bbda1a0274
webrick: prevent response splitting and header injection Original patch by tenderlove (with minor style adjustments). * lib/webrick/httpresponse.rb (send_header): call check_header (check_header): raise on embedded CRLF in header value * test/webrick/test_httpresponse.rb (test_prevent_response_splitting_headers): new test * (test_prevent_response_splitting_cookie_headers): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63022 b2dd03c8-39d4-4d8f-98ff-823fe69b080e |
||
|---|---|---|
| benchmark | ||
| bin | ||
| bootstraptest | ||
| ccan | ||
| coverage | ||
| cygwin | ||
| defs | ||
| doc | ||
| enc | ||
| ext | ||
| gems | ||
| include | ||
| lib | ||
| man | ||
| misc | ||
| missing | ||
| nacl | ||
| sample | ||
| spec | ||
| template | ||
| test | ||
| tool | ||
| win32 | ||
| .document | ||
| .editorconfig | ||
| .gdbinit | ||
| .gitignore | ||
| .indent.pro | ||
| .travis.yml | ||
| addr2line.c | ||
| addr2line.h | ||
| array.c | ||
| bignum.c | ||
| BSDL | ||
| ChangeLog | ||
| class.c | ||
| common.mk | ||
| compar.c | ||
| compile.c | ||
| complex.c | ||
| configure.in | ||
| constant.h | ||
| cont.c | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| COPYING.ja | ||
| debug.c | ||
| dir.c | ||
| dln.c | ||
| dln.h | ||
| dln_find.c | ||
| dmydln.c | ||
| dmyenc.c | ||
| dmyext.c | ||
| encoding.c | ||
| enum.c | ||
| enumerator.c | ||
| error.c | ||
| eval.c | ||
| eval_error.c | ||
| eval_intern.h | ||
| eval_jump.c | ||
| file.c | ||
| gc.c | ||
| gc.h | ||
| gem_prelude.rb | ||
| golf_prelude.rb | ||
| goruby.c | ||
| GPL | ||
| hash.c | ||
| ia64.s | ||
| inits.c | ||
| insns.def | ||
| internal.h | ||
| io.c | ||
| iseq.c | ||
| iseq.h | ||
| KNOWNBUGS.rb | ||
| LEGAL | ||
| lex.c.blt | ||
| load.c | ||
| loadpath.c | ||
| localeinit.c | ||
| main.c | ||
| Makefile.in | ||
| marshal.c | ||
| math.c | ||
| method.h | ||
| miniinit.c | ||
| NEWS | ||
| node.c | ||
| node.h | ||
| numeric.c | ||
| object.c | ||
| pack.c | ||
| parse.y | ||
| prelude.rb | ||
| probes.d | ||
| probes_helper.h | ||
| proc.c | ||
| process.c | ||
| random.c | ||
| range.c | ||
| rational.c | ||
| re.c | ||
| README.EXT | ||
| README.EXT.ja | ||
| README.ja.md | ||
| README.md | ||
| regcomp.c | ||
| regenc.c | ||
| regenc.h | ||
| regerror.c | ||
| regexec.c | ||
| regint.h | ||
| regparse.c | ||
| regparse.h | ||
| regsyntax.c | ||
| ruby.c | ||
| ruby_atomic.h | ||
| safe.c | ||
| signal.c | ||
| siphash.c | ||
| siphash.h | ||
| sparc.c | ||
| sprintf.c | ||
| st.c | ||
| strftime.c | ||
| string.c | ||
| struct.c | ||
| symbol.c | ||
| symbol.h | ||
| thread.c | ||
| thread_pthread.c | ||
| thread_pthread.h | ||
| thread_win32.c | ||
| thread_win32.h | ||
| time.c | ||
| timev.h | ||
| transcode.c | ||
| transcode_data.h | ||
| util.c | ||
| variable.c | ||
| version.c | ||
| version.h | ||
| vm.c | ||
| vm_args.c | ||
| vm_backtrace.c | ||
| vm_core.h | ||
| vm_debug.h | ||
| vm_dump.c | ||
| vm_eval.c | ||
| vm_exec.c | ||
| vm_exec.h | ||
| vm_insnhelper.c | ||
| vm_insnhelper.h | ||
| vm_method.c | ||
| vm_opts.h | ||
| vm_trace.c | ||
| vsnprintf.c | ||
What's Ruby
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Features of Ruby
- Simple Syntax
- Normal Object-Oriented features(ex. class, method calls)
- Advanced Object-Oriented features(ex. Mix-in, Singleton-method)
- Operator Overloading
- Exception Handling
- Iterators and Closures
- Garbage Collection
- Dynamic Loading of Object files(on some architecture)
- Highly Portable (works on many Unix-like/POSIX compatible platforms as well as Windows, Mac OS X, BeOS etc.) cf. http://bugs.ruby-lang.org/projects/ruby-trunk/wiki/SupportedPlatforms
How to get Ruby
For a complete list of ways to install Ruby, including using third party tools like rvm, see:
http://www.ruby-lang.org/en/downloads/
The Ruby distribution files can be found in the following FTP site:
ftp://ftp.ruby-lang.org/pub/ruby/
The trunk of the Ruby source tree can be checked out with the following command:
$ svn co http://svn.ruby-lang.org/repos/ruby/trunk/ ruby
Or if you are using git then use the following command:
$ git clone git://github.com/ruby/ruby.git
There are some other branches under development. Try the following command and see the list of branches:
$ svn ls http://svn.ruby-lang.org/repos/ruby/branches/
Or if you are using git then use the following command:
$ git ls-remote git://github.com/ruby/ruby.git
Ruby home-page
The URL of the Ruby home-page is:
Mailing list
There is a mailing list to talk about Ruby. To subscribe this list, please send the following phrase
subscribe
in the mail body (not subject) to the address mailto:ruby-talk-request@ruby-lang.org.
How to compile and install
This is what you need to do to compile and install Ruby:
-
If you want to use Microsoft Visual C++ to compile ruby, read win32/README.win32 instead of this document.
-
If
./configuredoes not exist or is older than configure.in, run autoconf to (re)generate configure. -
Run
./configure, which will generate config.h and Makefile.Some C compiler flags may be added by default depending on your environment. Specify
optflags=..andwarnflags=..as necessary to override them. -
Edit
defines.hif you need. Usually this step will not be needed. -
Remove comment mark(
#) before the module names fromext/Setup(or add module names if not present), if you want to link modules statically.If you don't want to compile non static extension modules (probably on architectures which do not allow dynamic loading), remove comment mark from the line "
#option nodynamic" inext/Setup.Usually this step will not be needed.
-
Run
make. -
Optionally, run '
make check' to check whether the compiled Ruby interpreter works well. If you see the message "check succeeded", your ruby works as it should (hopefully). -
Run '
make install'This command will create following directories and install files onto them.
${DESTDIR}${prefix}/bin${DESTDIR}${prefix}/include/ruby-${MAJOR}.${MINOR}.${TEENY}${DESTDIR}${prefix}/include/ruby-${MAJOR}.${MINOR}.${TEENY}/${PLATFOR M}${DESTDIR}${prefix}/lib${DESTDIR}${prefix}/lib/ruby${DESTDIR}${prefix}/lib/ruby/${MAJOR}.${MINOR}.${TEENY}${DESTDIR}${prefix}/lib/ruby/${MAJOR}.${MINOR}.${TEENY}/${PLATFORM}${DESTDIR}${prefix}/lib/ruby/site_ruby${DESTDIR}${prefix}/lib/ruby/site_ruby/${MAJOR}.${MINOR}.${TEENY}${DESTDIR}${prefix}/lib/ruby/site_ruby/${MAJOR}.${MINOR}.${TEENY}/${P LATFORM}${DESTDIR}${prefix}/lib/ruby/vendor_ruby${DESTDIR}${prefix}/lib/ruby/vendor_ruby/${MAJOR}.${MINOR}.${TEENY}${DESTDIR}${prefix}/lib/ruby/vendor_ruby/${MAJOR}.${MINOR}.${TEENY}/$ {PLATFORM}${DESTDIR}${prefix}/lib/ruby/gems/${MAJOR}.${MINOR}.${TEENY}${DESTDIR}${prefix}/share/man/man1${DESTDIR}${prefix}/share/ri/${MAJOR}.${MINOR}.${TEENY}/system
If Ruby's API version is 'x.y.z', the
${MAJOR}is 'x', the${MINOR}is 'y', and the${TEENY}is 'z'.NOTE: teeny of the API version may be different from one of Ruby's program version
You may have to be a super user to install ruby.
If you fail to compile ruby, please send the detailed error report with the error log and machine/OS type, to help others.
Some extension libraries may not get compiled because of lack of necessary
external libraries and/or headers, then you will need to run 'make distclean-ext' to remove old configuration after installing them in such
case.
Copying
See the file COPYING.
Feedback
Questions about the Ruby language can be asked on the Ruby-Talk mailing list (http://www.ruby-lang.org/en/community/mailing-lists) or on websites like (http://stackoverflow.com).
Bug reports should be filed at http://bugs.ruby-lang.org
The Author
Ruby was originally designed and developed by Yukihiro Matsumoto (Matz) in 1995.