Commit 708a3f1e authored by Praveen Arimbrathodiyil's avatar Praveen Arimbrathodiyil

Updated version 2.0.3 from 'upstream/2.0.3'

with Debian dir 760125e73a009676b89839a840eb4560b0707b8e
parents b05bdce3 61a2d318
Copyright (c) 2007-2015 Christian Neukirchen <purl.org/net/chneukirchen>
Copyright (c) 2007-2016 Christian Neukirchen <purl.org/net/chneukirchen>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
......
Fri Jun 19 07:14:50 2015 Matthew Draper <matthew@trebex.net>
Sun Dec 4 18:48:03 2015 Jeremy Daer <jeremydaer@gmail.com>
* Work around a Rails incompatibility in our private API
* First-party "SameSite" cookies. Browsers omit SameSite cookies
from third-party requests, closing the door on many CSRF attacks.
Pass `same_site: true` (or `:strict`) to enable:
response.set_cookie 'foo', value: 'bar', same_site: true
or `same_site: :lax` to use Lax enforcement:
response.set_cookie 'foo', value: 'bar', same_site: :lax
Based on version 7 of the Same-site Cookies internet draft:
https://tools.ietf.org/html/draft-west-first-party-cookies-07
Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
updating to drafts 5 and 7.
Tue Nov 3 16:17:26 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Add `Rack::Events` middleware for adding event based middleware:
middleware that does not care about the response body, but only cares
about doing work at particular points in the request / response
lifecycle.
Thu Oct 8 14:58:46 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Add `Rack::Request#authority` to calculate the authority under which
the response is being made (this will be handy for h2 pushes).
Tue Oct 6 13:19:04 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Add `Rack::Response::Helpers#cache_control` and `cache_control=`.
Use this for setting cache control headers on your response objects.
Tue Oct 6 13:12:21 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Add `Rack::Response::Helpers#etag` and `etag=`. Use this for
setting etag values on the response.
Sun Oct 3 18:25:03 2015 Jeremy Daer <jeremydaer@gmail.com>
* Introduce `Rack::Response::Helpers#add_header` to add a value to a
multi-valued response header. Implemented in terms of other
`Response#*_header` methods, so it's available to any response-like
class that includes the `Helpers` module.
* Add `Rack::Request#add_header` to match.
Fri Sep 4 18:34:53 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* `Rack::Session::Abstract::ID` IS DEPRECATED. Please switch to
`Rack::Session::Abstract::Persisted`.
`Rack::Session::Abstract::Persisted` uses a request object rather than
the `env` hash.
Fri Sep 4 17:32:12 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Pull `ENV` access inside the request object in to a module. This
will help with legacy Request objects that are ENV based but don't
want to inherit from Rack::Request
Fri Sep 4 16:09:11 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Move most methods on the `Rack::Request` to a module
`Rack::Request::Helpers` and use public API to get values from the
request object. This enables users to mix `Rack::Request::Helpers` in
to their own objects so they can implement
`(get|set|fetch|each)_header` as they see fit (for example a proxy
object).
Fri Sep 4 14:15:32 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Files and directories with + in the name are served correctly.
Rather than unescaping paths like a form, we unescape with a URI
parser using `Rack::Utils.unescape_path`. Fixes #265
Thu Aug 27 15:43:48 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Tempfiles are automatically closed in the case that there were too
many posted.
Thu Aug 27 11:00:03 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Added methods for manipulating response headers that don't assume
they're stored as a Hash. Response-like classes may include the
Rack::Response::Helpers module if they define these methods:
* Rack::Response#has_header?
* Rack::Response#get_header
* Rack::Response#set_header
* Rack::Response#delete_header
Mon Aug 24 18:05:23 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Introduce Util.get_byte_ranges that will parse the value of the
HTTP_RANGE string passed to it without depending on the `env` hash.
`byte_ranges` is deprecated in favor of this method.
Sat Aug 22 17:49:49 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Change Session internals to use Request objects for looking up
session information. This allows us to only allocate one request
object when dealing with session objects (rather than doing it every
time we need to manipulate cookies, etc).
Fri Aug 21 16:30:51 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Add `Rack::Request#initialize_copy` so that the env is duped when
the request gets duped.
Thu Aug 20 16:20:58 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Added methods for manipulating request specific data. This includes
data set as CGI parameters, and just any arbitrary data the user wants
to associate with a particular request. New methods:
* Rack::Request#has_header?
* Rack::Request#get_header
* Rack::Request#fetch_header
* Rack::Request#each_header
* Rack::Request#set_header
* Rack::Request#delete_header
Thu Jun 18 16:00:05 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* lib/rack/utils.rb: add a method for constructing "delete" cookie
headers. This allows us to construct cookie headers without depending
on the side effects of mutating a hash.
Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Prevent extremely deep parameters from being parsed. CVE-2015-3225
### December 18th, Thirty sixth public release 1.6.0
### February 7th, Thirty fifth public release 1.5.2
### May 6th, 2015, Thirty seventh public release 1.6.1
- Fix CVE-2014-9490, denial of service attack in OkJson ([8cd610](https://github.com/rack/rack/commit/8cd61062954f70e0a03e2855704e95ff4bdd4f6e))
- Use a monotonic time for Rack::Runtime, if available ([d170b2](https://github.com/rack/rack/commit/d170b2363c949dce60871f9d5a6bfc83da2bedb5))
- RACK_MULTIPART_LIMIT changed to RACK_MULTIPART_PART_LIMIT (RACK_MULTIPART_LIMIT is deprecated and will be removed in 1.7.0) ([c096c5](https://github.com/rack/rack/commit/c096c50c00230d8eee13ad5f79ad027d9a3f3ca9))
- See the full [git history](https://github.com/rack/rack/compare/1.6.0...1.6.1) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22)
### May 6th, 2015, Thirty seventh public release 1.5.3
- Fix CVE-2014-9490, denial of service attack in OkJson ([99f725](https://github.com/rack/rack/commit/99f725b583b357376ffbb7b3b042c5daa3106ad6))
- Backport bug fixes to 1.5 series ([#585](https://github.com/rack/rack/pull/585), [#711](https://github.com/rack/rack/pull/711), [#756](https://github.com/rack/rack/pull/756))
- See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.5.3) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.5.3%22)
### December 18th, 2014, Thirty sixth public release 1.6.0
- Response#unauthorized? helper ([#580](https://github.com/rack/rack/pull/580))
- Deflater now accepts an options hash to control compression on a per-request level ([#457](https://github.com/rack/rack/pull/457))
- Builder#warmup method for app preloading ([#617](https://github.com/rack/rack/pull/617))
- Request#accept_language method to extract HTTP_ACCEPT_LANGUAGE ([#623](https://github.com/rack/rack/pull/623))
- Add quiet mode of rack server, rackup --quiet ([#674](https://github.com/rack/rack/pull/674))
- Update HTTP Status Codes to RFC 7231 ([#754](https://github.com/rack/rack/pull/754))
- Less strict header name validation according to [RFC 2616](https://tools.ietf.org/html/rfc2616) ([#399](https://github.com/rack/rack/pull/399))
- SPEC updated to specify headers conform to RFC7230 specification ([6839fc](https://github.com/rack/rack/commit/6839fc203339f021cb3267fb09cba89410f086e9))
- Etag correctly marks etags as weak ([#681](https://github.com/rack/rack/issues/681))
- Request#port supports multiple x-http-forwarded-proto values ([#669](https://github.com/rack/rack/pull/669))
- Utils#multipart_part_limit configures the maximum number of parts a request can contain ([#684](https://github.com/rack/rack/pull/684))
- Default host to localhost when in development mode ([#514](https://github.com/rack/rack/pull/514))
- Various bugfixes and performance improvements (See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.6.0) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22))
### February 7th, 2013, Thirty fifth public release 1.5.2
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- Fix CVE-2013-0262, symlink path traversal in Rack::File
- Add various methods to Session for enhanced Rails compatibility
......@@ -18,7 +166,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
- Fix a race condition that could result in overwritten pidfiles
- Various documentation additions
### February 7th, Thirty fifth public release 1.4.5
### February 7th, 2013, Thirty fifth public release 1.4.5
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- Fix CVE-2013-0262, symlink path traversal in Rack::File
......@@ -353,3 +501,5 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
- Removed Rails adapter, was too alpha.
### March 3rd, 2007: First public release 0.1.
/* vim: set filetype=changelog */
= Known issues with Rack and ECMA-262
* Many users expect the escape() function defined in ECMA-262 to be compatible
with URI. Confusion is especially strong because the documentation for the
escape function includes a reference to the URI specifications. ECMA-262
escape is not however a URI escape function, it is a javascript escape
function, and is not fully compatible. Most notably, for characters outside of
the BMP. Users should use the more correct encodeURI functions.
= Known issues with Rack and Web servers
* Lighttpd sets wrong SCRIPT_NAME and PATH_INFO if you mount your
FastCGI app at "/". This can be fixed by using this middleware:
class LighttpdScriptNameFix
def initialize(app)
@app = app
end
def call(env)
env["PATH_INFO"] = env["SCRIPT_NAME"].to_s + env["PATH_INFO"].to_s
env["SCRIPT_NAME"] = ""
@app.call(env)
end
end
Of course, use this only when your app runs at "/".
Since lighttpd 1.4.23, you also can use the "fix-root-scriptname" flag
in fastcgi.server.
= Known conflicts regarding parameter parsing
* Many users have differing opinions about parameter parsing. The current
parameter parsers in Rack are based on a combination of the HTTP and CGI
specs, and are intended to round-trip encoding and decoding. There are some
choices that may be viewed as deficiencies, specifically:
- Rack does not create implicit arrays for multiple instances of a parameter
- Rack returns nil when a value is not given
- Rack does not support multi-type keys in parameters
These issues or choices, will not be fixed before 2.0, if at all. They are
very major breaking changes. Users are free to write alternative parameter
parsers, and their own Request and Response wrappers. Moreover, users are
encouraged to do so.
= Rack, a modular Ruby webserver interface {<img src="https://secure.travis-ci.org/rack/rack.svg" alt="Build Status" />}[http://travis-ci.org/rack/rack] {<img src="https://gemnasium.com/rack/rack.svg" alt="Dependency Status" />}[https://gemnasium.com/rack/rack]
Rack provides a minimal, modular and adaptable interface for developing
Rack provides a minimal, modular, and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
......@@ -12,9 +12,6 @@ which all Rack applications should conform to.
== Supported web servers
The included *handlers* connect all kinds of web servers to Rack:
* Mongrel
* EventedMongrel
* SwiftipliedMongrel
* WEBrick
* FCGI
* CGI
......@@ -28,13 +25,11 @@ These web servers include Rack handlers in their distributions:
* Glassfish v3
* Phusion Passenger (which is mod_rack for Apache and for nginx)
* Puma
* Rainbows!
* Reel
* Unicorn
* unixrack
* uWSGI
* yahns
* Zbatery
Any valid Rack app will run the same on all these handlers, without
changing anything.
......@@ -103,8 +98,8 @@ Rack::Builder DSL to configure middleware and build up applications
easily.
rackup automatically figures out the environment it is run in, and
runs your application as FastCGI, CGI, or standalone with Mongrel or
WEBrick---all from the same configuration.
runs your application as FastCGI, CGI, or WEBrick---all from the
same configuration.
== Quick start
......@@ -141,19 +136,17 @@ Or:
bundle install # this assumes that you have installed native extensions!
There are two rake-based test tasks:
There is a rake-based test task:
rake test tests all the fast tests (no Handlers or Adapters)
rake fulltest runs all the tests
rake test tests all the tests
The fast testsuite has no dependencies outside of the core Ruby
The testsuite has no dependencies outside of the core Ruby
installation and bacon.
To run the test suite completely, you need:
* fcgi
* memcache-client
* mongrel
* thin
The full set of tests test FCGI access with lighttpd (on port
......@@ -209,7 +202,7 @@ Can also be set via the RACK_MULTIPART_PART_LIMIT environment variable.
== History
See <https://github.com/rack/HISTORY.md>.
See <https://github.com/rack/rack/blob/master/HISTORY.md>.
== Contact
......@@ -235,19 +228,19 @@ You are also welcome to join the #rack channel on irc.freenode.net.
The Rack Core Team, consisting of
* Christian Neukirchen (chneukirchen)
* James Tucker (raggi)
* Josh Peek (josh)
* José Valim (josevalim)
* Michael Fellinger (manveru)
* Aaron Patterson (tenderlove)
* Santiago Pastorino (spastorino)
* Konstantin Haase (rkh)
* Christian Neukirchen (chneukirchen[https://github.com/chneukirchen])
* James Tucker (raggi[https://github.com/raggi])
* Josh Peek (josh[https://github.com/josh])
* José Valim (josevalim[https://github.com/josevalim])
* Michael Fellinger (manveru[https://github.com/manveru])
* Aaron Patterson (tenderlove[https://github.com/tenderlove])
* Santiago Pastorino (spastorino[https://github.com/spastorino])
* Konstantin Haase (rkh[https://github.com/rkh])
and the Rack Alumnis
* Ryan Tomayko (rtomayko)
* Scytrin dai Kinthra (scytrin)
* Ryan Tomayko (rtomayko[https://github.com/rtomayko])
* Scytrin dai Kinthra (scytrin[https://github.com/scytrin])
would like to thank:
......@@ -309,4 +302,3 @@ rack-devel mailing list:: <https://groups.google.com/group/rack-devel>
Rack's Rubyforge project:: <http://rubyforge.org/projects/rack>
Christian Neukirchen:: <http://chneukirchen.org/>
......@@ -36,7 +36,7 @@ task :officialrelease_really => %w[SPEC dist gem] do
end
def release
"rack-#{File.read("rack.gemspec")[/s.version *= *"(.*?)"/, 1]}"
"rack-" + File.read('lib/rack.rb')[/RELEASE += +([\"\'])([\d][\w\.]+)\1/, 2]
end
desc "Make binaries executable"
......@@ -52,7 +52,7 @@ file '.git/index'
file "ChangeLog" => '.git/index' do
File.open("ChangeLog", "w") { |out|
log = `git log -z`
log.force_encoding(Encoding::BINARY) if log.respond_to?(:force_encoding)
log.force_encoding(Encoding::BINARY)
log.split("\0").map { |chunk|
author = chunk[/Author: (.*)/, 1].strip
date = chunk[/Date: (.*)/, 1].strip
......@@ -82,22 +82,14 @@ end
desc "Run all the fast + platform agnostic tests"
task :test => 'SPEC' do
opts = ENV['TEST'] || '-a'
specopts = ENV['TESTOPTS'] ||
"-q -t '^(?!Rack::Adapter|Rack::Session::Memcache|Rack::Server|Rack::Handler)'"
opts = ENV['TEST'] || ''
specopts = ENV['TESTOPTS']
sh "bacon -w -I./lib:./test #{opts} #{specopts}"
sh "ruby -I./lib:./test -S minitest #{opts} #{specopts} test/gemloader.rb test/spec*.rb"
end
desc "Run all the tests we run on CI"
task :ci => :fulltest
desc "Run all the tests"
task :fulltest => %w[SPEC chmod] do
opts = ENV['TEST'] || '-a'
specopts = ENV['TESTOPTS'] || '-q'
sh "bacon -r./test/gemloader -I./lib:./test -w #{opts} #{specopts}"
end
task :ci => :test
task :gem => ["SPEC"] do
sh "gem build rack.gemspec"
......
......@@ -35,7 +35,7 @@ below.
empty string, if the request URL targets
the application root and does not have a
trailing slash. This value may be
percent-encoded when I originating from
percent-encoded when originating from
a URL.
<tt>QUERY_STRING</tt>:: The portion of the request URL that
follows the <tt>?</tt>, if any. May be
......@@ -60,8 +60,8 @@ below.
the presence or absence of the
appropriate HTTP header in the
request. See
<a href="https://tools.ietf.org/html/rfc3875#section-4.1.18">
RFC3875 section 4.1.18</a> for
{https://tools.ietf.org/html/rfc3875#section-4.1.18
RFC3875 section 4.1.18} for
specific behavior.
In addition to this, the Rack environment must include these
Rack-specific variables:
......@@ -98,13 +98,12 @@ Rack-specific variables:
Additional environment specifications have approved to
standardized middleware APIs. None of these are required to
be implemented by the server.
<tt>rack.session</tt>:: A hash like interface for storing
request session data.
<tt>rack.session</tt>:: A hash like interface for storing request session data.
The store must implement:
store(key, value) (aliased as []=);
fetch(key, default = nil) (aliased as []);
delete(key);
clear;
store(key, value) (aliased as []=);
fetch(key, default = nil) (aliased as []);
delete(key);
clear;
<tt>rack.logger</tt>:: A common object interface for logging messages.
The object must implement:
info(message, &block)
......@@ -238,10 +237,10 @@ consisting of lines (for multiple header values, e.g. multiple
The lines must not contain characters below 037.
=== The Content-Type
There must not be a <tt>Content-Type</tt>, when the +Status+ is 1xx,
204, 205 or 304.
204 or 304.
=== The Content-Length
There must not be a <tt>Content-Length</tt> header when the
+Status+ is 1xx, 204, 205 or 304.
+Status+ is 1xx, 204 or 304.
=== The Body
The Body must respond to +each+
and must only yield String values.
......
This diff is collapsed.
......@@ -4,7 +4,7 @@ require 'rack/lobster'
lobster = Rack::Lobster.new
protected_lobster = Rack::Auth::Basic.new(lobster) do |username, password|
'secret' == password
Rack::Utils.secure_compare('secret', password)
end
protected_lobster.realm = 'Lobster 2.0'
......
......@@ -2,7 +2,7 @@ require 'rack/lobster'
use Rack::ShowExceptions
use Rack::Auth::Basic, "Lobster 2.0" do |username, password|
'secret' == password
Rack::Utils.secure_compare('secret', password)
end
run Rack::Lobster.new
......@@ -7,7 +7,7 @@
# modules and classes.
#
# All modules meant for use in your application are <tt>autoload</tt>ed here,
# so it should be enough just to <tt>require rack.rb</tt> in your code.
# so it should be enough just to <tt>require 'rack'</tt> in your code.
module Rack
# The Rack protocol version number implemented.
......@@ -18,27 +18,80 @@ module Rack
VERSION.join(".")
end
RELEASE = "2.0.3"
# Return the Rack release as a dotted string.
def self.release
"1.6.4"
RELEASE
end
PATH_INFO = 'PATH_INFO'.freeze
REQUEST_METHOD = 'REQUEST_METHOD'.freeze
SCRIPT_NAME = 'SCRIPT_NAME'.freeze
QUERY_STRING = 'QUERY_STRING'.freeze
CACHE_CONTROL = 'Cache-Control'.freeze
CONTENT_LENGTH = 'Content-Length'.freeze
CONTENT_TYPE = 'Content-Type'.freeze
GET = 'GET'.freeze
HEAD = 'HEAD'.freeze
HTTP_HOST = 'HTTP_HOST'.freeze
HTTP_VERSION = 'HTTP_VERSION'.freeze
HTTPS = 'HTTPS'.freeze
PATH_INFO = 'PATH_INFO'.freeze
REQUEST_METHOD = 'REQUEST_METHOD'.freeze
REQUEST_PATH = 'REQUEST_PATH'.freeze
SCRIPT_NAME = 'SCRIPT_NAME'.freeze
QUERY_STRING = 'QUERY_STRING'.freeze
SERVER_PROTOCOL = 'SERVER_PROTOCOL'.freeze
SERVER_NAME = 'SERVER_NAME'.freeze
SERVER_ADDR = 'SERVER_ADDR'.freeze
SERVER_PORT = 'SERVER_PORT'.freeze
CACHE_CONTROL = 'Cache-Control'.freeze
CONTENT_LENGTH = 'Content-Length'.freeze
CONTENT_TYPE = 'Content-Type'.freeze
SET_COOKIE = 'Set-Cookie'.freeze
TRANSFER_ENCODING = 'Transfer-Encoding'.freeze
HTTP_COOKIE = 'HTTP_COOKIE'.freeze
ETAG = 'ETag'.freeze
# HTTP method verbs
GET = 'GET'.freeze
POST = 'POST'.freeze
PUT = 'PUT'.freeze
PATCH = 'PATCH'.freeze
DELETE = 'DELETE'.freeze
HEAD = 'HEAD'.freeze
OPTIONS = 'OPTIONS'.freeze
LINK = 'LINK'.freeze
UNLINK = 'UNLINK'.freeze
TRACE = 'TRACE'.freeze
# Rack environment variables
RACK_VERSION = 'rack.version'.freeze
RACK_TEMPFILES = 'rack.tempfiles'.freeze
RACK_ERRORS = 'rack.errors'.freeze
RACK_LOGGER = 'rack.logger'.freeze
RACK_INPUT = 'rack.input'.freeze
RACK_SESSION = 'rack.session'.freeze
RACK_SESSION_OPTIONS = 'rack.session.options'.freeze
RACK_SHOWSTATUS_DETAIL = 'rack.showstatus.detail'.freeze
RACK_MULTITHREAD = 'rack.multithread'.freeze
RACK_MULTIPROCESS = 'rack.multiprocess'.freeze
RACK_RUNONCE = 'rack.run_once'.freeze
RACK_URL_SCHEME = 'rack.url_scheme'.freeze
RACK_HIJACK = 'rack.hijack'.freeze
RACK_IS_HIJACK = 'rack.hijack?'.freeze
RACK_HIJACK_IO = 'rack.hijack_io'.freeze
RACK_RECURSIVE_INCLUDE = 'rack.recursive.include'.freeze
RACK_MULTIPART_BUFFER_SIZE = 'rack.multipart.buffer_size'.freeze
RACK_MULTIPART_TEMPFILE_FACTORY = 'rack.multipart.tempfile_factory'.freeze
RACK_REQUEST_FORM_INPUT = 'rack.request.form_input'.freeze
RACK_REQUEST_FORM_HASH = 'rack.request.form_hash'.freeze
RACK_REQUEST_FORM_VARS = 'rack.request.form_vars'.freeze
RACK_REQUEST_COOKIE_HASH = 'rack.request.cookie_hash'.freeze
RACK_REQUEST_COOKIE_STRING = 'rack.request.cookie_string'.freeze
RACK_REQUEST_QUERY_HASH = 'rack.request.query_hash'.freeze
RACK_REQUEST_QUERY_STRING = 'rack.request.query_string'.freeze
RACK_METHODOVERRIDE_ORIGINAL_METHOD = 'rack.methodoverride.original_method'.freeze
RACK_SESSION_UNPACKED_COOKIE_DATA = 'rack.session.unpacked_cookie_data'.freeze
autoload :Builder, "rack/builder"
autoload :BodyProxy, "rack/body_proxy"
autoload :Cascade, "rack/cascade"
autoload :Chunked, "rack/chunked"
autoload :CommonLogger, "rack/commonlogger"
autoload :ConditionalGet, "rack/conditionalget"
autoload :CommonLogger, "rack/common_logger"
autoload :ConditionalGet, "rack/conditional_get"
autoload :Config, "rack/config"
autoload :ContentLength, "rack/content_length"
autoload :ContentType, "rack/content_type"
......@@ -52,16 +105,16 @@ module Rack
autoload :Lint, "rack/lint"
autoload :Lock, "rack/lock"
autoload :Logger, "rack/logger"
autoload :MethodOverride, "rack/methodoverride"
autoload :MethodOverride, "rack/method_override"
autoload :Mime, "rack/mime"
autoload :NullLogger, "rack/nulllogger"
autoload :NullLogger, "rack/null_logger"
autoload :Recursive, "rack/recursive"
autoload :Reloader, "rack/reloader"
autoload :Runtime, "rack/runtime"
autoload :Sendfile, "rack/sendfile"
autoload :Server, "rack/server"
autoload :ShowExceptions, "rack/showexceptions"
autoload :ShowStatus, "rack/showstatus"
autoload :ShowExceptions, "rack/show_exceptions"
autoload :ShowStatus, "rack/show_status"
autoload :Static, "rack/static"
autoload :TempfileReaper, "rack/tempfile_reaper"
autoload :URLMap, "rack/urlmap"
......@@ -91,8 +144,4 @@ module Rack
autoload :Pool, "rack/session/pool"
autoload :Memcache, "rack/session/memcache"
end
module Utils
autoload :OkJson, "rack/utils/okjson"
end
end
......@@ -13,7 +13,11 @@ module Rack
end
def provided?
!authorization_key.nil?
!authorization_key.nil? && valid?
end
def valid?
!@env[authorization_key].nil?
end
def parts
......
......@@ -17,7 +17,7 @@ module Rack
end
def self.split_header_value(str)
str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
str.scan(/\w+\=(?:"[^\"]+"|[^,]+)/n)
end
def initialize
......@@ -38,7 +38,7 @@ module Rack
def to_s
map do |k, v|
"#{k}=" + (UNQUOTED.include?(k) ? v.to_s : quote(v))
"#{k}=" << (UNQUOTED.include?(k) ? v.to_s : quote(v))
end.join(', ')
end
......@@ -50,4 +50,3 @@ module Rack
end
end
end
......@@ -7,7 +7,7 @@ module Rack
module Digest
class Request < Auth::AbstractRequest
def method
@env['rack.methodoverride.original_method'] || @env[REQUEST_METHOD]
@env[RACK_METHODOVERRIDE_ORIGINAL_METHOD] || @env[REQUEST_METHOD]
end
def digest?
......
# :stopdoc:
# Stolen from ruby core's uri/common.rb, with modifications to support 1.8.x
#
# https://github.com/ruby/ruby/blob/trunk/lib/uri/common.rb
#
#
module URI
TBLENCWWWCOMP_ = {} # :nodoc:
256.times do |i|
TBLENCWWWCOMP_[i.chr] = '%%%02X' % i
end
TBLENCWWWCOMP_[' '] = '+'
TBLENCWWWCOMP_.freeze
TBLDECWWWCOMP_ = {} # :nodoc:
256.times do |i|
h, l = i>>4, i&15
TBLDECWWWCOMP_['%%%X%X' % [h, l]] = i.chr
TBLDECWWWCOMP_['%%%x%X' % [h, l]] = i.chr
TBLDECWWWCOMP_['%%%X%x' % [h, l]] = i.chr
TBLDECWWWCOMP_['%%%x%x' % [h, l]] = i.chr
end
TBLDECWWWCOMP_['+'] = ' '
TBLDECWWWCOMP_.freeze
# Encode given +s+ to URL-encoded form data.
#
# This method doesn't convert *, -, ., 0-9, A-Z, _, a-z, but does convert SP
# (ASCII space) to + and converts others to %XX.
#
# This is an implementation of
# http://www.w3.org/TR/html5/forms.html#url-encoded-form-data
#
# See URI.decode_www_form_component, URI.encode_www_form
def self.encode_www_form_component(s)
str = s.to_s
if RUBY_VERSION < "1.9" && $KCODE =~ /u/i
str.gsub(/([^ a-zA-Z0-9_.-]+)/) do
'%' + $1.unpack('H2' * Rack::Utils.bytesize($1)).join('%').upcase
end.tr(' ', '+')
else
str.gsub(/[^*\-.0-9A-Z_a-z]/) {|m| TBLENCWWWCOMP_[m]}
end
end
# Decode given +str+ of URL-encoded form data.
#
# This decodes + to SP.
#
# See URI.encode_www_form_component, URI.decode_www_form
def self.decode_www_form_component(str, enc=nil)
raise ArgumentError, "invalid %-encoding (#{str})" unless /\A(?:%[0-9a-fA-F]{2}|[^%])*\z/ =~ str
str.gsub(/\+|%[0-9a-fA-F]{2}/) {|m| TBLDECWWWCOMP_[m]}
end
end
# :stopdoc:
# Stolen from ruby core's uri/common.rb @32618ba to fix DoS issues in 1.9.2
#
# https://github.com/ruby/ruby/blob/32618ba7438a2247042bba9b5d85b5d49070f5e5/lib/uri/common.rb
#
# Issue:
# http://redmine.ruby-lang.org/issues/5149
#