diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-05-11 05:22:00 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-05-11 05:22:00 +0000 |
commit | eeb723491949b8cd0d2c61cdf15aae1061f19bb3 (patch) | |
tree | 6db28e40ecc749762f8cc2bf7b235d623468241f /lib/cgi | |
parent | ba9003a0a36ebedeb584de323e6856e6da548634 (diff) |
* bignum.c (bigdivrem): access boundary bug.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/cgi')
-rw-r--r-- | lib/cgi/session.rb | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb index 1120fb50f0..1a3379b88a 100644 --- a/lib/cgi/session.rb +++ b/lib/cgi/session.rb @@ -96,10 +96,19 @@ class CGI end class FileStore + def check_id(id) + /[^0-9a-zA-Z]/ =~ id.to_s ? false : true + end + module_function :check_id + def initialize(session, option={}) dir = option['tmpdir'] || ENV['TMP'] || '/tmp' prefix = option['prefix'] || '' - path = dir+"/"+prefix+session.session_id + id = session.session_id + unless check_id(id) + raise ArgumentError, "session_id `%s' is invalid" % id + end + path = dir+"/"+prefix+id path.untaint unless File::exist? path @hash = {} @@ -149,9 +158,9 @@ class CGI class MemoryStore GLOBAL_HASH_TABLE = {} - def initialize(session, option={}) + def initialize(session, option=nil) @session_id = session.session_id - GLOBAL_HASH_TABLE[@session_id] = {} + GLOBAL_HASH_TABLE[@session_id] ||= {} end def restore @@ -167,7 +176,7 @@ class CGI end def delete - GLOBAL_HASH_TABLE[@session_id] = nil + GLOBAL_HASH_TABLE.delete(@session_id) end end end |