ruby.git/lib/webrick, branch v1_8_6_151 The Ruby Programming Language * lib/webrick/httpservlet/filehandler.rb: should normalize path 2008-05-20T16:35:25+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2008-05-20T16:35:25+00:00 4fc6b25289fe83e4cede024d9fea83217bffdc7e name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  name in path_info to prevent script disclosure vulnerability on
  DOSISH filesystems. (fix: CVE-2008-1891)
  Note: NTFS/FAT filesystem should not be published by the platforms
  other than Windows. Pathname interpretation (including short
  filename) is less than perfect.

* lib/webrick/httpservlet/abstract.rb
  (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
  should escape the value of Location: header.

* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
  command line arguments.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 15677: 2008-03-03T14:36:04+00:00 shyouhei shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2008-03-03T14:36:04+00:00 702da30a9c38197edb7e5c6ea77f0d06e1cd35f5 * lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* lib/webrick/httpservlet/filehandler.rb: should normalize path
	  separators in path_info to prevent directory traversal attacks
	  on DOSISH platforms.
	  reported by Digital Security Research Group [DSECRG-08-026].
	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
	  not to be published should be checked case-insensitively.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookies): new 2006-09-08T01:04:52+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2006-09-08T01:04:52+00:00 1838ddd7aec73c111e5d8bc12efc1e14bc893384 method to parse multiple cookies per Set-Cookie header. Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>. [ruby-core:08802] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  method to parse multiple cookies per Set-Cookie header.
  Thanks to Aaron Patterson <aaron_patterson at speakeasy.net>.
  [ruby-core:08802]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httprequest.rb (WEBrick::HTTPReuqest#parse_uri): improve 2006-07-31T04:39:45+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2006-07-31T04:39:45+00:00 dc136c12ee4d704de7621408ab0a5d9108284b45 for the value of IPv6 address in the Host: header field. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  for the value of IPv6 address in the Host: header field.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpserver.rb (WEBrick::HTTPServer::unmount): remove 2006-07-18T05:08:37+00:00 matz matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2006-07-18T05:08:37+00:00 564d84aaaeeff6ac5f6ae4fca9eb720c53561e01 inpect argument from sprintf. [ruby-dev:29039] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  inpect argument from sprintf.  [ruby-dev:29039]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* win32/Makefile.sub (OPTFLAGS): I have experienced trouble on y- flag, 2006-01-09T05:27:43+00:00 ocean ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2006-01-09T05:27:43+00:00 c16cbe386ab8d7d15a23ce44ca34b8a78b0c3a97 (VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040] * lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder) [ruby-core:7075] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  (VisualC++6) so use -O2b2xg- if  $(MSC_VER) < 1400. [ruby-core:7040]

* lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder)
  [ruby-core:7075]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpservlet/cgihandler.rb 2005-10-30T20:40:05+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-10-30T20:40:05+00:00 da8a797335ca2248cd6aa5ab994a99ffa13a4c14 (WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie: header field should be splited into each cookie. [ruby-Bugs:2199] * lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method to parse the value of Set-Cookie: header field. * test/webrick/test_cookie.rb, test/webrick/test_cgi.rb, test/webrick/webrick.cgi: add some test for cookie. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  (WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
  header field should be splited into each cookie.  [ruby-Bugs:2199]

* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
  to parse the value of Set-Cookie: header field.

* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
  test/webrick/webrick.cgi: add some test for cookie.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/config.rb (Config::FileHandler): :UserDir should be nil. 2005-10-14T07:58:39+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-10-14T07:58:39+00:00 773b94b087d454365f31c2ad637f067332c29e2d It is harmful to permit the access to ~/public_html by default. suggested by Hiroyuki Iwatsuki. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  It is harmful to permit the access to ~/public_html by default.
  suggested by Hiroyuki Iwatsuki.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/cgi.rb (WEBrick::CGI#start): req.query_string should 2005-09-28T06:16:59+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-09-28T06:16:59+00:00 74b0a54e38b6ce5b71b4b6104f01be2222657ee2 refer the value of QUERY_STRING. [ruby-list:41186] * lib/webrick/httprequest.rb (WEBrick::HTTPRequest#query_string=): add new method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  refer the value of QUERY_STRING. [ruby-list:41186]

* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#query_string=):
  add new method.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/cgi.rb (WEBrick::CGI::Socket#initialize): should set 2005-09-15T15:07:05+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-09-15T15:07:05+00:00 215f8ac79ec5d17d4beb46a542ba39e69bb703a5 $stdout.binmode. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  $stdout.binmode.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e