* lib/webrick/https.rb, lib/soap/attachment.rb, test/xsd/test_xsd.rb:
uninitialized instance variables.
* lib/xsd/datatypes.rb: use Date#new! instead of Date#new0 according
to deprecation message.
* lib/webrick/httpservlet/cgihandler.rb,
lib/xsd/codegen/gensupport.rb, lib/soap/property.rb,
lib/soap/mimemessage.rb, test/webrick/test_cgi.rb: use
String#each_line and String#lines.to_a instead of String#each
according to deprecation message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@20864 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@15677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
method to parse multiple cookies per Set-Cookie header.
Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>.
[ruby-core:08802]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
for the value of IPv6 address in the Host: header field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
header field should be splited into each cookie. [ruby-Bugs:2199]
* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
to parse the value of Set-Cookie: header field.
* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
test/webrick/webrick.cgi: add some test for cookie.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
windows. bcc32's runtime is not installed into system directory,
so it cannot be found without this setting. [ruby-dev:27166]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ENV["REQUEST_URI"] is better to get correct Request-URI
than ENV["SCRIPT_NAME"] + ENV["PATH_INFO"]. [ruby-dev:26235]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
and WEBrick::CGI#config. (backported from HEAD)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.escape_path): should
not use String#split("/"). (backported from HEAD)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8424 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
of :SSLEnable is false.
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_service):
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the response by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
new method to escape URI path component.
* lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
* test/webrick/*, sample/webrick/httpproxy.rb: add new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
