Set the HTTP status code to 302 if a Location header field is
present and the status code is not valid as a client
redirection. cf. RFC 3875 6.2.3, 6.2.4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
WEBrick::HTTPRequest#{host,port,request_uri} is derived having
regards to X-Forwarded-Proto and X-Forwarded-Host.
* lib/webrick/httprequest.rb
(WEBrick::HTTPRequest#server_name?): new method.
(WEBrick::HTTPRequest#remote_ip?): new method.
(WEBrick::HTTPRequest#ssl?): new method.
* string.c (rb_enc_cr_str_buf_cat): fix self appending.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
call do_XXX which corespond with request method.
(WEBrick::HTTPProxyServer#do_CONNECT,do_GET,do_POST,do_HEAD): added.
* test/webrick/test_httpproxy.rb: add test for WEBrick::HTTPProxyServer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should rescue Errno::EINVAL from TCPServer#accept. this exception
might occur if the server socket is not in ready to listen.
* lib/webrick/server.rb (WEBrick::GenericServer#accept_client):
don't call TCPServer#close if the :ShutdownSocketWithoutClose is set.
* lib/webrick/config.rb (WEBrick::Config::General): add new parameter
:ShutdownSocketWithoutClose.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14306 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
test/rss/rss-assertions.rb, test/rss/test_atom.rb: use
pack/unpack("m") instead of base64 library.
* lib/webrick/httpproxy.rb: use delete("\n") instead of chomp/chop
because the result of pack("m") might be multi-line.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
header fields shold be read with maximum length. [ruby-talk:231745]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPAuth::Authenticator#check_scheme): auth-scheme must be
treated as a case-insensitive token according to RFC 2617 section 1.2.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpstatus.rb (WEBrick::HTTPStatus::EOFError): adapt
to new syntax.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Arrays could not be modified in its each block. [ruby-dev:30063]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11472 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
HTTPUtils::parse_header() takes a string. [ruby-dev:29931]
* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_header):
String does no longer have each method.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_form_data):
ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11321 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
method to parse multiple cookies per Set-Cookie header.
Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>.
[ruby-core:08802]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
use String#ord to get ascii code from the one-character string.
[ruby-dev:28901]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
:InputBufferSize and :OutputBufferSize.
* lib/webrick/utils.rb (WEBrick::Utils.timeout): add new timeout
method. this implementation is expected to be compatible with
timeout.rb and faster than timeout.rb.
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#_read_data):
Timeout.timeout is replaced by WEBrick::Utils.timeout.
* lib/webrick/httprequest.rb: WEBrick::HTTPRequest::BUFSIZE is
replaced by config[:InputBufferSize].
* lib/webrick/httpresposne.rb: WEBrick::HTTPResponse::BUFSIZE is
replaced by config[:OutputBufferSize].
* lib/webrick/server.rb: get rid of unnecessary require.
* test/webrick/test_utils.rb: test for WEBrick::Utils.timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040]
* lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder)
[ruby-core:7075]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
header field should be splited into each cookie. [ruby-Bugs:2199]
* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
to parse the value of Set-Cookie: header field.
* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
test/webrick/webrick.cgi: add some test for cookie.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It is harmful to permit the access to ~/public_html by default.
suggested by Hiroyuki Iwatsuki.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9386 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
refer the value of QUERY_STRING. [ruby-list:41186]
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#query_string=):
add new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/webrick/httpserver.rb (HTTPServer#intialize),
lib/webrick/httpservlet/cgihandler.rb (CGIHandler#initialize),
lib/webrick/httpservlet/erbhandler.rb (ERBHandler#initialize),
lib/webrick/httpservlet/filehandler.rb(DefaultFileHandler#initialize):
super (called with no arguments) takes default value of optional
arguments. [ruby-dev:26743]
* lib/webrick/httputils.rb: add a media-type "text/html" for .xhtml.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8943 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
sockets should be non-blocking mode. [ruby-dev:26405]
* lib/webrick/utils.rb (WEBrick::Utils.set_non_blocking): new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8767 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
mistook to merge the patch of [ruby-dev:26235] at
revision 1.11.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
break the loop if the socket reached to EOF. [ruby-talk:142285]
* lib/webrick/httpserver.rb (WEBrick::HTTPServer#run): send response
without reading the whole request body if keep-alive is diabled.
[experimental]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ENV["REQUEST_URI"] is better to get correct Request-URI
than ENV["SCRIPT_NAME"] + ENV["PATH_INFO"]. [ruby-dev:26235]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
and WEBrick::CGI#config. these are necessary to use an instance of
WEBrick::CGI as the first argument of HTTPServlet#get_instance.
(suggested by Tatsuki Sugiura)
* lib/webrick/cgi.rb
(WEBrick::CGI#initalize): set a dummy to @config[:ServerSoftware]
if SERVER_SOFTWARE environment variable is not given.
(WEBrick::CGI#start): req.path_info must be a String.
(WEBrick::CGI::Socket#request_line): treat REQUEST_METHOD, PATH_INFO
and SCRIPT_NAME to run in console.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.escape_path): should
not use String#split("/"). it removes trailing empty path component.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8393 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
new method to escape URI path component.
* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
of :SSLEnable is false.
* test/webrick/{test_cgi.rb,webrick.cgi}: new file.
* test/webrick/utils.rb: require "webrick/https.h".
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the sesponse by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* test/webrick/*, sample/webrick/httpproxy.rb: add new files.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
raise NotImplementedError if password is encrypted by digest
algorithms. This patch is contributed by sheepman. [ruby-list:40467]
* lib/webrick/httpauth/digestauth.rb
(WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
This patch is contributed by sheepman. [ruby-list:40482]
* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding. fixed: [ruby-dev:25336]
* test/webrick/test_httpauth.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/webrick/httpauth/{basicauth.rb,digestauth.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7593 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should log about all accepted socket. [ruby-core:03962]
* lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params):
"%%" and "%u" are supported. [webricken:135]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#check_filename):
:NondisclosureName is acceptable if it is Enumerable.
* lib/webrick/config.rb (WEBrick::Config::FileHandler):
default value of :NondisclosureName is [".ht*", "*~"].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SecurityError. [ruby-dev:24970]
* lib/webrick/httpserver.rb (WEBrick::HTTPServer#run): should wait
for reading request till data arrive. [ruby-talk:121068]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7523 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matz
knu
gotoyuzo
drbrain
naruse
nahi
ko1
akr
ocean