summaryrefslogtreecommitdiff
path: root/intern.h
diff options
context:
space:
mode:
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2010-06-23 15:28:04 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2010-06-23 15:28:04 +0000
commit54956f6bd1c42500d1cf427a98f6d35cacbae83d (patch)
tree48b2b99f65e4c4bf3611e38198e691c2df6a17e0 /intern.h
parent1ae16961956c2459c0f29b676c5da9cb9cc875bf (diff)
add tag v1_8_7_299v1_8_7_299
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_8_7_299@28412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'intern.h')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-06 23:35:17 +0000
nked transfer coding HTTP/1.0 doesn't. Chunked transfer coding doesn't require that content-length before the content is sent. But non-chunked transfer coding require content-length before the content is sent. So, when HTTP/1.0 clients connects WEBrick::HTTPProxyServer and origin server returns chunked response, WEBrick::HTTPProxyServer needs to store whole content to know the length of it. This patch do it using tempfile. 2019-06-24Remove extraneous spaces at the end of status lineNobuyoshi Nakada Remove extraneous spaces after the status code that is non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary confusion for WEBrick users, by a risk that WEBrick instances in the wild will have server responses flagged as suspicious or malicious due to a similar bug in [Cobalt Strike misconfiguration]. Reported by Matt Tennis <mtennis@paloaltonetworks.com> [Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/ 2018-11-26lib/webrick: explicitly convert header values to a stringmame The values of @header are expected to be all strings; WEBrick::HTTPResponse::[]=(key, val) explicitly converts the second argument to a string and assigns it to @header hash. However, there were some points in WEBrick internal code that assigns non-String to @header. This change fixes the issues. The values are checked by `header_value =~ /\r\n/` in check_header. The type confusion caused conflict with removal of `Object#=~` [Feature #15231]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-11-02lib/*: Prefer require_relative over require.marcandre [#15206] [Fix GH-1976] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-07-14webrick/httpresponse: set_redirect requires a valid URInormal Prevents response splitting and HTML injection attacks in poorly-written applications which blindly pass along user input in redirects. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28get rid of test error/failure on Windows introduced at r62955usa * lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError is raised in IO.copy_stream with offset. * lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63008 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28webrick: prevent response splitting and header injectionnormal Original patch by tenderlove (with minor style adjustments). * lib/webrick/httpresponse.rb (send_header): call check_header (check_header): raise on embedded CRLF in header value * test/webrick/test_httpresponse.rb (test_prevent_response_splitting_headers): new test * (test_prevent_response_splitting_cookie_headers): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28webrick/httpresponse: make ChunkedWrapper copy_stream-compatiblenormal The .write method needs to return the number of bytes written to avoid confusing IO.copy_stream. * lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written (ChunkedWrapper#<<): return self git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62958 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28webrick: use IO.copy_stream for single range responsenormal This is also compatible with range responses generated by Rack::File (tested with rack 2.0.3). * lib/webrick/httpresponse.rb (send_body_io): use Content-Range * lib/webrick/httpservlet/filehandler.rb (make_partial_content): use File object for the single range case * test/webrick/test_filehandler.rb (get_res_body): use send_body to test result git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28webrick/httpresponse: IO.copy_stream for regular filesnormal Remove the redundant _send_file method since its functionality is unnecessary with IO.copy_stream. IO.copy_stream also allows the use of sendfile under some OSes to speed up copies to non-TLS sockets. Testing with "curl >/dev/null" and "ruby -run -e httpd" to read a 1G file over Linux loopback reveals a reduction from around ~0.770 to ~0.490 seconds on the client side. * lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream (_send_file): remove [Feature #14237] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62954 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28webrick: favor .write over << methodnormal This will make the next change to use IO.copy_stream easier-to-read. When we can drop Ruby 2.4 support in a few years, this will allow us to use writev(2) with multiple arguments for headers and chunked responses. * lib/webrick/cgi.rb (write): new wrapper method lib/webrick/httpresponse.rb: (send_header): use socket.write (send_body_io): ditto (send_body_string): ditto (send_body_proc): ditto (_write_data): ditto (ChunkedWrapper#write): ditto (_send_file): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-10-31webrick/httpresponse: minor cleanups to reduce memory usenormal I never knew "format" was a global method alias for "sprintf"; so it was confusing to me. Normally, one would use "sprintf" since it's also available in many other languages, but Integer#to_s avoids parsing a format string so it's less bug-prone. Furthermore, favor string interpolation over String#<< since it is easier for the VM to optimize memory allocation (as in r60320). Interpolation also reduces method calls and memory overhead for inline method cache. Finally, ensure we clear all short-lived buffers for body responses. A similar change was made and measured for Net::* in r58840 showing a large memory reduction on some workloads. * webrick/httpresponse.rb (send_body_io): favor String#to_s, reduce method calls for String#<<, clear `buf' when done, avoid extra String#bytesize calls * (send_body_string): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60586 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-10-30webrick: support Proc objects as body responsesnormal * lib/webrick/httpresponse.rb (send_body): call send_body_proc (send_body_proc): new method (class ChunkedWrapper): new class * test/webrick/test_httpresponse.rb (test_send_body_proc): new test (test_send_body_proc_chunked): ditto [Feature #855] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-03-29* lib/webrick/httpresponse.rb: Move error_body to method. It allow tohsbt override the body more easily. [fix GH-1307] * test/webrick/test_httpresponse.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-16Add frozen_string_literal: false for all filesnaruse When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-06-24* lib/gserver.rb: remove redundant use of to_s in interpolation.hsbt * lib/logger.rb: ditto. * lib/optparse.rb: ditto. * lib/rbconfig/obsolete.rb: ditto. * lib/resolv.rb: ditto. * lib/webrick/httpresponse.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-12-05* lib/webrick/httpresponse.rb: [DOC] Fix typoa_matsuda s/resopnse/response/ [ci skip] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-08-07* lib/webrick/httpresponse.rb: Allow #body to be an IO-like objectdrbrain that responds to #readpartial and #read. [ruby-trunk - Feature #8155] * NEWS: NEWS for above * test/webrick/test_httpresponse.rb: Tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-01-26* lib/webrick/accesslog.rb: Improved WEBrick documentation.drbrain * lib/webrick/cgi.rb: ditto. * lib/webrick/config.rb: ditto. * lib/webrick/cookie.rb: ditto. * lib/webrick/httpauth/authenticator.rb: ditto. * lib/webrick/httpauth/basicauth.rb: ditto. * lib/webrick/httpauth/digestauth.rb: ditto. * lib/webrick/httpproxy.rb: ditto. * lib/webrick/httprequest.rb: ditto. * lib/webrick/httpresponse.rb: ditto. * lib/webrick/https.rb: ditto. * lib/webrick/httpserver.rb: ditto. * lib/webrick/httpservlet/cgihandler.rb: ditto. * lib/webrick/httpservlet/filehandler.rb: ditto. * lib/webrick/httpservlet/prochandler.rb: ditto. * lib/webrick/httputils.rb: ditto. * lib/webrick/httpversion.rb: ditto. * lib/webrick/log.rb: ditto. * lib/webrick/server.rb: ditto. * lib/webrick/ssl.rb: ditto. * lib/webrick/utils.rb: ditto. * lib/webrick/version.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2012-04-07* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#send_body_io):naruse use readpartial to get data even if the response is streaming data and each data is smaller than @buffer_size. patched by yu nobuoka. [ruby-dev:45471] [Bug #6230] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35253 b2dd03c8-39d4-4d8f-98ff-823fe69b080e