ruby.git/lib/cgi/core.rb, branch v3_3_11

[ruby/cgi] Prevent CRLF injection

2022-11-22T02:00:11+00:00

Throw a RuntimeError if the HTTP response header contains CR or LF to
prevent HTTP response splitting.

https://hackerone.com/reports/1204695

https://github.com/ruby/cgi/commit/64c5045c0a

Deprecate taint/trust and related methods, and make the methods no-ops

2019-11-17T23:00:25+00:00

This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.

Prefer Regexp#=~ to Regexp#match when the RHS may be nil

2019-08-19T07:39:42+00:00

change call CGI methods from :: to .

2019-08-04T00:19:30+00:00

Closes: https://github.com/ruby/ruby/pull/1749

Use delete_prefix instead of `sub(/\Afixed-pattern/, '')`

2018-12-04T08:22:10+00:00

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

lib/*: Prefer require_relative over require.

2018-11-02T17:52:33+00:00

[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Use printf instead of puts and sprintf

2017-12-12T15:01:04+00:00

[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61174 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Add uplevel keyword to Kernel#warn and use it

2017-12-12T11:56:25+00:00

If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.

This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.

This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.

This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.

rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.

From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Fix cgi/core code example missing comma

2017-08-02T15:10:38+00:00

ref https://github.com/rurema/doctree/pull/448
[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59469 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

share `@@accept_charset`

2017-05-06T01:33:04+00:00

* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
  share `@@accept_charset` class variable, so that it is always
  accessible.  [ruby-core:80986] [Bug #13539]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e