Граф коммитов

37 Коммитов

Автор SHA1 Сообщение Дата
Nobuyoshi Nakada e4b35b158a [ruby/cgi] Check integer overflow in long range
https://hackerone.com/reports/1328463

https://github.com/ruby/cgi/commit/ccaf6027e0
2021-12-12 13:05:15 +09:00
Nobuyoshi Nakada da34f31ad0 [ruby/cgi] Fix integer overflow
Make use of the check in rb_alloc_tmp_buffer2.

https://hackerone.com/reports/1328463

https://github.com/ruby/cgi/commit/c728632c1c
2021-11-24 19:58:59 +09:00
Nobuyoshi Nakada ac152b3cac
Update dependencies 2021-11-21 16:21:18 +09:00
卜部昌平 5c167a9778 ruby tool/update-deps --fix 2021-10-05 14:18:23 +09:00
Benoit Daloze fa7a712d46 Fix -Wundef warnings for HAVE_RB_EXT_RACTOR_SAFE
* See [Feature #17752]
2021-05-04 14:56:55 +02:00
卜部昌平 6413dc27dc dependency updates 2021-04-13 14:30:21 +09:00
Koichi Sasada c1461c927b cgi/escape is ractor-safe 2020-12-20 04:22:29 +09:00
卜部昌平 490010084e sed -i '/rmodule.h/d' 2020-08-27 16:42:06 +09:00
卜部昌平 756403d775 sed -i '/r_cast.h/d' 2020-08-27 15:03:36 +09:00
卜部昌平 0da2a3f1fc sed -i '\,2/extern.h,d' 2020-08-27 14:07:49 +09:00
卜部昌平 9e41a75255 sed -i 's|ruby/impl|ruby/internal|'
To fix build failures.
2020-05-11 09:24:08 +09:00
卜部昌平 d7f4d732c1 sed -i s|ruby/3|ruby/impl|g
This shall fix compile errors.
2020-05-11 09:24:08 +09:00
卜部昌平 9e6e39c351
Merge pull request #2991 from shyouhei/ruby.h
Split ruby.h
2020-04-08 13:28:13 +09:00
Jeremy Evans ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
2019-11-18 01:00:25 +02:00
Nobuyoshi Nakada 715955ff27
Include ruby/assert.h in ruby/ruby.h so that assertions can be there 2019-07-14 17:58:03 +09:00
Takashi Kokubun 0a29dc87e6
Optimize CGI.escapeHTML by reducing buffer extension
and switch-case branches.

Buffer allocation optimization using `ALLOCA_N` would be the main
benefit of patch. It eliminates the O(N) buffer extensions.

It also reduces the number of branches using escape table like
https://mattn.kaoriya.net/software/lang/c/20160817011915.htm.

Closes: https://github.com/ruby/ruby/pull/2226

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
2019-06-05 21:07:04 +09:00
git 6b66a76f43 * expand tabs. 2019-06-05 11:01:59 +09:00
Takashi Kokubun 71b14affc6
Revert "Optimize CGI.escapeHTML by reducing buffer extension"
This reverts commit 8d81e59aa7.

`ALLOCA_N` does not check stack overflow unlike ALLOCV. I'll fix it and
re-commit it again.
2019-06-05 11:00:54 +09:00
Takashi Kokubun 8d81e59aa7
Optimize CGI.escapeHTML by reducing buffer extension
and switch-case branches.

Buffer allocation optimization using `ALLOCA_N` would be the main
benefit of patch. It eliminates the O(N) buffer extensions.

It also reduces the number of branches using escape table like
https://mattn.kaoriya.net/software/lang/c/20160817011915.htm.

Closes: https://github.com/ruby/ruby/pull/2226

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
2019-06-05 10:08:55 +09:00
nobu 63f990674b Use $(hdrdir) for include/ruby.h, as well as r67033
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-11 13:43:14 +00:00
normal 0e32c7c10a Revert "ext/cgi/escape: preserve String subclass in result"
This reverts commit 6afea14043 r63328
I misread the original bug report and got results flipped.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63330 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-03 01:24:09 +00:00
normal 6afea14043 ext/cgi/escape: preserve String subclass in result
* ext/cgi/escape/escape.c (optimized_escape_html): use rb_str_new_with_class
  (optimized_unescape_html): ditto
  (optimized_escape): ditto
  (optimized_unescape): ditto
* test/cgi/test_cgi_util.rb (test_escape_string_subclass): new test
  [ruby-core:86847] [Bug #14732]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-02 23:18:55 +00:00
k0kubun e1b4327545 cgi/util.rb: Don't escape tilde in #escape
to make it compatible with ERB::Util.url_encode.

ext/cgi/escape/escape.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-17 12:34:59 +00:00
shyouhei 20c72dc89d ruby tool/update-deps --fix
Onigumo 6 (r57045) introduced new onigumo.h header file, which is
required from quite much everywhere.  This commit adds necessary
dependencies.

Note: ruby/oniguruma.h now includes onigumo.h,
      ruby/io.h includes oniguruma.h,
      ruby/encoding.h also includes oniguruma.h,
      and internal.h includes encoding.h.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58054 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-22 06:00:18 +00:00
nobu c373866444 escape.c: check argument
* ext/cgi/escape/escape.c (optimized_unescape): check
  accept_charset encoding argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57501 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-02 08:02:36 +00:00
nobu 64fea27496 Update dependencies
* common.mk (compile.o, loadpath.o): update dependencies.

* common.mk (vm_call.o): remove stale object dependencies.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55589 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-06 05:48:13 +00:00
nobu 2282541898 Magic numbers
* ext/cgi/escape/escape.c (optimized_unescape_html): remove magic
  numbers for literal lengths.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55542 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-30 05:45:35 +00:00
nobu 7175ee79ee Initialize ID
* ext/cgi/escape/escape.c (accept_charset): initialize the static
  ID for theha class variable once at first.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-30 04:16:43 +00:00
nobu 20cd25c86f cgi/util.rb: remove CGI::Util#_unescape
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
  method instead of _unescape, and should pass the optional
  argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
  method.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-04-20 08:33:33 +00:00
nobu d463c492bc cgi/escape: Optimize CGI.unescape
* cgi/escape/escape.c: Optimize CGI.unescape performance by C ext
  for ASCII-compatible encodings.  [Fix GH-1250]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-21 04:57:57 +00:00
nobu 1b7109e11a cgi/escape: Optimize CGI.unescapeHTML
* cgi/escape/escape.c: Optimize CGI.unescapeHTML performance by C
  ext for ASCII-compatible encodings.  [Fix GH-1242]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-21 04:57:35 +00:00
nobu a320f811cf mask upper nibble
* ext/cgi/escape/escape.c (optimized_escape): move c and use it
  instead of cstr[i].  mask upper nibble for the platforms where
  CHAR_BIT > 8.  [Fix GH-1238]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53733 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-04 05:10:36 +00:00
nobu 7d1dd7cad8 initialize dest to 0
* ext/cgi/escape/escape.c (optimized_escape_html): initialize dest
  to 0 and tell the result to be modified, instead of a separate
  flag.

* ext/cgi/escape/escape.c (optimized_escape): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-04 03:40:41 +00:00
nobu 217ad664ab cgi/escape: Optimize CGI.escape
* cgi/escape/escape.c: Optimize CGI.escape performance by C ext
  for ASCII-compatible encodings.  [Fix GH-1238]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53731 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-04 03:39:12 +00:00
nobu 10a129cee7 escape.c: should not freeze
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
  should return unfrozen new string.
  [ruby-core:72426] [Bug #11858]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-22 05:31:31 +00:00
nobu 1b107d48ef escape.c: Preserve original state
* ext/cgi/escape/escape.c (preserve_original_state): Preserve
  original state for tainted and frozen.  [Fix GH-1166]
  [ruby-dev:49451] [Bug #11855]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-21 20:40:02 +00:00
nobu ce7f7f5e3d cgi/escape: Optimize CGI.escapeHTML
* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-20 11:54:54 +00:00