From a9a02401a849958b5d654cf60d4cda927c7e33b4 Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Mon, 10 Jan 2005 06:29:58 +0000 Subject: [PATCH] * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should escape SCRIPT_NAME and PATH_INFO before being parsed as a URI. * lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add new method to escape URI path component. * lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value of :SSLEnable is false. * test/webrick/{test_cgi.rb,webrick.cgi}: new file. * test/webrick/utils.rb: require "webrick/https.h". git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 15 +++++++++++++ lib/webrick/cgi.rb | 1 + lib/webrick/httputils.rb | 15 ++++++++----- lib/webrick/ssl.rb | 2 +- test/webrick/test_cgi.rb | 46 ++++++++++++++++++++++++++++++++++++++++ test/webrick/utils.rb | 1 + test/webrick/webrick.cgi | 26 +++++++++++++++++++++++ 7 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 test/webrick/test_cgi.rb create mode 100644 test/webrick/webrick.cgi diff --git a/ChangeLog b/ChangeLog index 254b03ad43..9c39f0b761 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +Mon Jan 10 15:28:51 2005 GOTOU Yuuzou + + * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should + escape SCRIPT_NAME and PATH_INFO before being parsed as a URI. + + * lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add + new method to escape URI path component. + + * lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value + of :SSLEnable is false. + + * test/webrick/{test_cgi.rb,webrick.cgi}: new file. + + * test/webrick/utils.rb: require "webrick/https.h". + Sun Jan 9 14:12:17 2005 Nobuyoshi Nakada * io.c (rb_f_select): IO list could be altered. [ruby-dev:25312] diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb index 1282bdcd93..6878da5749 100644 --- a/lib/webrick/cgi.rb +++ b/lib/webrick/cgi.rb @@ -147,6 +147,7 @@ module WEBrick if path_info = @env["PATH_INFO"] url << path_info end + url = WEBrick::HTTPUtils.escape_path(url) if query_string = @env["QUERY_STRING"] unless query_string.empty? url << "?" << query_string diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb index e45d8e0499..e0855222f1 100644 --- a/lib/webrick/httputils.rb +++ b/lib/webrick/httputils.rb @@ -352,15 +352,18 @@ module WEBrick unwise = '{}|\\^[]`' nonascii = (0x80..0xff).collect{|c| c.chr }.join + module_function + def _make_regex(str) /([#{Regexp.escape(str)}])/n end + def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1[0] } end def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end - module_function :_make_regex, :_escape, :_unescape UNESCAPED = _make_regex(control+space+delims+unwise+nonascii) UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii) NONASCII = _make_regex(nonascii) ESCAPED = /%([0-9a-fA-F]{2})/ + UNESCAPED_PCHAR = _make_regex!(unreserved+":@&=+$,") def escape(str) _escape(str, UNESCAPED) @@ -380,12 +383,14 @@ module WEBrick _unescape(str.gsub(/\+/, " "), ESCAPED) end + def escape_path(str) + str.split("/").collect{|i| + _escape(i, UNESCAPED_PCHAR) + }.join("/") + end + def escape8bit(str) _escape(str, NONASCII) end - - module_function :escape, :unescape, :escape_form, :unescape_form, - :escape8bit - end end diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb index 4562ba4948..03bfdf4aa0 100644 --- a/lib/webrick/ssl.rb +++ b/lib/webrick/ssl.rb @@ -14,7 +14,7 @@ module WEBrick osslv = ::OpenSSL::OPENSSL_VERSION.split[1] SSL = { :ServerSoftware => "#{svrsoft} OpenSSL/#{osslv}", - :SSLEnable => true, + :SSLEnable => false, :SSLCertificate => nil, :SSLPrivateKey => nil, :SSLClientCA => nil, diff --git a/test/webrick/test_cgi.rb b/test/webrick/test_cgi.rb new file mode 100644 index 0000000000..60d5da6a72 --- /dev/null +++ b/test/webrick/test_cgi.rb @@ -0,0 +1,46 @@ +require "webrick" +require File.join(File.dirname(__FILE__), "utils.rb") +require "test/unit" +begin + loadpath = $:.dup + $:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))]) + require 'envutil' +ensure + $:.replace(loadpath) +end + +class TestWEBrickCGI < Test::Unit::TestCase + def test_cgi + accepted = started = stopped = 0 + requested0 = requested1 = 0 + config = { + :CGIInterpreter => EnvUtil.rubybin, + :DocumentRoot => File.dirname(__FILE__), + } + TestWEBrick.start_httpserver(config){|server, addr, port| + http = Net::HTTP.new(addr, port) + req = Net::HTTP::Get.new("/webrick.cgi") + http.request(req){|res| assert_equal("/webrick.cgi", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/path/info") + http.request(req){|res| assert_equal("/path/info", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/%3F%3F%3F?foo=bar") + http.request(req){|res| assert_equal("/???", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/%A4%DB%A4%B2/%A4%DB%A4%B2") + http.request(req){|res| + assert_equal("/\xA4\xDB\xA4\xB2/\xA4\xDB\xA4\xB2", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi?a=1;a=2;b=x") + http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi?a=1&a=2&b=x") + http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)} + + req = Net::HTTP::Post.new("/webrick.cgi?a=x;a=y;b=1") + req["Content-Type"] = "application/x-www-form-urlencoded" + http.request(req, "a=1;a=2;b=x"){|res| + assert_equal("a=1, a=2, b=x", res.body)} + req = Net::HTTP::Post.new("/webrick.cgi?a=x&a=y&b=1") + req["Content-Type"] = "application/x-www-form-urlencoded" + http.request(req, "a=1&a=2&b=x"){|res| + assert_equal("a=1, a=2, b=x", res.body)} + } + end +end diff --git a/test/webrick/utils.rb b/test/webrick/utils.rb index 50ffd759aa..adb0d106e7 100644 --- a/test/webrick/utils.rb +++ b/test/webrick/utils.rb @@ -1,4 +1,5 @@ require "webrick" +require "webrick/https" require "webrick/httpproxy" module TestWEBrick diff --git a/test/webrick/webrick.cgi b/test/webrick/webrick.cgi new file mode 100644 index 0000000000..97e1377454 --- /dev/null +++ b/test/webrick/webrick.cgi @@ -0,0 +1,26 @@ +#!ruby -d +require "webrick/cgi" + +class TestApp < WEBrick::CGI + def do_GET(req, res) + res["content-type"] = "text/plain" + if p = req.path_info + res.body = p + elsif (q = req.query).size > 0 + res.body = q.keys.sort.collect{|key| + q[key].list.sort.collect{|v| + "#{key}=#{v}" + }.join(", ") + }.join(", ") + else + res.body = req.script_name + end + end + + def do_POST(req, res) + do_GET(req, res) + end +end + +cgi = TestApp.new +cgi.start