1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Commit graph

22 commits

Author SHA1 Message Date
gotoyuzo
581ec6f87d test material for r16453.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-05-18 13:54:04 +00:00
gotoyuzo
8ee3267d26 * lib/webrick/httpservlet/filehandler.rb: should normalize path
name in path_info to prevent script disclosure vulnerability on
  DOSISH filesystems. (fix: CVE-2008-1891)
  Note: NTFS/FAT filesystem should not be published by the platforms
  other than Windows. Pathname interpretation (including short
  filename) is less than perfect.

* lib/webrick/httpservlet/abstract.rb
  (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
  should escape the value of Location: header.

* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
  command line arguments.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-05-18 13:33:24 +00:00
gotoyuzo
10a0d4b61d * lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal
  attacks on DOSISH platforms.
  reported by Digital Security Research Group [DSECRG-08-026].

* lib/webrick/httpservlet/filehandler.rb: pathnames which have
  not to be published should be checked case-insensitively.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-03-03 14:31:30 +00:00
gotoyuzo
b04f5e661f * lib/webrick/httprequest.rb: supprt X-Forwarded-* header fields.
WEBrick::HTTPRequest#{host,port,request_uri} is derived having
  regards to X-Forwarded-Proto and X-Forwarded-Host.

* lib/webrick/httprequest.rb
  (WEBrick::HTTPRequest#server_name?): new method.
  (WEBrick::HTTPRequest#remote_ip?): new method.
  (WEBrick::HTTPRequest#ssl?): new method.
* string.c (rb_enc_cr_str_buf_cat): fix self appending.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-01-09 11:37:03 +00:00
gotoyuzo
aaf78dec43 * lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_service):
call do_XXX which corespond with request method.
  (WEBrick::HTTPProxyServer#do_CONNECT,do_GET,do_POST,do_HEAD): added.

* test/webrick/test_httpproxy.rb: add test for WEBrick::HTTPProxyServer.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-31 14:17:41 +00:00
gotoyuzo
1e8c6e2ba4 * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
header fields shold be read with maximum length. [ruby-talk:231745]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-17 07:03:57 +00:00
matz
84e2f5268a * lib/xmlrpc/create.rb (XMLRPC::Create::conv2value): Symbol should
come earlier than String.

* lib/soap/mapping/rubytypeFactory.rb (RubytypeFactory::obj2soap):
  ditto.

* lib/set.rb (TC_Set::test_s_new): strings are no longer
  Enumerable

* lib/soap/property.rb (Property::load): ditto.

* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_header): ditto.

* lib/soap/mimemessage.rb (MIMEMessage::Headers::parse): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-11-02 00:21:28 +00:00
gotoyuzo
b2a8ca6dd6 * lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookies): new
method to parse multiple cookies per Set-Cookie header.
  Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>.
  [ruby-core:08802]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-09-08 01:04:52 +00:00
gotoyuzo
ddc38a6abb * lib/webrick/httprequest.rb (WEBrick::HTTPReuqest#parse_uri): improve
for the value of IPv6 address in the Host: header field.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-07-31 04:39:45 +00:00
gotoyuzo
ab0a7bd2fa * test/webrick/utils.rb: use Proc#yield instead of Proc#call.
[ruby-dev:28914]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10444 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-07-01 08:03:18 +00:00
gotoyuzo
9a012539ba * lib/webrick/config.rb (WEBrick::Config::HTTP): add new parameters,
:InputBufferSize and :OutputBufferSize.

* lib/webrick/utils.rb (WEBrick::Utils.timeout): add new timeout
  method. this implementation is expected to be compatible with
  timeout.rb and faster than timeout.rb.

* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#_read_data):
  Timeout.timeout is replaced by WEBrick::Utils.timeout.

* lib/webrick/httprequest.rb: WEBrick::HTTPRequest::BUFSIZE is
  replaced by config[:InputBufferSize].

* lib/webrick/httpresposne.rb: WEBrick::HTTPResponse::BUFSIZE is
  replaced by config[:OutputBufferSize].

* lib/webrick/server.rb: get rid of unnecessary require.

* test/webrick/test_utils.rb: test for WEBrick::Utils.timeout.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-05-18 13:42:52 +00:00
usa
bea93efc42 * test/webrick/test_cgi.rb: should support platforms which search
library path from the interpreter's path.
  And, support test without install incidentally.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9983 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-02-22 07:27:20 +00:00
matz
5675cdbd41 * eval.c: unify ruby_class (for method definition) and ruby_cbase
(for constant reference).

* eval.c (rb_call0): use TMP_ALLOC() instead of allocating
  a temporary array object.

* eval.c (eval): need not to protect $SAFE value.
  [ruby-core:07177]

* error.c (Init_Exception): change NameError to direct subclass of
  Exception so that default rescue do not handle it silently.

* struct.c (rb_struct_select): update RDoc description.
  [ruby-core:7254]

* numeric.c (int_upto): return an enumerator if no block is
  attached to the method.

* numeric.c (int_downto): ditto.

* numeric.c (int_dotimes): ditto.

* enum.c (enum_first): new method Enumerable#first to take first n
  element from an enumerable.

* enum.c (enum_group_by): new method Enumerable#group_by that
  groups enumerable values according to their block values.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-02-03 09:15:42 +00:00
gotoyuzo
aa57e68b06 * lib/webrick/httpservlet/cgihandler.rb
(WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
  header field should be splited into each cookie.  [ruby-Bugs:2199]

* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
  to parse the value of Set-Cookie: header field.

* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
  test/webrick/webrick.cgi: add some test for cookie.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-10-30 20:40:05 +00:00
ocean
cc29d740b6 * test/webrick/test_cgi.rb: set ENV["PATH"] to CGIEnvPath on
windows. bcc32's runtime is not installed into system directory,
  so it cannot be found without this setting. [ruby-dev:27166]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-09-20 08:35:52 +00:00
gotoyuzo
2530fa50e9 * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line):
ENV["REQUEST_URI"] is better to get correct Request-URI
  than ENV["SCRIPT_NAME"] + ENV["PATH_INFO"].  [ruby-dev:26235]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-05-27 17:16:06 +00:00
gotoyuzo
6d69a240b8 * lib/webrick/cgi.rb: new methods WEBrick::CGI#[], WEBrick::CGI#logger
and WEBrick::CGI#config.  these are necessary to use an instance of
  WEBrick::CGI as the first argument of HTTPServlet#get_instance.
  (suggested by Tatsuki Sugiura)

* lib/webrick/cgi.rb
  (WEBrick::CGI#initalize): set a dummy to @config[:ServerSoftware]
  if SERVER_SOFTWARE environment variable is not given.
  (WEBrick::CGI#start): req.path_info must be a String.
  (WEBrick::CGI::Socket#request_line): treat REQUEST_METHOD, PATH_INFO
  and SCRIPT_NAME to run in console.

* lib/webrick/httputils.rb (WEBrick::HTTPUtils.escape_path): should
  not use String#split("/"). it removes trailing empty path component.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8393 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-04-29 22:10:56 +00:00
gotoyuzo
083475a1f3 * test/webrick/utils.rb: resuce LoadError.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7760 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-10 07:58:55 +00:00
gotoyuzo
a9a02401a8 * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.

* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
  new method to escape URI path component.

* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
  of :SSLEnable is false.

* test/webrick/{test_cgi.rb,webrick.cgi}: new file.

* test/webrick/utils.rb: require "webrick/https.h".


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-10 06:29:58 +00:00
gotoyuzo
7011bf1523 * test/webrick/test_server.rb (test_daemon): delete an assertion
which has possibility to fail by race condition.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7755 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-08 19:09:12 +00:00
gotoyuzo
36c839f233 * lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_service):
should delete trailing LF from the result of pack("m*").

* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
  - should delete trailing LF from the result of pack("m*").
  - clear Request-Line not to send the sesponse by HTTPServer#run.

* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
  refine regexp (and change the name of a local variable).

* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
  don't allow changing its mode.

* test/webrick/*, sample/webrick/httpproxy.rb: add new files.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-07 11:05:22 +00:00
gotoyuzo
97102f6596 * lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload):
raise NotImplementedError if password is encrypted by digest
  algorithms. This patch is contributed by sheepman. [ruby-list:40467]

* lib/webrick/httpauth/digestauth.rb
  (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
  This patch is contributed by sheepman. [ruby-list:40482]

* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
  pack/unpack-template char "m" instead of lib/base64.rb to do base64
  encoding/decoding. fixed: [ruby-dev:25336]

* test/webrick/test_httpauth.rb: new file.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-01-02 22:31:13 +00:00