2017-02-18 00:52:16 -05:00
|
|
|
# frozen_string_literal: true
|
2008-08-27 20:30:40 -04:00
|
|
|
require 'test/unit'
|
|
|
|
require 'cgi'
|
|
|
|
require 'tempfile'
|
|
|
|
require 'stringio'
|
2015-03-12 10:57:33 -04:00
|
|
|
require_relative 'update_env'
|
2008-08-27 20:30:40 -04:00
|
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
## usage:
|
|
|
|
## boundary = 'foobar1234' # or nil
|
|
|
|
## multipart = MultiPart.new(boundary)
|
|
|
|
## multipart.append('name1', 'value1')
|
|
|
|
## multipart.append('file1', File.read('file1.html'), 'file1.html')
|
|
|
|
## str = multipart.close()
|
|
|
|
## str.each_line {|line| p line }
|
|
|
|
## ## output:
|
|
|
|
## # "--foobar1234\r\n"
|
|
|
|
## # "Content-Disposition: form-data: name=\"name1\"\r\n"
|
|
|
|
## # "\r\n"
|
|
|
|
## # "value1\r\n"
|
|
|
|
## # "--foobar1234\r\n"
|
|
|
|
## # "Content-Disposition: form-data: name=\"file1\"; filename=\"file1.html\"\r\n"
|
|
|
|
## # "Content-Type: text/html\r\n"
|
|
|
|
## # "\r\n"
|
|
|
|
## # "<html>\n"
|
|
|
|
## # "<body><p>Hello</p></body>\n"
|
|
|
|
## # "</html>\n"
|
|
|
|
## # "\r\n"
|
|
|
|
## # "--foobar1234--\r\n"
|
|
|
|
##
|
|
|
|
class MultiPart
|
|
|
|
|
|
|
|
def initialize(boundary=nil)
|
|
|
|
@boundary = boundary || create_boundary()
|
2017-02-18 00:52:16 -05:00
|
|
|
@buf = ''.dup
|
2009-12-22 19:14:48 -05:00
|
|
|
@buf.force_encoding(::Encoding::ASCII_8BIT) if defined?(::Encoding)
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
attr_reader :boundary
|
|
|
|
|
|
|
|
def append(name, value, filename=nil, content_type=nil)
|
|
|
|
content_type = detect_content_type(filename) if filename && content_type.nil?
|
|
|
|
s = filename ? "; filename=\"#{filename}\"" : ''
|
|
|
|
buf = @buf
|
|
|
|
buf << "--#{boundary}\r\n"
|
|
|
|
buf << "Content-Disposition: form-data: name=\"#{name}\"#{s}\r\n"
|
|
|
|
buf << "Content-Type: #{content_type}\r\n" if content_type
|
|
|
|
buf << "\r\n"
|
2015-12-14 01:40:55 -05:00
|
|
|
buf << value.b
|
2008-08-27 20:30:40 -04:00
|
|
|
buf << "\r\n"
|
|
|
|
return self
|
|
|
|
end
|
|
|
|
|
|
|
|
def close
|
|
|
|
buf = @buf
|
2017-02-18 00:52:16 -05:00
|
|
|
@buf = ''.dup
|
2008-08-27 20:30:40 -04:00
|
|
|
return buf << "--#{boundary}--\r\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_boundary() #:nodoc:
|
|
|
|
return "--boundary#{rand().to_s[2..-1]}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def detect_content_type(filename) #:nodoc:
|
|
|
|
filename =~ /\.(\w+)\z/
|
|
|
|
return MIME_TYPES[$1] || 'application/octet-stream'
|
|
|
|
end
|
|
|
|
|
|
|
|
MIME_TYPES = {
|
|
|
|
'gif' => 'image/gif',
|
|
|
|
'jpg' => 'image/jpeg',
|
|
|
|
'jpeg' => 'image/jpeg',
|
|
|
|
'png' => 'image/png',
|
|
|
|
'bmp' => 'image/bmp',
|
|
|
|
'tif' => 'image/tiff',
|
|
|
|
'tiff' => 'image/tiff',
|
|
|
|
'htm' => 'text/html',
|
|
|
|
'html' => 'text/html',
|
|
|
|
'xml' => 'text/xml',
|
|
|
|
'txt' => 'text/plain',
|
|
|
|
'text' => 'text/plain',
|
|
|
|
'css' => 'text/css',
|
|
|
|
'mpg' => 'video/mpeg',
|
|
|
|
'mpeg' => 'video/mpeg',
|
|
|
|
'mov' => 'video/quicktime',
|
|
|
|
'avi' => 'video/x-msvideo',
|
|
|
|
'mp3' => 'audio/mpeg',
|
|
|
|
'mid' => 'audio/midi',
|
|
|
|
'wav' => 'audio/x-wav',
|
|
|
|
'zip' => 'application/zip',
|
|
|
|
#'tar.gz' => 'application/gtar',
|
|
|
|
'gz' => 'application/gzip',
|
|
|
|
'bz2' => 'application/bzip2',
|
|
|
|
'rtf' => 'application/rtf',
|
|
|
|
'pdf' => 'application/pdf',
|
|
|
|
'ps' => 'application/postscript',
|
|
|
|
'js' => 'application/x-javascript',
|
|
|
|
'xls' => 'application/vnd.ms-excel',
|
|
|
|
'doc' => 'application/msword',
|
|
|
|
'ppt' => 'application/vnd.ms-powerpoint',
|
|
|
|
}
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CGIMultipartTest < Test::Unit::TestCase
|
2015-03-12 10:57:33 -04:00
|
|
|
include UpdateEnv
|
|
|
|
|
2008-08-27 20:30:40 -04:00
|
|
|
|
|
|
|
def setup
|
2015-03-12 10:57:33 -04:00
|
|
|
@environ = {}
|
|
|
|
update_env(
|
|
|
|
'REQUEST_METHOD' => 'POST',
|
|
|
|
'CONTENT_TYPE' => nil,
|
|
|
|
'CONTENT_LENGTH' => nil,
|
|
|
|
)
|
2012-11-04 19:57:45 -05:00
|
|
|
@tempfiles = []
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def teardown
|
2015-03-12 10:57:33 -04:00
|
|
|
ENV.update(@environ)
|
2008-08-27 20:30:40 -04:00
|
|
|
$stdin.close() if $stdin.is_a?(Tempfile)
|
|
|
|
$stdin = STDIN
|
2012-11-04 19:57:45 -05:00
|
|
|
@tempfiles.each {|t|
|
2014-05-27 12:17:13 -04:00
|
|
|
t.close!
|
2012-11-04 19:57:45 -05:00
|
|
|
}
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def _prepare(data)
|
|
|
|
## create multipart input
|
2012-08-14 02:52:41 -04:00
|
|
|
multipart = MultiPart.new(defined?(@boundary) ? @boundary : nil)
|
2008-08-27 20:30:40 -04:00
|
|
|
data.each do |hash|
|
|
|
|
multipart.append(hash[:name], hash[:value], hash[:filename])
|
|
|
|
end
|
|
|
|
input = multipart.close()
|
|
|
|
input = yield(input) if block_given?
|
|
|
|
#$stderr.puts "*** debug: input=\n#{input.collect{|line| line.inspect}.join("\n")}"
|
|
|
|
@boundary ||= multipart.boundary
|
|
|
|
## set environment
|
|
|
|
ENV['CONTENT_TYPE'] = "multipart/form-data; boundary=#{@boundary}"
|
|
|
|
ENV['CONTENT_LENGTH'] = input.length.to_s
|
|
|
|
ENV['REQUEST_METHOD'] = 'POST'
|
|
|
|
## set $stdin
|
2009-12-22 19:12:33 -05:00
|
|
|
tmpfile = Tempfile.new('test_cgi_multipart')
|
2012-11-04 19:57:45 -05:00
|
|
|
@tempfiles << tmpfile
|
2009-12-22 19:12:33 -05:00
|
|
|
tmpfile.binmode
|
2008-08-27 20:30:40 -04:00
|
|
|
tmpfile << input
|
|
|
|
tmpfile.rewind()
|
|
|
|
$stdin = tmpfile
|
|
|
|
end
|
|
|
|
|
2014-06-10 00:29:49 -04:00
|
|
|
def _test_multipart(cgi_options={})
|
2008-08-27 20:30:40 -04:00
|
|
|
caller(0).find {|s| s =~ /in `test_(.*?)'/ }
|
2012-08-14 02:52:41 -04:00
|
|
|
#testname = $1
|
2008-08-27 20:30:40 -04:00
|
|
|
#$stderr.puts "*** debug: testname=#{testname.inspect}"
|
|
|
|
_prepare(@data)
|
2014-06-10 00:29:49 -04:00
|
|
|
options = {:accept_charset=>"UTF-8"}
|
|
|
|
options.merge! cgi_options
|
2014-08-08 21:19:18 -04:00
|
|
|
cgi = CGI.new(options)
|
2008-08-27 20:30:40 -04:00
|
|
|
expected_names = @data.collect{|hash| hash[:name] }.sort
|
|
|
|
assert_equal(expected_names, cgi.params.keys.sort)
|
|
|
|
threshold = 1024*10
|
|
|
|
@data.each do |hash|
|
|
|
|
name = hash[:name]
|
|
|
|
expected = hash[:value]
|
2014-08-08 21:19:18 -04:00
|
|
|
if hash[:filename] #if file
|
2008-10-24 03:25:53 -04:00
|
|
|
expected_class = @expected_class || (hash[:value].length < threshold ? StringIO : Tempfile)
|
2014-08-08 21:19:18 -04:00
|
|
|
assert(cgi.files.keys.member?(hash[:name]))
|
|
|
|
else
|
|
|
|
expected_class = String
|
|
|
|
assert_equal(expected, cgi[name])
|
|
|
|
assert_equal(false,cgi.files.keys.member?(hash[:name]))
|
2008-10-24 03:25:53 -04:00
|
|
|
end
|
2008-10-02 08:37:30 -04:00
|
|
|
assert_kind_of(expected_class, cgi[name])
|
2008-10-20 10:16:54 -04:00
|
|
|
assert_equal(expected, cgi[name].read())
|
2008-10-02 08:37:30 -04:00
|
|
|
assert_equal(hash[:filename] || '', cgi[name].original_filename) #if hash[:filename]
|
2008-08-27 20:30:40 -04:00
|
|
|
assert_equal(hash[:content_type] || '', cgi[name].content_type) #if hash[:content_type]
|
|
|
|
end
|
2012-11-04 19:57:45 -05:00
|
|
|
ensure
|
|
|
|
if cgi
|
|
|
|
cgi.params.each {|name, vals|
|
|
|
|
vals.each {|val|
|
|
|
|
if val.kind_of?(Tempfile) && val.path
|
2014-05-27 12:17:13 -04:00
|
|
|
val.close!
|
2012-11-04 19:57:45 -05:00
|
|
|
end
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def _read(basename)
|
|
|
|
filename = File.join(File.dirname(__FILE__), 'testdata', basename)
|
2009-11-12 09:53:35 -05:00
|
|
|
s = File.open(filename, 'rb') {|f| f.read() }
|
2008-10-20 10:16:54 -04:00
|
|
|
|
2008-08-27 20:30:40 -04:00
|
|
|
return s
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_stringio
|
|
|
|
@boundary = '----WebKitFormBoundaryAAfvAII+YL9102cX'
|
|
|
|
@data = [
|
|
|
|
{:name=>'hidden1', :value=>'foobar'},
|
2017-02-18 00:52:16 -05:00
|
|
|
{:name=>'text1', :value=>"\xE3\x81\x82\xE3\x81\x84\xE3\x81\x86\xE3\x81\x88\xE3\x81\x8A".dup},
|
2008-08-27 20:30:40 -04:00
|
|
|
{:name=>'file1', :value=>_read('file1.html'),
|
|
|
|
:filename=>'file1.html', :content_type=>'text/html'},
|
|
|
|
{:name=>'image1', :value=>_read('small.png'),
|
|
|
|
:filename=>'small.png', :content_type=>'image/png'}, # small image
|
|
|
|
]
|
2009-12-22 19:14:48 -05:00
|
|
|
@data[1][:value].force_encoding(::Encoding::UTF_8) if defined?(::Encoding)
|
2008-08-27 20:30:40 -04:00
|
|
|
@expected_class = StringIO
|
|
|
|
_test_multipart()
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_tempfile
|
|
|
|
@boundary = '----WebKitFormBoundaryAAfvAII+YL9102cX'
|
|
|
|
@data = [
|
|
|
|
{:name=>'hidden1', :value=>'foobar'},
|
2017-02-18 00:52:16 -05:00
|
|
|
{:name=>'text1', :value=>"\xE3\x81\x82\xE3\x81\x84\xE3\x81\x86\xE3\x81\x88\xE3\x81\x8A".dup},
|
2008-08-27 20:30:40 -04:00
|
|
|
{:name=>'file1', :value=>_read('file1.html'),
|
|
|
|
:filename=>'file1.html', :content_type=>'text/html'},
|
|
|
|
{:name=>'image1', :value=>_read('large.png'),
|
|
|
|
:filename=>'large.png', :content_type=>'image/png'}, # large image
|
|
|
|
]
|
2009-12-22 19:14:48 -05:00
|
|
|
@data[1][:value].force_encoding(::Encoding::UTF_8) if defined?(::Encoding)
|
2008-08-27 20:30:40 -04:00
|
|
|
@expected_class = Tempfile
|
|
|
|
_test_multipart()
|
2008-10-20 10:16:54 -04:00
|
|
|
end
|
2008-08-27 20:30:40 -04:00
|
|
|
|
|
|
|
|
|
|
|
def _set_const(klass, name, value)
|
|
|
|
old = nil
|
|
|
|
klass.class_eval do
|
|
|
|
old = const_get(name)
|
|
|
|
remove_const(name)
|
|
|
|
const_set(name, value)
|
|
|
|
end
|
|
|
|
return old
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_maxmultipartlength
|
|
|
|
@data = [
|
|
|
|
{:name=>'image1', :value=>_read('large.png'),
|
|
|
|
:filename=>'large.png', :content_type=>'image/png'}, # large image
|
|
|
|
]
|
|
|
|
begin
|
2008-09-24 10:43:05 -04:00
|
|
|
ex = assert_raise(StandardError) do
|
2014-06-10 00:29:49 -04:00
|
|
|
_test_multipart(:max_multipart_length=>2 * 1024) # set via simple scalar
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
assert_equal("too large multipart data.", ex.message)
|
|
|
|
ensure
|
|
|
|
end
|
2014-06-10 00:29:49 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_maxmultipartlength_lambda
|
|
|
|
@data = [
|
|
|
|
{:name=>'image1', :value=>_read('large.png'),
|
|
|
|
:filename=>'large.png', :content_type=>'image/png'}, # large image
|
|
|
|
]
|
|
|
|
begin
|
|
|
|
ex = assert_raise(StandardError) do
|
|
|
|
_test_multipart(:max_multipart_length=>lambda{2*1024}) # set via lambda
|
|
|
|
end
|
|
|
|
assert_equal("too large multipart data.", ex.message)
|
|
|
|
ensure
|
|
|
|
end
|
|
|
|
end
|
2008-08-27 20:30:40 -04:00
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_maxmultipartcount
|
|
|
|
@data = [
|
|
|
|
{:name=>'file1', :value=>_read('file1.html'),
|
|
|
|
:filename=>'file1.html', :content_type=>'text/html'},
|
|
|
|
]
|
|
|
|
item = @data.first
|
|
|
|
500.times { @data << item }
|
|
|
|
#original = _set_const(CGI, :MAX_MULTIPART_COUNT, 128)
|
|
|
|
begin
|
2008-09-24 10:43:05 -04:00
|
|
|
ex = assert_raise(StandardError) do
|
2008-08-27 20:30:40 -04:00
|
|
|
_test_multipart()
|
|
|
|
end
|
|
|
|
assert_equal("too many parameters.", ex.message)
|
|
|
|
ensure
|
|
|
|
#_set_const(CGI, :MAX_MULTIPART_COUNT, original)
|
|
|
|
end
|
|
|
|
end if CGI.const_defined?(:MAX_MULTIPART_COUNT)
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_badbody ## [ruby-dev:28470]
|
|
|
|
@data = [
|
|
|
|
{:name=>'file1', :value=>_read('file1.html'),
|
|
|
|
:filename=>'file1.html', :content_type=>'text/html'},
|
|
|
|
]
|
|
|
|
_prepare(@data) do |input|
|
|
|
|
input2 = input.sub(/--(\r\n)?\z/, "\r\n")
|
|
|
|
assert input2 != input
|
|
|
|
#p input2
|
|
|
|
input2
|
|
|
|
end
|
2008-09-24 10:43:05 -04:00
|
|
|
ex = assert_raise(EOFError) do
|
2014-08-08 21:19:18 -04:00
|
|
|
CGI.new(:accept_charset=>"UTF-8")
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
2011-07-09 01:32:19 -04:00
|
|
|
assert_equal("bad content body", ex.message)
|
2008-08-27 20:30:40 -04:00
|
|
|
#
|
|
|
|
_prepare(@data) do |input|
|
|
|
|
input2 = input.sub(/--(\r\n)?\z/, "")
|
|
|
|
assert input2 != input
|
|
|
|
#p input2
|
|
|
|
input2
|
|
|
|
end
|
2008-09-24 10:43:05 -04:00
|
|
|
ex = assert_raise(EOFError) do
|
2014-08-08 21:19:18 -04:00
|
|
|
CGI.new(:accept_charset=>"UTF-8")
|
2008-08-27 20:30:40 -04:00
|
|
|
end
|
|
|
|
assert_equal("bad content body", ex.message)
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def test_cgi_multipart_quoteboundary ## [JVN#84798830]
|
|
|
|
@boundary = '(.|\n)*'
|
|
|
|
@data = [
|
|
|
|
{:name=>'hidden1', :value=>'foobar'},
|
2017-02-18 00:52:16 -05:00
|
|
|
{:name=>'text1', :value=>"\xE3\x81\x82\xE3\x81\x84\xE3\x81\x86\xE3\x81\x88\xE3\x81\x8A".dup},
|
2008-08-27 20:30:40 -04:00
|
|
|
{:name=>'file1', :value=>_read('file1.html'),
|
|
|
|
:filename=>'file1.html', :content_type=>'text/html'},
|
|
|
|
{:name=>'image1', :value=>_read('small.png'),
|
|
|
|
:filename=>'small.png', :content_type=>'image/png'}, # small image
|
|
|
|
]
|
2014-08-08 21:19:18 -04:00
|
|
|
@data[1][:value].force_encoding("UTF-8")
|
2008-08-27 20:30:40 -04:00
|
|
|
_prepare(@data)
|
2014-08-08 21:19:18 -04:00
|
|
|
cgi = CGI.new(:accept_charset=>"UTF-8")
|
2008-08-27 20:30:40 -04:00
|
|
|
assert_equal('file1.html', cgi['file1'].original_filename)
|
|
|
|
end
|
|
|
|
|
2011-07-09 01:32:19 -04:00
|
|
|
def test_cgi_multipart_boundary_10240 # [Bug #3866]
|
|
|
|
@boundary = 'AaB03x'
|
|
|
|
@data = [
|
|
|
|
{:name=>'file', :value=>"b"*10134,
|
|
|
|
:filename=>'file.txt', :content_type=>'text/plain'},
|
|
|
|
{:name=>'foo', :value=>"bar"},
|
|
|
|
]
|
|
|
|
_prepare(@data)
|
2014-08-08 21:19:18 -04:00
|
|
|
cgi = CGI.new(:accept_charset=>"UTF-8")
|
2011-07-09 01:32:19 -04:00
|
|
|
assert_equal(cgi['foo'], 'bar')
|
|
|
|
assert_equal(cgi['file'].read, 'b'*10134)
|
2014-05-27 12:17:13 -04:00
|
|
|
cgi['file'].close! if cgi['file'].kind_of? Tempfile
|
2011-07-09 01:32:19 -04:00
|
|
|
end
|
|
|
|
|
2012-11-04 21:34:17 -05:00
|
|
|
def test_cgi_multipart_without_tempfile
|
|
|
|
assert_in_out_err([], <<-'EOM')
|
|
|
|
require 'cgi'
|
|
|
|
require 'stringio'
|
|
|
|
ENV['REQUEST_METHOD'] = 'POST'
|
|
|
|
ENV['CONTENT_TYPE'] = 'multipart/form-data; boundary=foobar1234'
|
|
|
|
body = <<-BODY
|
|
|
|
--foobar1234
|
|
|
|
Content-Disposition: form-data: name=\"name1\"
|
|
|
|
|
|
|
|
value1
|
|
|
|
--foobar1234
|
|
|
|
Content-Disposition: form-data: name=\"file1\"; filename=\"file1.html\"
|
|
|
|
Content-Type: text/html
|
|
|
|
|
|
|
|
<html>
|
|
|
|
<body><p>Hello</p></body>
|
|
|
|
</html>
|
|
|
|
|
|
|
|
--foobar1234--
|
|
|
|
BODY
|
|
|
|
body.gsub!(/\n/, "\r\n")
|
|
|
|
ENV['CONTENT_LENGTH'] = body.size.to_s
|
|
|
|
$stdin = StringIO.new(body)
|
|
|
|
CGI.new
|
|
|
|
EOM
|
|
|
|
end
|
|
|
|
|
2008-08-27 20:30:40 -04:00
|
|
|
###
|
|
|
|
|
|
|
|
self.instance_methods.each do |method|
|
|
|
|
private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
|
|
|
|
end if ENV['TEST']
|
|
|
|
|
|
|
|
end
|