* lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should

escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.

* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
  new method to escape URI path component.

* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
  of :SSLEnable is false.

* test/webrick/{test_cgi.rb,webrick.cgi}: new file.

* test/webrick/utils.rb: require "webrick/https.h".


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,18 @@
+Mon Jan 10 15:28:51 2005  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should
+	  escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
+
+	* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
+	  new method to escape URI path component.
+
+	* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
+	  of :SSLEnable is false.
+
+	* test/webrick/{test_cgi.rb,webrick.cgi}: new file.
+
+	* test/webrick/utils.rb: require "webrick/https.h".
+
 Sun Jan  9 14:12:17 2005  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* io.c (rb_f_select): IO list could be altered.  [ruby-dev:25312]

lib/webrick/cgi.rb

@@ -147,6 +147,7 @@ module WEBrick
         if path_info = @env["PATH_INFO"]
           url << path_info
         end
+        url = WEBrick::HTTPUtils.escape_path(url)
         if query_string = @env["QUERY_STRING"]
           unless query_string.empty?
             url << "?" << query_string

lib/webrick/httputils.rb

@@ -352,15 +352,18 @@ module WEBrick
     unwise   = '{}|\\^[]`'
     nonascii = (0x80..0xff).collect{|c| c.chr }.join
 
+    module_function
+
     def _make_regex(str) /([#{Regexp.escape(str)}])/n end
+    def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end
     def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1[0] } end
     def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end
-    module_function :_make_regex, :_escape, :_unescape
 
     UNESCAPED = _make_regex(control+space+delims+unwise+nonascii)
     UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii)
     NONASCII  = _make_regex(nonascii)
     ESCAPED   = /%([0-9a-fA-F]{2})/
+    UNESCAPED_PCHAR = _make_regex!(unreserved+":@&=+$,")
 
     def escape(str)
       _escape(str, UNESCAPED)
@@ -380,12 +383,14 @@ module WEBrick
       _unescape(str.gsub(/\+/, " "), ESCAPED)
     end
 
+    def escape_path(str)
+      str.split("/").collect{|i|
+        _escape(i, UNESCAPED_PCHAR)
+      }.join("/")
+    end
+
     def escape8bit(str)
       _escape(str, NONASCII)
     end
-
-    module_function :escape, :unescape, :escape_form, :unescape_form,
-                    :escape8bit
-
   end
 end

lib/webrick/ssl.rb

@@ -14,7 +14,7 @@ module WEBrick
     osslv = ::OpenSSL::OPENSSL_VERSION.split[1]
     SSL = {
       :ServerSoftware       => "#{svrsoft} OpenSSL/#{osslv}",
-      :SSLEnable            => true,
+      :SSLEnable            => false,
       :SSLCertificate       => nil,
       :SSLPrivateKey        => nil,
       :SSLClientCA          => nil,

test/webrick/test_cgi.rb

@@ -0,0 +1,46 @@
+require "webrick"
+require File.join(File.dirname(__FILE__), "utils.rb")
+require "test/unit"
+begin
+  loadpath = $:.dup
+  $:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))])
+  require 'envutil'
+ensure
+  $:.replace(loadpath)
+end
+
+class TestWEBrickCGI < Test::Unit::TestCase
+  def test_cgi
+    accepted = started = stopped = 0
+    requested0 = requested1 = 0
+    config = {
+      :CGIInterpreter => EnvUtil.rubybin,
+      :DocumentRoot => File.dirname(__FILE__),
+    }
+    TestWEBrick.start_httpserver(config){|server, addr, port|
+      http = Net::HTTP.new(addr, port)
+      req = Net::HTTP::Get.new("/webrick.cgi")
+      http.request(req){|res| assert_equal("/webrick.cgi", res.body)}
+      req = Net::HTTP::Get.new("/webrick.cgi/path/info")
+      http.request(req){|res| assert_equal("/path/info", res.body)}
+      req = Net::HTTP::Get.new("/webrick.cgi/%3F%3F%3F?foo=bar")
+      http.request(req){|res| assert_equal("/???", res.body)}
+      req = Net::HTTP::Get.new("/webrick.cgi/%A4%DB%A4%B2/%A4%DB%A4%B2")
+      http.request(req){|res|
+        assert_equal("/\xA4\xDB\xA4\xB2/\xA4\xDB\xA4\xB2", res.body)}
+      req = Net::HTTP::Get.new("/webrick.cgi?a=1;a=2;b=x")
+      http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)}
+      req = Net::HTTP::Get.new("/webrick.cgi?a=1&a=2&b=x")
+      http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)}
+
+      req = Net::HTTP::Post.new("/webrick.cgi?a=x;a=y;b=1")
+      req["Content-Type"] = "application/x-www-form-urlencoded"
+      http.request(req, "a=1;a=2;b=x"){|res|
+        assert_equal("a=1, a=2, b=x", res.body)}
+      req = Net::HTTP::Post.new("/webrick.cgi?a=x&a=y&b=1")
+      req["Content-Type"] = "application/x-www-form-urlencoded"
+      http.request(req, "a=1&a=2&b=x"){|res|
+        assert_equal("a=1, a=2, b=x", res.body)}
+    }
+  end
+end

test/webrick/utils.rb

@@ -1,4 +1,5 @@
 require "webrick"
+require "webrick/https"
 require "webrick/httpproxy"
 
 module TestWEBrick

test/webrick/webrick.cgi

@@ -0,0 +1,26 @@
+#!ruby -d
+require "webrick/cgi"
+
+class TestApp < WEBrick::CGI
+  def do_GET(req, res)
+    res["content-type"] = "text/plain"
+    if p = req.path_info
+      res.body = p
+    elsif (q = req.query).size > 0
+      res.body = q.keys.sort.collect{|key|
+        q[key].list.sort.collect{|v|
+          "#{key}=#{v}"
+        }.join(", ")
+      }.join(", ")
+    else
+      res.body = req.script_name
+    end
+  end
+
+  def do_POST(req, res)
+    do_GET(req, res)
+  end
+end
+
+cgi = TestApp.new
+cgi.start