utopia 2.32.0 → 2.32.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/utopia/redirection.rb +10 -4
- data/lib/utopia/version.rb +1 -1
- data/readme.md +4 -0
- data/releases.md +4 -0
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 39b95a5f8c45c77816846900c9d99e7bb306bdbc589c60b10e71d045260d6107
|
|
4
|
+
data.tar.gz: 1c82a315db0de1c3738c6a03a4569fadaaf0aa031850f672976b29f71fd70087
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 01e866be2be3f5465b69a1de18ef976b2e4edbaa5facc9a168291e87965039afdc149df0157b7f50236ecd453a86b2ad93d34e548809dc3ae08b44c4a21a62f6
|
|
7
|
+
data.tar.gz: d8c87f177f7572795bf416c9ec6b560e2b3e357446c86d0853b8f47094d56e46413b112953b53bfa2cc27b6abc15baa3973f2862d21928f8056b46947cd66419
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/lib/utopia/redirection.rb
CHANGED
|
@@ -89,12 +89,15 @@ module Utopia
|
|
|
89
89
|
"max-age=#{self.max_age}"
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
-
def
|
|
93
|
-
{
|
|
92
|
+
def make_headers(location)
|
|
93
|
+
{
|
|
94
|
+
HTTP::LOCATION => location,
|
|
95
|
+
HTTP::CACHE_CONTROL => self.cache_control
|
|
96
|
+
}
|
|
94
97
|
end
|
|
95
98
|
|
|
96
99
|
def redirect(location)
|
|
97
|
-
return [self.status, self.
|
|
100
|
+
return [self.status, self.make_headers(location), []]
|
|
98
101
|
end
|
|
99
102
|
|
|
100
103
|
def [] path
|
|
@@ -102,7 +105,10 @@ module Utopia
|
|
|
102
105
|
end
|
|
103
106
|
|
|
104
107
|
def call(env)
|
|
105
|
-
path
|
|
108
|
+
# Normalize the path to remove redundant slashes, `.` and `..` segments.
|
|
109
|
+
# This prevents protocol-relative redirect URLs (e.g. //evil.com/index)
|
|
110
|
+
# from being generated when PATH_INFO contains a double leading slash.
|
|
111
|
+
path = Path.create(env[Rack::PATH_INFO]).simplify.to_s
|
|
106
112
|
|
|
107
113
|
if redirection = self[path]
|
|
108
114
|
return redirection
|
data/lib/utopia/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -31,6 +31,10 @@ Please see the [project documentation](https://socketry.github.io/utopia/) for m
|
|
|
31
31
|
|
|
32
32
|
Please see the [project releases](https://socketry.github.io/utopia/releases/index) for all releases.
|
|
33
33
|
|
|
34
|
+
### Unreleasd
|
|
35
|
+
|
|
36
|
+
- **Security** Fix handling of redirects that start with `//` to prevent open redirect vulnerabilities.
|
|
37
|
+
|
|
34
38
|
### v2.31.0
|
|
35
39
|
|
|
36
40
|
- Add agent context.
|
data/releases.md
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: utopia
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.32.
|
|
4
|
+
version: 2.32.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Samuel Williams
|
|
@@ -367,7 +367,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
367
367
|
- !ruby/object:Gem::Version
|
|
368
368
|
version: '0'
|
|
369
369
|
requirements: []
|
|
370
|
-
rubygems_version:
|
|
370
|
+
rubygems_version: 4.0.6
|
|
371
371
|
specification_version: 4
|
|
372
372
|
summary: Utopia is a framework for building dynamic content-driven websites.
|
|
373
373
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|