@ -62,6 +72,12 @@
62
72
 
63
73
  * Docs: Japanese documentation: Make Session section reflect changes done to README.md. [#1731](https://github.com/sinatra/sinatra/pull/1731) by @shu-i-chi
64
74
 
75
+ ## 2.2.3 / 2022-11-25
76
+
77
+ * Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
78
+
79
+ * Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
80
+
65
81
  ## 2.2.2 / 2022-07-23
66
82
 
67
83
  * Update mustermann dependency to version 2.
@@ -74,6 +90,8 @@
74
90
 
75
91
  ## 2.2.0 / 2022-02-15
76
92
 
93
+ * Breaking change: Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. If hash keys need to be converted to symbols, call `#to_h` to get a `Hash` instance first. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
94
+
77
95
  * Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
78
96
 
79
97
  * Minor refactors in `base.rb`. [#1640](https://github.com/sinatra/sinatra/pull/1640) by ceclinux
@@ -104,8 +122,6 @@
104
122
 
105
123
  * Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
106
124
 
107
- * Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
108
-
109
125
  * Docs: Spanish documentation: Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
110
126
 
111
127
  * Docs: German documentation: Fixed typos in German README.md. [#1648](https://github.com/sinatra/sinatra/pull/1648) by Juri
data/README.md CHANGED
@@ -984,7 +984,7 @@ To associate a file extension with a template engine, use
984
984
  `tt` for Haml templates, you can do the following:
985
985
 
986
986
  ```ruby
987
- Tilt.register :tt, Tilt[:haml]
987
+ Tilt.register Tilt[:haml], :tt
988
988
  ```
989
989
 
990
990
  ### Adding Your Own Template Engine
@@ -992,7 +992,7 @@ Tilt.register :tt, Tilt[:haml]
992
992
  First, register your engine with Tilt, then create a rendering method:
993
993
 
994
994
  ```ruby
995
- Tilt.register :myat, MyAwesomeTemplateEngine
995
+ Tilt.register MyAwesomeTemplateEngine, :myat
996
996
 
997
997
  helpers do
998
998
  def myat(*args) render(:myat, *args) end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.0.3
1
+ 3.0.5
data/lib/sinatra/base.rb CHANGED
@@ -396,13 +396,20 @@ module Sinatra
396
396
  response['Content-Type'] = mime_type
397
397
  end
398
398
 
399
+ # https://html.spec.whatwg.org/#multipart-form-data
400
+ MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
401
+ '"' => '%22',
402
+ "\r" => '%0D',
403
+ "\n" => '%0A'
404
+ }.freeze
405
+
399
406
  # Set the Content-Disposition to "attachment" with the specified filename,
400
407
  # instructing the user agents to prompt to save.
401
408
  def attachment(filename = nil, disposition = :attachment)
402
409
  response['Content-Disposition'] = disposition.to_s.dup
403
410
  return unless filename
404
411
 
405
- params = format('; filename="%s"', File.basename(filename))
412
+ params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
406
413
  response['Content-Disposition'] << params
407
414
  ext = File.extname(filename)
408
415
  content_type(ext) unless response['Content-Type'] || ext.empty?
@@ -1209,11 +1216,16 @@ module Sinatra
1209
1216
  %r{rubygems/(custom|core_ext/kernel)_require\.rb$}, # rubygems require hacks
1210
1217
  /active_support/, # active_support require hacks
1211
1218
  %r{bundler(/(?:runtime|inline))?\.rb}, # bundler require hacks
1212
- /<internal:/ # internal in ruby >= 1.9.2
1219
+ /<internal:/, # internal in ruby >= 1.9.2
1220
+ %r{zeitwerk/kernel\.rb} # Zeitwerk kernel#require decorator
1213
1221
  ].freeze
1214
1222
 
1215
1223
  attr_reader :routes, :filters, :templates, :errors
1216
1224
 
1225
+ def callers_to_ignore
1226
+ CALLERS_TO_IGNORE
1227
+ end
1228
+
1217
1229
  # Removes all routes, filters, middleware and extension hooks from the
1218
1230
  # current class (not routes/filters/... defined by its superclass).
1219
1231
  def reset!
@@ -1780,7 +1792,7 @@ module Sinatra
1780
1792
  def cleaned_caller(keep = 3)
1781
1793
  caller(1)
1782
1794
  .map! { |line| line.split(/:(?=\d|in )/, 3)[0, keep] }
1783
- .reject { |file, *_| CALLERS_TO_IGNORE.any? { |pattern| file =~ pattern } }
1795
+ .reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
1784
1796
  end
1785
1797
  end
1786
1798
 
data/lib/sinatra/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sinatra
4
- VERSION = '3.0.2'
4
+ VERSION = '3.0.4'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sinatra
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3
4
+ version: 3.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Blake Mizerany
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2022-11-11 00:00:00.000000000 Z
14
+ date: 2022-12-16 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: mustermann
@@ -53,14 +53,14 @@ dependencies:
53
53
  requirements:
54
54
  - - '='
55
55
  - !ruby/object:Gem::Version
56
- version: 3.0.3
56
+ version: 3.0.5
57
57
  type: :runtime
58
58
  prerelease: false
59
59
  version_requirements: !ruby/object:Gem::Requirement
60
60
  requirements:
61
61
  - - '='
62
62
  - !ruby/object:Gem::Version
63
- version: 3.0.3
63
+ version: 3.0.5
64
64
  - !ruby/object:Gem::Dependency
65
65
  name: tilt
66
66
  requirement: !ruby/object:Gem::Requirement