archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-23 13:04:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
91898 commits 30 branches 1174 tags 508 MiB
Commit graph

116 commits

Author SHA1 Message Date
Hiroshi SHIBATA
600c616507 Removed CGI library without CGI::Escape features 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
56423d43a3 Reduce loading class/module on CGIUtilTest and CGIEscapeTest 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
382be44f42 Extract CGIEscapeTest from CGIUtilTest 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
8a1d45144b Support require 'cgi/escape' with extracting CGI::Escape from CGI::Util 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
237ab21f25 [ruby/cgi] Escape/unescape unclosed tags as well 
cd1eb08076

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
 2025-02-26 07:34:04 +00:00
Hiroshi SHIBATA
3185550623 Make Pstore tests as optional 2025-01-10 10:19:39 +09:00
flosacca
0daa0589a9 [ruby/cgi] Add failing test cases for CGI::Escape.unescapeHTML 
92fdb3316b
 2023-11-30 08:19:28 +00:00
Jean Boussier
ced84beb25 [ruby/cgi] Add snake case aliases for escapeURIComponent 
As agreed in [Feature #18822]

9d1161ec9d
 2023-11-07 10:22:30 +00:00
Benoit Daloze
f61bd3ca80 [ruby/cgi] Add TruffleRuby support and add it in CI 
1240fec9c9
 2023-05-29 19:33:38 +00:00
Xenor Chang
745dcf5326 [ruby/cgi] Loosen the domain regex to accept '.' 
(https://github.com/ruby/cgi/pull/29)

* Loosen the domain regex to accept '.'

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>

5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
 2022-11-28 04:34:11 +00:00
Jean Boussier
656f25987c [ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on older rubies 
05f0c58048
 2022-11-24 18:32:19 +00:00
Nobuyoshi Nakada
58682b6980 [ruby/cgi] Relax domain label restrictions 
b46d41c363
 2022-11-22 02:12:50 +00:00
Yusuke Endoh
0e75b2f2e6 [ruby/cgi] Prevent CRLF injection 
Throw a RuntimeError if the HTTP response header contains CR or LF to
prevent HTTP response splitting.

https://hackerone.com/reports/1204695

64c5045c0a
 2022-11-22 02:00:11 +00:00
Nobuyoshi Nakada
c05f85f373 [ruby/cgi] Check cookie name/path/domain characters 
https://hackerone.com/reports/1204977

30107a4797
 2022-11-22 02:00:10 +00:00
Jean Boussier
3850113e20 [ruby/cgi] Implement CGI.url_encode and CGI.url_decode 
[Feature #18822]

Ruby is somewhat missing an RFC 3986 compliant escape method.

c2729c7f33
 2022-08-16 19:12:03 +09:00
Pavel Rosický
4bc7cef866
[ruby/cgi] jruby support 
93326fb622
 2022-06-06 18:13:01 +09:00
Nobuyoshi Nakada
e4b35b158a [ruby/cgi] Check integer overflow in long range 
https://hackerone.com/reports/1328463

ccaf6027e0
 2021-12-12 13:05:15 +09:00
Nobuyoshi Nakada
0f31b3f465 [ruby/cgi] When parsing cookies, only decode the values 
052eb3a828
 2021-11-24 19:59:00 +09:00
Jeremy Evans
f818b1ed2b
[ruby/cgi] Add test for escapeHTML/unescapeHTML invalid encoding fix in pure ruby version 
Also, remove pointless assert_nothing_raised(ArgumentError) while
here.

c05edf5608
 2021-04-22 11:51:36 +09:00
Koichi Sasada
31c55b6725 need to restore $stdin. 2020-03-02 13:14:38 +09:00
Jeremy Evans
ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops 
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
 2019-11-18 01:00:25 +02:00
Semyon Pupkov
4173258fd0
change call CGI methods from :: to . 
Closes: https://github.com/ruby/ruby/pull/1749
 2019-08-04 09:19:30 +09:00
MSP-Greg (Greg L)
2ad7a7f801
Get rid of error with frozen string literal 
[Bug #14194]
 2019-06-23 07:36:26 +09:00
normal
0e32c7c10a Revert "ext/cgi/escape: preserve String subclass in result" 
This reverts commit 6afea14043 r63328
I misread the original bug report and got results flipped.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63330 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-05-03 01:24:09 +00:00
normal
6afea14043 ext/cgi/escape: preserve String subclass in result 
* ext/cgi/escape/escape.c (optimized_escape_html): use rb_str_new_with_class
  (optimized_unescape_html): ditto
  (optimized_escape): ditto
  (optimized_unescape): ditto
* test/cgi/test_cgi_util.rb (test_escape_string_subclass): new test
  [ruby-core:86847] [Bug #14732]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-05-02 23:18:55 +00:00
k0kubun
c26a9a7338 Fix strange indentation 
which I introduced at r58773.
Hard tabs and spaces are mixed...

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58783 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-18 15:13:30 +00:00
k0kubun
e1b4327545 cgi/util.rb: Don't escape tilde in #escape 
to make it compatible with ERB::Util.url_encode.

ext/cgi/escape/escape.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-17 12:34:59 +00:00
nobu
97849e1178 share @@accept_charset 
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
  share `@@accept_charset` class variable, so that it is always
  accessible.  [ruby-core:80986] [Bug #13539]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-05-06 01:33:04 +00:00
kazu
fbd5cda6aa {lib,test}/cgi: Specify frozen_string_literal: true. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-18 05:52:16 +00:00
nobu
c373866444 escape.c: check argument 
* ext/cgi/escape/escape.c (optimized_unescape): check
  accept_charset encoding argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57501 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-02 08:02:36 +00:00
nobu
7d0d0d5864 test_cgi_util.rb: encoding tests 
* test/cgi/test_cgi_util.rb (test_cgi_unescape): \u is useless on
  old versions.

* test/cgi/test_cgi_util.rb (test_cgi_include_unescape): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-02-02 07:03:59 +00:00
naruse
5f33c6b0f5 * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791] 
* lib/webrick/cookie.rb (parse): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-09-27 03:17:47 +00:00
nobu
e7440de279 test: use assert_include 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-07-26 13:02:33 +00:00
nobu
20cd25c86f cgi/util.rb: remove CGI::Util#_unescape 
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
  method instead of _unescape, and should pass the optional
  argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
  method.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-04-20 08:33:33 +00:00
nobu
8a180ee4b7 test_cgi_util.rb: test_cgi_unescapeHTML_invalid 
* test/cgi/test_cgi_util.rb (test_cgi_unescapeHTML_invalid): test
  for invalid escaped HTML, borrowed from rubyspec.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-02-14 08:52:38 +00:00
nobu
8e46f401b2 ASCII-incompatible escape 
* lib/cgi/util.rb (escapeHTML, unescapeHTML): consider
  ASCII-incompatible encodings.  [Fix GH-1239]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53754 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-02-06 13:31:07 +00:00
nobu
10a129cee7 escape.c: should not freeze 
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
  should return unfrozen new string.
  [ruby-core:72426] [Bug #11858]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-22 05:31:31 +00:00
nobu
1b107d48ef escape.c: Preserve original state 
* ext/cgi/escape/escape.c (preserve_original_state): Preserve
  original state for tainted and frozen.  [Fix GH-1166]
  [ruby-dev:49451] [Bug #11855]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-21 20:40:02 +00:00
nobu
ce7f7f5e3d cgi/escape: Optimize CGI.escapeHTML 
* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-20 11:54:54 +00:00
nobu
28dc41090a test_cgi_util.rb: fix arguments orders 
* test/cgi/test_cgi_util.rb: fix arguments orders, expected values
  should be placed first and then actual results.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-20 11:31:22 +00:00
naruse
3e92b635fb Add frozen_string_literal: false for all files 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-16 05:07:31 +00:00
nobu
c81b224edc test: use String#b instead of dup.force_encoding 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53109 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-14 06:40:55 +00:00
xibbar
a4344cb5b4 * lib/cgi/cookie.rb: Implement HttpOnly flag for cookies. 
[fix GH-887] Patch by @martinpovolny

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-05-14 23:27:01 +00:00
nobu
5d071fe381 cookie.rb: trailing comma 
* lib/cgi/cookie.rb: add trailing comma for further lines.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-04-29 13:22:34 +00:00
nobu
05c29680e5 fix env leaks 
* lib/rubygems/test_case.rb (setup, teardown): fix
  environment variable change leaks.

* test/cgi/update_env.rb: ditto.

* test/rake/test_rake_application_options.rb (setup, teardown):
  ditto.

* test/rake/test_rake_file_utils.rb (setup, teardown): ditto.

* test/rubygems/test_gem_request.rb (setup): add https_proxy.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-03-12 14:57:33 +00:00
akr
fb2008a73a * test/lib/envutil.rb: Moved from test/ruby/. 
* test/lib/find_executable.rb: Ditto.

* test/lib/memory_status.rb: Ditto.

* test/lib/test/unit.rb: require envutil.

* test/: Don't require envutil in test files.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-11-13 16:05:37 +00:00
hsbt
556f805493 * test/cgi/test_cgi_core.rb: removed obsoleted condition for Ruby 1.8. 
* test/cgi/test_cgi_header.rb: ditto.
* test/cgi/test_cgi_multipart.rb: ditto.
* test/cgi/test_cgi_tag_helper.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-08-09 01:19:18 +00:00
xibbar
5c99f241a0 * lib/cgi/core.rb: Provide a mechanism to specify the 
max_multipart_length of multipart data.
  [Feature #8370] patch by Leif Eriksen <leif.eriksen.au@gmail.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-06-10 04:29:49 +00:00
akr
9e9fcfeef4 Use Tempfile#close!. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-05-27 16:17:13 +00:00
akr
c968f908e1 * lib/cgi/core.rb: Use Tempfile#close(true) instead of Tempfile#unlink 
to close file descriptors.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46181 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-05-27 14:51:08 +00:00