name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
call do_XXX which corespond with request method.
(WEBrick::HTTPProxyServer#do_CONNECT,do_GET,do_POST,do_HEAD): added.
* test/webrick/test_httpproxy.rb: add test for WEBrick::HTTPProxyServer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
new method to escape URI path component.
* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
of :SSLEnable is false.
* test/webrick/{test_cgi.rb,webrick.cgi}: new file.
* test/webrick/utils.rb: require "webrick/https.h".
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the sesponse by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* test/webrick/*, sample/webrick/httpproxy.rb: add new files.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
