mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not
use a session id as a filename. * lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto. * lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use Dir::tmpdir. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6815 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
b9b4a769f1
commit
73a6f9af6c
3 changed files with 17 additions and 17 deletions
10
ChangeLog
10
ChangeLog
|
@ -1,3 +1,13 @@
|
|||
Tue Aug 24 16:41:48 2004 Shugo Maeda <shugo@ruby-lang.org>
|
||||
|
||||
* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not
|
||||
use a session id as a filename.
|
||||
|
||||
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto.
|
||||
|
||||
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use
|
||||
Dir::tmpdir.
|
||||
|
||||
Tue Aug 24 14:32:17 2004 Shugo Maeda <shugo@ruby-lang.org>
|
||||
|
||||
* lib/cgi/session.rb (CGI::Session::FileStore#initialize): untaint
|
||||
|
|
|
@ -331,10 +331,6 @@ class CGI
|
|||
# user is responsible for converting other types to Strings when
|
||||
# storing and from Strings when retrieving.
|
||||
class FileStore
|
||||
def check_id(id) #:nodoc:
|
||||
/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
|
||||
end
|
||||
|
||||
# Create a new FileStore instance.
|
||||
#
|
||||
# This constructor is used internally by CGI::Session. The
|
||||
|
@ -361,10 +357,9 @@ class CGI
|
|||
dir = option['tmpdir'] || Dir::tmpdir
|
||||
prefix = option['prefix'] || ''
|
||||
id = session.session_id
|
||||
unless check_id(id)
|
||||
raise ArgumentError, "session_id `%s' is invalid" % id
|
||||
end
|
||||
@path = dir+"/"+prefix+id.dup.untaint
|
||||
require 'digest/md5'
|
||||
md5 = Digest::MD5.hexdigest(id)[0,16]
|
||||
@path = dir+"/"+prefix+md5
|
||||
unless File::exist? @path
|
||||
@hash = {}
|
||||
end
|
||||
|
|
|
@ -31,10 +31,6 @@ class CGI
|
|||
# library file pstore.rb. Session data is marshalled and stored
|
||||
# in a file. File locking and transaction services are provided.
|
||||
class PStore
|
||||
def check_id(id) #:nodoc:
|
||||
/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
|
||||
end
|
||||
|
||||
# Create a new CGI::Session::PStore instance
|
||||
#
|
||||
# This constructor is used internally by CGI::Session. The
|
||||
|
@ -58,13 +54,12 @@ class CGI
|
|||
# This session's PStore file will be created if it does
|
||||
# not exist, or opened if it does.
|
||||
def initialize session, option={}
|
||||
dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
|
||||
dir = option['tmpdir'] || Dir::tmpdir
|
||||
prefix = option['prefix'] || ''
|
||||
id = session.session_id
|
||||
unless check_id(id)
|
||||
raise ArgumentError, "session_id `%s' is invalid" % id
|
||||
end
|
||||
path = dir+"/"+prefix+id
|
||||
require 'digest/md5'
|
||||
md5 = Digest::MD5.hexdigest(id)[0,16]
|
||||
path = dir+"/"+prefix+md5
|
||||
path.untaint
|
||||
unless File::exist? path
|
||||
@hash = {}
|
||||
|
|
Loading…
Reference in a new issue