* compile.c (compile_if): rewind callinfo indexes used in
unreachable paths, to get rid of dumping unused callinfos.
[ruby-core:86399] [Bug #14553]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* array.c (rb_ary_collect): yield in block argument semantics
always to splat array elements to lambda, for the backward
compatibility. [ruby-core:86362] [Bug #14639]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63030 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* dir.c (GlobPathValue): should be used in rb_push_glob only.
other methods should use FilePathValue.
https://hackerone.com/reports/302338
* dir.c (rb_push_glob): expand GlobPathValue
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62989 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Original patch by tenderlove (with minor style adjustments).
* lib/webrick/httpresponse.rb (send_header): call check_header
(check_header): raise on embedded CRLF in header value
* test/webrick/test_httpresponse.rb
(test_prevent_response_splitting_headers): new test
* (test_prevent_response_splitting_cookie_headers): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This is consistent with other implementations of .write
in openssl and stringio.
* io.c (io_write_m): return 0 on argc == 0
[ruby-core:86285] [Bug #14338]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62967 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks. Introduce Fibers in both
cases to allow streaming.
WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream. This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.
For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.
* lib/webrick/httprequest.rb (body_reader): new method
(readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
to stream response body
(do_GET, do_HEAD): adjust call
(do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
No changes to the actual code, this is a new test for
a feature for which no tests existed. I don't understand
the Digest authentication code well at all, but this is
necessary for the subsequent change.
* test/webrick/test_httpauth.rb (test_digest_auth_int): new test
(credentials_for_request): support bodies with POST
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.
* lib/webrick/httprequest.rb (read_chunk_size): limit each
read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62963 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
"BadRequest" alone does not resolve correctly, it is in the
HTTPStatus namespace.
* lib/webrick/httprequest.rb (read_chunked): use correct exception
* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request. This also limits the damage done by
excessive ranges in multipart Range: requests.
Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.
* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
(read_header): raise when headers exceed max length
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
We need to ensure we generate compatibile output in
the face of future changes
* test/webrick/test_filehandler.rb (test_make_partial_content):
check response body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62956 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This is also compatible with range responses generated
by Rack::File (tested with rack 2.0.3).
* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
use File object for the single range case
* test/webrick/test_filehandler.rb (get_res_body): use send_body
to test result
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* win32/file.c (IS_ABSOLUTE_PATH_P): home directory should not be
a relative path regardless a drive letter. PathIsRelativeW
returns FALSE on such path. [ruby-core:86356] [Bug #14638]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rb_ensure is insufficient cleanup for fork and we must
reinitialize all waitqueues in the child process.
Unfortunately this increases the footprint of ConditionVariable,
Queue and SizedQueue by 8 bytes on 32-bit (16 bytes on 64-bit).
[ruby-core:86316] [Bug #14634]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62934 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It fixed the several bugs that was found after RDoc 6 releasing.
From: SHIBATA Hiroshi <hsbt@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62924 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_keyword.rb (test_splat_hash): assertion on
mandatory and rest arguments. r62914 is not only for optional
argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62919 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* vm_args.c (setup_parameters_complex): [EXPERIMENTAL] warn when
splat keyword arguments is passed as a single ordinary argument,
not as a keyword rest argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62914 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* parse.y (bodystmt): expand opt_else to show the error message at
the right place.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Now URI is normally UTF-8, and US-ASCII URI string is considered as
escaped a UTF-8 string.
https://github.com/rails/rails/issues/32294
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62897 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Improve code coverage and clarify meaning of hierarchical based on RFC
text.
[Fix GH-1846]
From: Xavier Riley <xavriley@hotmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62882 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* parse.y (here_document): a continuing line is not the
terminator. [ruby-core:86283] [Bug #14621]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62873 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* parse.y (tokadd_string): stop at continued line in dedented here
documents, to dedent for each lines before removing escaped
newlines. [ruby-core:86236] [Bug #14621]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62872 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_iseq.rb (test_to_binary_with_objects): disable
load_from_binary right now, r62851 seems having a trouble around
get_insn_info_succinct_bitvector() yet.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
For security reasons, File.read, File.binread, File.write, File.binwrite,
File.foreach, and File.readlines should not invoke external commands even
if the path starts with the pipe character |.
[ruby-core:84495] [Feature #14245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62857 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c (ibf_load_iseq_each): manage iseq_size to point loaded
objects in iseq_encoded. now marking iseq scans iseq_encoded
directly.
* test/ruby/test_iseq.rb (test_to_binary_with_objects): skip for
now, but fix argument order of assert_equal.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c (iseq_set_arguments): determine argument variable
indexes by the order, not by just IDs. arguments begin with `_`
can be duplicate, so by-ID index may result in a wrong value.
[ruby-core:86159] [Bug #14611]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62833 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* re.c (rb_reg_str_with_term): change terminator.
* re.c (rb_reg_s_union): terminator in source string does not need
to be escaped. terminators are outside of regexp source itself.
[ruby-core:86149] [Bug #14608]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62779 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_iseq.rb (test_to_binary_with_objects): #to_binary
does not support iseq compiled with coverage, just skip.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62776 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
