name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
for the value of IPv6 address in the Host: header field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
header field should be splited into each cookie. [ruby-Bugs:2199]
* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
to parse the value of Set-Cookie: header field.
* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
test/webrick/webrick.cgi: add some test for cookie.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
windows. bcc32's runtime is not installed into system directory,
so it cannot be found without this setting. [ruby-dev:27166]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ENV["REQUEST_URI"] is better to get correct Request-URI
than ENV["SCRIPT_NAME"] + ENV["PATH_INFO"]. [ruby-dev:26235]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
and WEBrick::CGI#config. (backported from HEAD)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.escape_path): should
not use String#split("/"). (backported from HEAD)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8424 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
of :SSLEnable is false.
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_service):
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the response by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
new method to escape URI path component.
* lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
* test/webrick/*, sample/webrick/httpproxy.rb: add new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
