summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNAKAMURA Usaku <usa@ruby-lang.org>2021-11-24 20:21:17 +0900
committerNAKAMURA Usaku <usa@ruby-lang.org>2021-11-24 20:21:17 +0900
commitf69aeb83146be640995753667fdd6c6f157527f5 (patch)
treec1c61407f77b0f3ef859d3d46b77bdb5e361a549
parentb1985629565c3c54b1a64d6faf213e8144857515 (diff)
merge some parts of CGI 0.1.1v2_7_5
Fix integer overflow Make use of the check in rb_alloc_tmp_buffer2. When parsing cookies, only decode the values Bump version
-rw-r--r--ext/cgi/escape/escape.c3
-rw-r--r--lib/cgi/cookie.rb1
-rw-r--r--lib/cgi/version.rb2
-rw-r--r--test/cgi/test_cgi_cookie.rb5
-rw-r--r--version.h2
5 files changed, 9 insertions, 4 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index 47188819cd..feedea34c8 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE
optimized_escape_html(VALUE str)
{
VALUE vbuf;
- char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+ typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+ char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
const char *cstr = RSTRING_PTR(str);
const char *end = cstr + RSTRING_LEN(str);
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58ede..6b0d89ca3b 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI
raw_cookie.split(/;\s?/).each do |pairs|
name, values = pairs.split('=',2)
next unless name and values
- name = CGI.unescape(name)
values ||= ""
values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
if cookies.has_key?(name)
diff --git a/lib/cgi/version.rb b/lib/cgi/version.rb
index 9d17c91b95..e145a762c6 100644
--- a/lib/cgi/version.rb
+++ b/lib/cgi/version.rb
@@ -1,3 +1,3 @@
class CGI
- VERSION = "0.1.0"
+ VERSION = "0.1.0.1"
end
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 115a57e4a1..985cc0d7a1 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase
end
end
+ def test_cgi_cookie_parse_not_decode_name
+ cookie_str = "%66oo=baz;foo=bar"
+ cookies = CGI::Cookie.parse(cookie_str)
+ assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+ end
def test_cgi_cookie_arrayinterface
cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
diff --git a/version.h b/version.h
index 99b7846042..14ea82108c 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
# define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
#define RUBY_VERSION_TEENY 5
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 202
+#define RUBY_PATCHLEVEL 203
#define RUBY_RELEASE_YEAR 2021
#define RUBY_RELEASE_MONTH 11