sinatra 3.0.3 → 3.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -2
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +8 -1
- data/lib/sinatra/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7596f4ab9a68b8aeebf1a916c1cd752a3e7dd2714dd7fa09b8def139f5b2b8f9
|
4
|
+
data.tar.gz: 38ee8094ab7b9bf06a30c4bbefa2b915af6a8c1d1c4c2ec4b97918e07e8dce25
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f2f27088c9dfb616693cbac0bfc80a2c831e8c4126c3fc86d9b9888e0b5a20bab767d0120a1ef1045466e7d4228d265503b91cb23e2c4502d5dea494017cbda
|
7
|
+
data.tar.gz: 1e941fdfd3658202725a247ca4d363fb2d2026a9aa1176f61ca170620317e75dccca16b702ca377f65169a8633e43e9c724076581777e46a13e053b717b8212e
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
|
3
3
|
* _Your new feature here._
|
4
4
|
|
5
|
+
## 3.0.4 / 2022-11-25
|
6
|
+
|
7
|
+
* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
|
8
|
+
|
5
9
|
## 3.0.3 / 2022-11-11
|
6
10
|
|
7
11
|
* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
|
@@ -74,6 +78,8 @@
|
|
74
78
|
|
75
79
|
## 2.2.0 / 2022-02-15
|
76
80
|
|
81
|
+
* Breaking change: Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. If hash keys need to be converted to symbols, call `#to_h` to get a `Hash` instance first. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
82
|
+
|
77
83
|
* Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://github.com/sinatra/sinatra/pull/1743) by tamazon
|
78
84
|
|
79
85
|
* Minor refactors in `base.rb`. [#1640](https://github.com/sinatra/sinatra/pull/1640) by ceclinux
|
@@ -104,8 +110,6 @@
|
|
104
110
|
|
105
111
|
* Remove unnecessary `test_files` from the gemspec. [#1712](https://github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara
|
106
112
|
|
107
|
-
* Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. [#1711](https://github.com/sinatra/sinatra/pull/1711) by Olivier Bellone
|
108
|
-
|
109
113
|
* Docs: Spanish documentation: Update README.es.md with removal of Thin. [#1630](https://github.com/sinatra/sinatra/pull/1630) by Espartaco Palma
|
110
114
|
|
111
115
|
* Docs: German documentation: Fixed typos in German README.md. [#1648](https://github.com/sinatra/sinatra/pull/1648) by Juri
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.0.
|
1
|
+
3.0.4
|
data/lib/sinatra/base.rb
CHANGED
@@ -396,13 +396,20 @@ module Sinatra
|
|
396
396
|
response['Content-Type'] = mime_type
|
397
397
|
end
|
398
398
|
|
399
|
+
# https://html.spec.whatwg.org/#multipart-form-data
|
400
|
+
MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
|
401
|
+
'"' => '%22',
|
402
|
+
"\r" => '%0D',
|
403
|
+
"\n" => '%0A'
|
404
|
+
}.freeze
|
405
|
+
|
399
406
|
# Set the Content-Disposition to "attachment" with the specified filename,
|
400
407
|
# instructing the user agents to prompt to save.
|
401
408
|
def attachment(filename = nil, disposition = :attachment)
|
402
409
|
response['Content-Disposition'] = disposition.to_s.dup
|
403
410
|
return unless filename
|
404
411
|
|
405
|
-
params = format('; filename="%s"', File.basename(filename))
|
412
|
+
params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
|
406
413
|
response['Content-Disposition'] << params
|
407
414
|
ext = File.extname(filename)
|
408
415
|
content_type(ext) unless response['Content-Type'] || ext.empty?
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sinatra
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Blake Mizerany
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2022-11-
|
14
|
+
date: 2022-11-25 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: mustermann
|
@@ -53,14 +53,14 @@ dependencies:
|
|
53
53
|
requirements:
|
54
54
|
- - '='
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: 3.0.
|
56
|
+
version: 3.0.4
|
57
57
|
type: :runtime
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - '='
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: 3.0.
|
63
|
+
version: 3.0.4
|
64
64
|
- !ruby/object:Gem::Dependency
|
65
65
|
name: tilt
|
66
66
|
requirement: !ruby/object:Gem::Requirement
|