* lib/cgi/session.rb: fix bug for ignore session_id option.

report from [ruby-core:18635], [Bug #572]

* lib/cgi/core.rb: use Encoding#find when encoding set.

* test/cgi/test_cgi_session.rb: test for session_id specified.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,12 @@
+Thu Dec 18 21:12:28 2008  Takeyuki FUJIOKA  <xibbar@ruby-lang.org>
+
+	* lib/cgi/session.rb: fix bug for ignore session_id option.
+	  report from [ruby-core:18635], [Bug #572]
+
+	* lib/cgi/core.rb: use Encoding#find when encoding set.
+
+	* test/cgi/test_cgi_session.rb: test for session_id specified.
+
 Thu Dec 18 17:00:56 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* hash.c (rb_hash_aset): string key copying only happen if key is

lib/cgi/core.rb

@@ -590,7 +590,7 @@ class CGI
                       read_from_cmdline
                     end.dup.force_encoding(@accept_charset)
                   )
-        unless @accept_charset=~/ASCII-8BIT/i || @accept_charset==Encoding::ASCII_8BIT
+        unless Encoding.find(@accept_charset) == Encoding::ASCII_8BIT
           @params.each do |key,values|
             values.each do |value|
               unless value.valid_encoding?

lib/cgi/session.rb

@@ -188,7 +188,6 @@ class CGI
         md5.update('foobar')
         session_id = md5.hexdigest
       end
-      @new_session = true
       session_id
     end
     private :create_new_id
@@ -256,6 +255,7 @@ class CGI
       unless session_id
         if option['new_session']
           session_id = create_new_id
+          @new_session = true
         end
       end
       unless session_id
@@ -271,6 +271,7 @@ class CGI
             raise ArgumentError, "session_key `%s' should be supplied"%session_key
           end
           session_id = create_new_id
+          @new_session = true
         end
       end
       @session_id = session_id
@@ -281,7 +282,8 @@ class CGI
         unless option.fetch('new_session', true)
           raise ArgumentError, "invalid session_id `%s'"%session_id
         end
-        session_id = @session_id = create_new_id
+        session_id = @session_id = create_new_id unless session_id
+        @new_session=true
         retry
       end
       request.instance_eval do

test/cgi/test_cgi_session.rb

@@ -91,7 +91,83 @@ class CGISessionTest < Test::Unit::TestCase
     assert_equal(value1,session["key1"])
     assert_equal(value2,session["key2"])
     session.close
+  end
+  def test_cgi_session_specify_session_id
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+  #    'QUERY_STRING'    => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F',
+  #    'HTTP_COOKIE'     => '_session_id=12345; name1=val1&val2;',
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    value1="value1"
+    value2="\x8F\xBC\x8D]"
+    value2.force_encoding("SJIS") if RUBY_VERSION>="1.9"
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_id"=>"foo")
+    session["key1"]=value1
+    session["key2"]=value2
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    assert_equal("foo",session.session_id)
+    session_id=session.session_id
+    session.close
+    $stdout = StringIO.new
+    cgi.out{""}
 
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+      # 'HTTP_COOKIE'     => "_session_id=#{session_id}",
+      'QUERY_STRING'    => "_session_id=#{session.session_id}",
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir)
+    $stdout = StringIO.new
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    assert_equal("foo",session.session_id)
+    session.close
+  end
+  def test_cgi_session_specify_session_key
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+  #    'QUERY_STRING'    => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F',
+  #    'HTTP_COOKIE'     => '_session_id=12345; name1=val1&val2;',
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    value1="value1"
+    value2="\x8F\xBC\x8D]"
+    value2.force_encoding("SJIS") if RUBY_VERSION>="1.9"
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar")
+    session["key1"]=value1
+    session["key2"]=value2
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    session_id=session.session_id
+    session.close
+    $stdout = StringIO.new
+    cgi.out{""}
 
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+      'HTTP_COOKIE'     => "bar=#{session_id}",
+      # 'QUERY_STRING'    => "bar=#{session.session_id}",
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar")
+    $stdout = StringIO.new
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    session.close
   end
 end