name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@15677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040]
* lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder)
[ruby-core:7075]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
for reading request till data arrive. [ruby-talk:121068]
* lib/webrick/server.rb (WEBrick::GenericServer#start_thread):
should log about all accepted socket. [ruby-core:03962]
* lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params):
"%%" and "%u" are supported. [webricken:135]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#check_filename):
:NondisclosureName is acceptable if it is Enumerable.
* lib/webrick/config.rb (WEBrick::Config::FileHandler):
default value of :NondisclosureName is [".ht*", "*~"].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- WEBrick::Config[:DoNotReverseLookup]
- WEBrick::Config[:RequestCallback] (it used as an alias of
:RequestHandler in WEBrick::HTTPServer#run)
- WEBrick::Config::FileHandler[:AcceptableLanguages]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#set_filename): search files
having suffix of language-name which Accept-Language header field
includes if :AcceptableLanguages options is present.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#get_servlet): new method to
search servlet correspond to the suffix of filename.
* lib/webrick/httprequest.rb: add attributes access methods: accept,
accept_charset, accept_encoding, accept_language, content_length
and content_type.
* lib/webrick/httpresponse.rb: add attribute access methods:
content_length, content_length=, content_type and content_type=.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types):
use the second suffix to detect media type. (the first suffix
may be a language name.)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues):
add method to parse Accept header field. it returns an Array of
values sorted by the qvalues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7056 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to request.user attribute.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#initialize): should expand
the pathname of document root directory.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6913 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fix regex for range-spec.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::DefaultFileHandler#make_partial_content):
multipart/byteranges response was broken.
* lib/webrick/httpservlet/erbhandler.rb
(WEBrick::HTTPServlet::ERBHandler#do_GET): should select media type
by suffix of script filename.
* lib/xmlrpc/server.rb: refine example code.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6763 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
