* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not

use a session id as a filename. * lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto. * lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use Dir::tmpdir. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6815 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2004-08-24 07:59:50 +00:00 · 2004-08-24 07:59:50 +00:00 · 73a6f9af6c
commit 73a6f9af6c
parent b9b4a769f1
3 changed files with 17 additions and 17 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Tue Aug 24 16:41:48 2004  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not
+	  use a session id as a filename.
+
+	* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto.
+
+	* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use
+	  Dir::tmpdir.
+
 Tue Aug 24 14:32:17 2004  Shugo Maeda  <shugo@ruby-lang.org>

 	* lib/cgi/session.rb (CGI::Session::FileStore#initialize): untaint
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@ -331,10 +331,6 @@ class CGI
    # user is responsible for converting other types to Strings when
    # storing and from Strings when retrieving.
    class FileStore
-      def check_id(id) #:nodoc:
-	/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
-      end
-
      # Create a new FileStore instance.
      #
      # This constructor is used internally by CGI::Session.  The
@ -361,10 +357,9 @@ class CGI
 	dir = option['tmpdir'] || Dir::tmpdir
 	prefix = option['prefix'] || ''
 	id = session.session_id
-	unless check_id(id)
-	  raise ArgumentError, "session_id `%s' is invalid" % id
-	end
-	@path = dir+"/"+prefix+id.dup.untaint
+        require 'digest/md5'
+        md5 = Digest::MD5.hexdigest(id)[0,16]
+	@path = dir+"/"+prefix+md5
 	unless File::exist? @path
 	  @hash = {}
 	end
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@ -31,10 +31,6 @@ class CGI
    # library file pstore.rb.  Session data is marshalled and stored
    # in a file.  File locking and transaction services are provided.
    class PStore
-      def check_id(id) #:nodoc:
-	/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
-      end
-
      # Create a new CGI::Session::PStore instance
      #
      # This constructor is used internally by CGI::Session.  The
@ -58,13 +54,12 @@ class CGI
      # This session's PStore file will be created if it does
      # not exist, or opened if it does.
      def initialize session, option={}
-	dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
+	dir = option['tmpdir'] || Dir::tmpdir
 	prefix = option['prefix'] || ''
 	id = session.session_id
-	unless check_id(id)
-	  raise ArgumentError, "session_id `%s' is invalid" % id
-	end
-	path = dir+"/"+prefix+id
+        require 'digest/md5'
+        md5 = Digest::MD5.hexdigest(id)[0,16]
+	path = dir+"/"+prefix+md5
 	path.untaint
 	unless File::exist? path
 	  @hash = {}