length to 2083. This is from Internet Explorer's max uri
length. http://support.microsoft.com/kb/208427 [ruby-core:32924]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29617 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
method for generating HTTP/1.1 100 continue response if the client
expects it, otherwise does nothing. Patch by Brian Candler.
ref #855.
* test/webrick/test_httprequest.rb: test added.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
Fix for possible cross-site scripting (CVE-2010-0541).
Found by Apple, reported by Hideki Yamane.
Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rollup leading slashes. [ruby-core:31657]
patched by Jamison Wilde
NOTE: //authority/path is valid relative URI both RFC2396 and
RFC3986. So when give a relative URI-like string to URI lib,
users must care leading slashes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merged r28784 from ruby_1_8: wrongly created dummy SSL certificate
with version == 3 (no such version) and serial == 0 (must be >0).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28803 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(prevent_directory_traversal): apply filesystem encoding to path
only during calling File.expand_path. [ruby-dev:41423]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPServlet::CGIHandler#do_GET):
set binary mode for tempfile.
1265467681/286
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26887 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
use possessive match for path retrieval to avoid huge recursion
for insanely long path.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
reduce backtrack. based on a fix by Christian Neukirchen
<chneukirchen AT gmail.com>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Set the HTTP status code to 302 if a Location header field is
present and the status code is not valid as a client
redirection. cf. RFC 3875 6.2.3, 6.2.4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
WEBrick::HTTPRequest#{host,port,request_uri} is derived having
regards to X-Forwarded-Proto and X-Forwarded-Host.
* lib/webrick/httprequest.rb
(WEBrick::HTTPRequest#server_name?): new method.
(WEBrick::HTTPRequest#remote_ip?): new method.
(WEBrick::HTTPRequest#ssl?): new method.
* string.c (rb_enc_cr_str_buf_cat): fix self appending.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
call do_XXX which corespond with request method.
(WEBrick::HTTPProxyServer#do_CONNECT,do_GET,do_POST,do_HEAD): added.
* test/webrick/test_httpproxy.rb: add test for WEBrick::HTTPProxyServer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should rescue Errno::EINVAL from TCPServer#accept. this exception
might occur if the server socket is not in ready to listen.
* lib/webrick/server.rb (WEBrick::GenericServer#accept_client):
don't call TCPServer#close if the :ShutdownSocketWithoutClose is set.
* lib/webrick/config.rb (WEBrick::Config::General): add new parameter
:ShutdownSocketWithoutClose.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14306 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
test/rss/rss-assertions.rb, test/rss/test_atom.rb: use
pack/unpack("m") instead of base64 library.
* lib/webrick/httpproxy.rb: use delete("\n") instead of chomp/chop
because the result of pack("m") might be multi-line.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
header fields shold be read with maximum length. [ruby-talk:231745]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPAuth::Authenticator#check_scheme): auth-scheme must be
treated as a case-insensitive token according to RFC 2617 section 1.2.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpstatus.rb (WEBrick::HTTPStatus::EOFError): adapt
to new syntax.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Arrays could not be modified in its each block. [ruby-dev:30063]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11472 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
HTTPUtils::parse_header() takes a string. [ruby-dev:29931]
* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_header):
String does no longer have each method.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_form_data):
ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11321 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
method to parse multiple cookies per Set-Cookie header.
Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>.
[ruby-core:08802]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
