Граф коммитов

191 Коммитов

Автор SHA1 Сообщение Дата
Xenor Chang 745dcf5326 [ruby/cgi] Loosen the domain regex to accept '.'
(https://github.com/ruby/cgi/pull/29)

* Loosen the domain regex to accept '.'

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>

https://github.com/ruby/cgi/commit/5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
2022-11-28 04:34:11 +00:00
Nobuyoshi Nakada 58682b6980 [ruby/cgi] Relax domain label restrictions
https://github.com/ruby/cgi/commit/b46d41c363
2022-11-22 02:12:50 +00:00
Yusuke Endoh 0e75b2f2e6 [ruby/cgi] Prevent CRLF injection
Throw a RuntimeError if the HTTP response header contains CR or LF to
prevent HTTP response splitting.

https://hackerone.com/reports/1204695

https://github.com/ruby/cgi/commit/64c5045c0a
2022-11-22 02:00:11 +00:00
Nobuyoshi Nakada c05f85f373 [ruby/cgi] Check cookie name/path/domain characters
https://hackerone.com/reports/1204977

https://github.com/ruby/cgi/commit/30107a4797
2022-11-22 02:00:10 +00:00
Jean Boussier 3850113e20 [ruby/cgi] Implement `CGI.url_encode` and `CGI.url_decode`
[Feature #18822]

Ruby is somewhat missing an RFC 3986 compliant escape method.

https://github.com/ruby/cgi/commit/c2729c7f33
2022-08-16 19:12:03 +09:00
Pavel Rosický 4bc7cef866
[ruby/cgi] jruby support
https://github.com/ruby/cgi/commit/93326fb622
2022-06-06 18:13:01 +09:00
Nobuyoshi Nakada 6eb500e2df [ruby/cgi] Extract CGI::Session#new_store_file
https://github.com/ruby/cgi/commit/b3e2ff9164
2021-12-15 08:24:41 +09:00
Nobuyoshi Nakada f53f6d9284
[ruby/cgi] Exclude unused files from built package
https://github.com/ruby/cgi/commit/e840b6c368
2021-11-27 18:40:03 +09:00
Nobuyoshi Nakada 45034e9de3 [ruby/cgi] Set extconf.rb to extensions
Fix https://github.com/ruby/cgi/pull/11

https://github.com/ruby/cgi/commit/60d8f5e7d9
2021-11-27 14:44:46 +09:00
Nobuyoshi Nakada 0f31b3f465 [ruby/cgi] When parsing cookies, only decode the values
https://github.com/ruby/cgi/commit/052eb3a828
2021-11-24 19:59:00 +09:00
Nobuyoshi Nakada 62fc81fe12 [ruby/cgi] Use Time#strftime
https://github.com/ruby/cgi/commit/caf1d0755d
2021-09-03 17:50:00 +09:00
Olle Jonsson 2440d60acb
[ruby/cgi] gemspec: Explicitly empty executables list
The gem exposes no executables

https://github.com/ruby/cgi/commit/cd7106ad97
2021-04-22 11:51:37 +09:00
pavel 2756938369
[ruby/cgi] handle invalid encoding
https://github.com/ruby/cgi/commit/2b1c2e21a4
2021-04-22 11:51:36 +09:00
Hiroshi SHIBATA 8fb02b7a97
Update the license for the default gems to dual licenses 2020-08-18 20:26:39 +09:00
Hiroshi SHIBATA e732d376af [ruby/cgi] Drop to Ruby 2.4
https://github.com/ruby/cgi/commit/8a86536e94
2020-08-03 18:30:19 +09:00
Nobuyoshi Nakada b2d96abb42 Extract version number from the source
"requiring version.rb" strategy has some issues.

- cannot work when cross-compiling
- often introduces wrong namespace
- must know the superclasses
- costs at each runtime than at build-time

etc.
2020-07-30 19:03:18 +09:00
Kazuhiro NISHIYAMA de10631dcf
Add workaround for test-bundler failure
https://github.com/ruby/actions/runs/500526558?check_suite_focus=true#step:16:127
```
Failures:

  1) Bundler.setup when Bundler is bundled doesn't blow up
     Failure/Error: expect(err).to be_empty

       expected `"fatal: not a git repository (or any of the parent directories): .git\nfatal: not a git repository (o...the parent directories): .git\nfatal: not a git repository (or any of the parent directories): .git".empty?` to return true, got false

       Commands:
       $ /home/runner/work/actions/actions/snapshot-master/ruby \
         -I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
         -rsupport/hax -rsupport/artifice/fail \
         /home/runner/work/actions/actions/snapshot-master/libexec/bundle install --retry 0
       Resolving dependencies...
       Using bundler 2.1.4
       Bundle complete! 1 Gemfile dependency, 1 gem now installed.
       Use `bundle info [gemname]` to see where a bundled gem is installed.
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       # $? => 0

       $ /home/runner/work/actions/actions/snapshot-master/ruby \
         -I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
         -rsupport/hax -rsupport/artifice/fail \
         /home/runner/work/actions/actions/snapshot-master/libexec/bundle exec ruby -e \
         require\ \'bundler\'\;\ Bundler.setup
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       # $? => 0
     # ./spec/bundler/runtime/setup_spec.rb:1056:in `block (3 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:111:in `block (3 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:111:in `block (2 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:78:in `block (2 levels) in <top (required)>'
make: *** [yes-test-bundler] Error 1
```
2020-03-12 19:17:08 +09:00
Jeremy Evans ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
2019-11-18 01:00:25 +02:00
Hiroshi SHIBATA fc85bdeb77
Promote cgi to default gems 2019-11-07 16:36:14 +09:00
Nobuyoshi Nakada 45454bdb8b
Prefer Regexp#=~ to Regexp#match when the RHS may be nil 2019-08-19 16:39:42 +09:00
ohbarye b1678338e5
Fix typo: duplicated the [skip-ci] 2019-08-09 16:23:49 -07:00
Semyon Pupkov 4173258fd0
change call CGI methods from :: to .
Closes: https://github.com/ruby/ruby/pull/1749
2019-08-04 09:19:30 +09:00
kazu c01a5ee85e Use delete_prefix instead of `sub(/\Afixed-pattern/, '')`
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-12-04 08:22:10 +00:00
nobu 6b1e425144 lib/cgi/util.rb: use require
* lib/cgi/util.rb: reverted r65505.  require_relative does not
  work for cgi/escape.so, as extension libraries are placed in
  other directories than ruby libraries.  [Bug #15206]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65511 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-11-03 05:29:02 +00:00
marcandre e859e668d2 lib/*: Prefer require_relative over require.
[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-11-02 17:52:33 +00:00
kazu b4d935455f Use `&.` instead of modifier if
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-04 13:30:25 +00:00
kazu e03ea9c596 Use printf instead of puts and sprintf
[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61174 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-12 15:01:04 +00:00
shyouhei f2a91397fd Add uplevel keyword to Kernel#warn and use it
If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.

This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.

This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.

This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.

rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.

From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-12 11:56:25 +00:00
kazu 42fbe19fa8 Fix cgi/core code example missing comma
ref https://github.com/rurema/doctree/pull/448
[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59469 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-08-02 15:10:38 +00:00
k0kubun e1b4327545 cgi/util.rb: Don't escape tilde in #escape
to make it compatible with ERB::Util.url_encode.

ext/cgi/escape/escape.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-17 12:34:59 +00:00
nobu 97849e1178 share `@@accept_charset`
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
  share `@@accept_charset` class variable, so that it is always
  accessible.  [ruby-core:80986] [Bug #13539]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-06 01:33:04 +00:00
kazu fbd5cda6aa {lib,test}/cgi: Specify frozen_string_literal: true.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-18 05:52:16 +00:00
normal f845a9ef76 lib/*: remove closed checks
Follow r56795.  Since Ruby 2.2, calling #close on a closed
socket no longer raises exceptions.

* lib/cgi/session.rb (update): remove closed? check
* lib/net/http.rb (finish, transport_request): ditto
* lib/net/imap.rb (disconnect): ditto
* lib/net/pop.rb (do_start, do_finish): ditto
* lib/net/smtp.rb (do_start, do_finish): ditto
* lib/open3.rb (popen_run, pipeline_run): ditto
* lib/pstore.rb (transaction): ditto
* lib/shell/process-controller.rb (sfork):
* lib/tempfile (_close, call, Tempfile.create): ditto
* lib/webrick/httpauth/htdigest.rb (flush): ditto
* lib/webrick/httpauth/htpasswd.rb (flush): ditto
* lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-21 23:05:41 +00:00
naruse 5f33c6b0f5 * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
* lib/webrick/cookie.rb (parse): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-27 03:17:47 +00:00
hsbt e303695ebd * lib/cgi/util.rb: added to missing quote.
[fix GH-1363][ci skip] Patch by @dwaller

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55185 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-28 01:26:21 +00:00
nobu 20cd25c86f cgi/util.rb: remove CGI::Util#_unescape
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
  method instead of _unescape, and should pass the optional
  argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
  method.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-04-20 08:33:33 +00:00
nobu d463c492bc cgi/escape: Optimize CGI.unescape
* cgi/escape/escape.c: Optimize CGI.unescape performance by C ext
  for ASCII-compatible encodings.  [Fix GH-1250]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-21 04:57:57 +00:00
nobu 8e46f401b2 ASCII-incompatible escape
* lib/cgi/util.rb (escapeHTML, unescapeHTML): consider
  ASCII-incompatible encodings.  [Fix GH-1239]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53754 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-06 13:31:07 +00:00
nobu ce7f7f5e3d cgi/escape: Optimize CGI.escapeHTML
* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-20 11:54:54 +00:00
naruse 3e92b635fb Add frozen_string_literal: false for all files
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16 05:07:31 +00:00
nobu 16dbb79e88 session.rb: SHA512
* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5.
  pointed out by SARWAR JAHAN.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51748 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-09-03 12:12:14 +00:00
nobu 228cfd02d5 cookie.rb: revert part of r50496
* lib/cgi/cookie.rb (CGI::Cookie#secure): revert part of r50496,
  which is irrelevant to GH-887, as the document states that the
  argument must be a boolean.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-05-15 08:59:33 +00:00
xibbar a4344cb5b4 * lib/cgi/cookie.rb: Implement HttpOnly flag for cookies.
[fix GH-887] Patch by @martinpovolny

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-05-14 23:27:01 +00:00
nobu 5d071fe381 cookie.rb: trailing comma
* lib/cgi/cookie.rb: add trailing comma for further lines.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-04-29 13:22:34 +00:00
hsbt ffc068c9bb * lib/cgi/session/pstore.rb: separated sample code.
* lib/open3.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47122 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-08-10 01:34:50 +00:00
hsbt 448c87008e * lib/cgi/core.rb: remove unused variables.
* lib/erb.rb: ditto.
* lib/mkmf.rb: ditto.
* lib/net/http/response.rb: ditto.
* lib/optparse/version.rb: ditto.
* lib/prime.rb: ditto.
* lib/racc/parser.rb: ditto.
* lib/rexml/document.rb: ditto.
* lib/rexml/dtd/dtd.rb: ditto.
* lib/rexml/element.rb: ditto.
* lib/rexml/functions.rb: ditto.
* lib/rexml/parsers/xpathparser.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-07-27 11:04:28 +00:00
xibbar 5c99f241a0 * lib/cgi/core.rb: Provide a mechanism to specify the
max_multipart_length of multipart data.
  [Feature #8370] patch by Leif Eriksen <leif.eriksen.au@gmail.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-06-10 04:29:49 +00:00
akr 9b612d382d * test/lib/minitest/unit.rb: Use Tempfile#close! instead of
Tempfile#unlink to close file descriptors.

* test/openssl/test_config.rb: Ditto.

* test/ruby/test_io.rb: Ditto.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-05-27 15:49:13 +00:00
akr c968f908e1 * lib/cgi/core.rb: Use Tempfile#close(true) instead of Tempfile#unlink
to close file descriptors.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46181 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-05-27 14:51:08 +00:00
nobu 37ce765ba3 fix typo [Fix GH-603]
* bootstraptest/test_literal.rb: fix typo of "dynamic".  [ci skip]
* regexp.rdoc: fix typo of "organized".  [ci skip]
* lib/session.rb: fix typo of "recognized".  [ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45737 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-04-28 15:20:28 +00:00