1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not

use a session id as a filename.
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto.
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use
  Dir::tmpdir.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6815 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
shugo 2004-08-24 07:59:50 +00:00
parent b9b4a769f1
commit 73a6f9af6c
3 changed files with 17 additions and 17 deletions

View file

@ -1,3 +1,13 @@
Tue Aug 24 16:41:48 2004 Shugo Maeda <shugo@ruby-lang.org>
* lib/cgi/session.rb (CGI::Session::FileStore#initialize): do not
use a session id as a filename.
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): ditto.
* lib/cgi/session/pstore.rb (CGI::Session::PStore#initialize): use
Dir::tmpdir.
Tue Aug 24 14:32:17 2004 Shugo Maeda <shugo@ruby-lang.org>
* lib/cgi/session.rb (CGI::Session::FileStore#initialize): untaint

View file

@ -331,10 +331,6 @@ class CGI
# user is responsible for converting other types to Strings when
# storing and from Strings when retrieving.
class FileStore
def check_id(id) #:nodoc:
/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
end
# Create a new FileStore instance.
#
# This constructor is used internally by CGI::Session. The
@ -361,10 +357,9 @@ class CGI
dir = option['tmpdir'] || Dir::tmpdir
prefix = option['prefix'] || ''
id = session.session_id
unless check_id(id)
raise ArgumentError, "session_id `%s' is invalid" % id
end
@path = dir+"/"+prefix+id.dup.untaint
require 'digest/md5'
md5 = Digest::MD5.hexdigest(id)[0,16]
@path = dir+"/"+prefix+md5
unless File::exist? @path
@hash = {}
end

View file

@ -31,10 +31,6 @@ class CGI
# library file pstore.rb. Session data is marshalled and stored
# in a file. File locking and transaction services are provided.
class PStore
def check_id(id) #:nodoc:
/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
end
# Create a new CGI::Session::PStore instance
#
# This constructor is used internally by CGI::Session. The
@ -58,13 +54,12 @@ class CGI
# This session's PStore file will be created if it does
# not exist, or opened if it does.
def initialize session, option={}
dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
dir = option['tmpdir'] || Dir::tmpdir
prefix = option['prefix'] || ''
id = session.session_id
unless check_id(id)
raise ArgumentError, "session_id `%s' is invalid" % id
end
path = dir+"/"+prefix+id
require 'digest/md5'
md5 = Digest::MD5.hexdigest(id)[0,16]
path = dir+"/"+prefix+md5
path.untaint
unless File::exist? path
@hash = {}