github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
76 524 коммитов 219 Ветки 1 255 Теги 478 MiB
Граф коммитов

107 Коммитов

Автор SHA1 Сообщение Дата
Xenor Chang 745dcf5326 [ruby/cgi] Loosen the domain regex to accept '.' 
(https://github.com/ruby/cgi/pull/29)

* Loosen the domain regex to accept '.'

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>

https://github.com/ruby/cgi/commit/5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
 2022-11-28 04:34:11 +00:00
Jean Boussier 656f25987c [ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on older rubies 
https://github.com/ruby/cgi/commit/05f0c58048
 2022-11-24 18:32:19 +00:00
Nobuyoshi Nakada 58682b6980 [ruby/cgi] Relax domain label restrictions 
https://github.com/ruby/cgi/commit/b46d41c363
 2022-11-22 02:12:50 +00:00
Yusuke Endoh 0e75b2f2e6 [ruby/cgi] Prevent CRLF injection 
Throw a RuntimeError if the HTTP response header contains CR or LF to
prevent HTTP response splitting.

https://hackerone.com/reports/1204695

https://github.com/ruby/cgi/commit/64c5045c0a
 2022-11-22 02:00:11 +00:00
Nobuyoshi Nakada c05f85f373 [ruby/cgi] Check cookie name/path/domain characters 
https://hackerone.com/reports/1204977

https://github.com/ruby/cgi/commit/30107a4797
 2022-11-22 02:00:10 +00:00
Jean Boussier 3850113e20 [ruby/cgi] Implement `CGI.url_encode` and `CGI.url_decode` 
[Feature #18822]

Ruby is somewhat missing an RFC 3986 compliant escape method.

https://github.com/ruby/cgi/commit/c2729c7f33
 2022-08-16 19:12:03 +09:00
Pavel Rosický 4bc7cef866
[ruby/cgi] jruby support 
https://github.com/ruby/cgi/commit/93326fb622
 2022-06-06 18:13:01 +09:00
Nobuyoshi Nakada e4b35b158a [ruby/cgi] Check integer overflow in long range 
https://hackerone.com/reports/1328463

https://github.com/ruby/cgi/commit/ccaf6027e0
 2021-12-12 13:05:15 +09:00
Nobuyoshi Nakada 0f31b3f465 [ruby/cgi] When parsing cookies, only decode the values 
https://github.com/ruby/cgi/commit/052eb3a828
 2021-11-24 19:59:00 +09:00
Jeremy Evans f818b1ed2b
[ruby/cgi] Add test for escapeHTML/unescapeHTML invalid encoding fix in pure ruby version 
Also, remove pointless assert_nothing_raised(ArgumentError) while
here.

https://github.com/ruby/cgi/commit/c05edf5608
 2021-04-22 11:51:36 +09:00
Koichi Sasada 31c55b6725 need to restore $stdin. 2020-03-02 13:14:38 +09:00
Jeremy Evans ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops 
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
 2019-11-18 01:00:25 +02:00
Semyon Pupkov 4173258fd0
change call CGI methods from :: to . 
Closes: https://github.com/ruby/ruby/pull/1749
 2019-08-04 09:19:30 +09:00
MSP-Greg (Greg L) 2ad7a7f801
Get rid of error with frozen string literal 
[Bug #14194]
 2019-06-23 07:36:26 +09:00
normal 0e32c7c10a Revert "ext/cgi/escape: preserve String subclass in result" 
This reverts commit 6afea14043 r63328
I misread the original bug report and got results flipped.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63330 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-05-03 01:24:09 +00:00
normal 6afea14043 ext/cgi/escape: preserve String subclass in result 
* ext/cgi/escape/escape.c (optimized_escape_html): use rb_str_new_with_class
  (optimized_unescape_html): ditto
  (optimized_escape): ditto
  (optimized_unescape): ditto
* test/cgi/test_cgi_util.rb (test_escape_string_subclass): new test
  [ruby-core:86847] [Bug #14732]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-05-02 23:18:55 +00:00
k0kubun c26a9a7338 Fix strange indentation 
which I introduced at r58773.
Hard tabs and spaces are mixed...

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58783 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-18 15:13:30 +00:00
k0kubun e1b4327545 cgi/util.rb: Don't escape tilde in #escape 
to make it compatible with ERB::Util.url_encode.

ext/cgi/escape/escape.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-17 12:34:59 +00:00
nobu 97849e1178 share `@@accept_charset` 
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
  share `@@accept_charset` class variable, so that it is always
  accessible.  [ruby-core:80986] [Bug #13539]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-06 01:33:04 +00:00
kazu fbd5cda6aa {lib,test}/cgi: Specify frozen_string_literal: true. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-18 05:52:16 +00:00
nobu c373866444 escape.c: check argument 
* ext/cgi/escape/escape.c (optimized_unescape): check
  accept_charset encoding argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57501 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-02 08:02:36 +00:00
nobu 7d0d0d5864 test_cgi_util.rb: encoding tests 
* test/cgi/test_cgi_util.rb (test_cgi_unescape): \u is useless on
  old versions.

* test/cgi/test_cgi_util.rb (test_cgi_include_unescape): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-02 07:03:59 +00:00
naruse 5f33c6b0f5 * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791] 
* lib/webrick/cookie.rb (parse): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-09-27 03:17:47 +00:00
nobu e7440de279 test: use assert_include 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-07-26 13:02:33 +00:00
nobu 20cd25c86f cgi/util.rb: remove CGI::Util#_unescape 
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
  method instead of _unescape, and should pass the optional
  argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
  method.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-04-20 08:33:33 +00:00
nobu 8a180ee4b7 test_cgi_util.rb: test_cgi_unescapeHTML_invalid 
* test/cgi/test_cgi_util.rb (test_cgi_unescapeHTML_invalid): test
  for invalid escaped HTML, borrowed from rubyspec.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-02-14 08:52:38 +00:00
nobu 8e46f401b2 ASCII-incompatible escape 
* lib/cgi/util.rb (escapeHTML, unescapeHTML): consider
  ASCII-incompatible encodings.  [Fix GH-1239]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53754 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-02-06 13:31:07 +00:00
nobu 10a129cee7 escape.c: should not freeze 
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
  should return unfrozen new string.
  [ruby-core:72426] [Bug #11858]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-22 05:31:31 +00:00
nobu 1b107d48ef escape.c: Preserve original state 
* ext/cgi/escape/escape.c (preserve_original_state): Preserve
  original state for tainted and frozen.  [Fix GH-1166]
  [ruby-dev:49451] [Bug #11855]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-21 20:40:02 +00:00
nobu ce7f7f5e3d cgi/escape: Optimize CGI.escapeHTML 
* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-20 11:54:54 +00:00
nobu 28dc41090a test_cgi_util.rb: fix arguments orders 
* test/cgi/test_cgi_util.rb: fix arguments orders, expected values
  should be placed first and then actual results.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-20 11:31:22 +00:00
naruse 3e92b635fb Add frozen_string_literal: false for all files 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-16 05:07:31 +00:00
nobu c81b224edc test: use String#b instead of dup.force_encoding 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53109 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-14 06:40:55 +00:00
xibbar a4344cb5b4 * lib/cgi/cookie.rb: Implement HttpOnly flag for cookies. 
[fix GH-887] Patch by @martinpovolny

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-05-14 23:27:01 +00:00
nobu 5d071fe381 cookie.rb: trailing comma 
* lib/cgi/cookie.rb: add trailing comma for further lines.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-04-29 13:22:34 +00:00
nobu 05c29680e5 fix env leaks 
* lib/rubygems/test_case.rb (setup, teardown): fix
  environment variable change leaks.

* test/cgi/update_env.rb: ditto.

* test/rake/test_rake_application_options.rb (setup, teardown):
  ditto.

* test/rake/test_rake_file_utils.rb (setup, teardown): ditto.

* test/rubygems/test_gem_request.rb (setup): add https_proxy.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-03-12 14:57:33 +00:00
akr fb2008a73a * test/lib/envutil.rb: Moved from test/ruby/. 
* test/lib/find_executable.rb: Ditto.

* test/lib/memory_status.rb: Ditto.

* test/lib/test/unit.rb: require envutil.

* test/: Don't require envutil in test files.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-11-13 16:05:37 +00:00
hsbt 556f805493 * test/cgi/test_cgi_core.rb: removed obsoleted condition for Ruby 1.8. 
* test/cgi/test_cgi_header.rb: ditto.
* test/cgi/test_cgi_multipart.rb: ditto.
* test/cgi/test_cgi_tag_helper.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-08-09 01:19:18 +00:00
xibbar 5c99f241a0 * lib/cgi/core.rb: Provide a mechanism to specify the 
max_multipart_length of multipart data.
  [Feature #8370] patch by Leif Eriksen <leif.eriksen.au@gmail.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-06-10 04:29:49 +00:00
akr 9e9fcfeef4 Use Tempfile#close!. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-05-27 16:17:13 +00:00
akr c968f908e1 * lib/cgi/core.rb: Use Tempfile#close(true) instead of Tempfile#unlink 
to close file descriptors.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46181 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-05-27 14:51:08 +00:00
nobu af1da410ca cgi/util.rb: use alias 
* lib/cgi/util.rb (escape_html, unescape_html): make synonyms
  aliases instead of wrapper methods.
* lib/cgi/util.rb (escape_element, unescape_element): ditto.
  [Fixes GH-573]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-03-21 21:46:17 +00:00
nobu 993fd53616 test_cgi_util.rb: escape for ruby-mode.el 
* test/cgi/test_cgi_util.rb (CGIUtilTest): escape '<' not
  ruby-mode.el to confuse with here documents.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-03-21 21:46:04 +00:00
xibbar b35529bb4e * lib/cgi/util.rb: class methods modulize for using like a function. 
[Feature #8354]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2013-05-03 11:23:23 +00:00
xibbar bf4739ffdc * lib/cgi/html.rb: fix tagmaker because attributes should recognize. 
[Bug #8252]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2013-04-11 13:23:01 +00:00
xibbar 5865e7604c * lib/cgi/util.rb (CGI::unescapeHTML): fix Hexadecimal numeric character. 
[Bug #8183]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40181 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2013-04-08 04:06:39 +00:00
xibbar edb68694b8 * test/cgi/test_cgi_core.rb: Add test for CGI#header. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37558 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2012-11-08 06:56:17 +00:00
naruse 0ba4526d06 * lib/cgi/core.rb: check if Tempfile is defined before use it. 
* lib/cgi/core.rb: remove tempfiles only if tempfiles exist

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37473 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2012-11-05 02:34:17 +00:00
xibbar 1362d81a22 Mon Nov 5 09:55:05 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org> 
* lib/cgi/core.rb: remove tempfile more early.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37471 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2012-11-05 00:57:45 +00:00
xibbar 6837f3dc54 Sun Nov 4 20:41:28 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org> 
* lib/cgi.rb, lib/cgi/*/rb: rename CGI#header to
    CGI#http_header,
    add  and update HTML5 tag generater.  [Bug #7110]
    Patch provided by Marcus Stollsteimer, thank you !

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2012-11-04 11:48:05 +00:00