forgot some checkins.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-05-06 15:06:00 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-05-06 15:06:00 +0000
commit: 1d3d27b42d1371ba6242ec217ca803f107ceb9eb (patch)
tree: 8d7e184fd63610124717df8dec31e719901965ad /lib/cgi
parent: 94df732f8b69356626130e0ec8b2dbc9340082ef (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index 1120fb50f0..1a3379b88a 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -96,10 +96,19 @@ class CGI
     end
 
     class FileStore
+      def check_id(id)
+	/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
+      end
+      module_function :check_id
+
       def initialize(session, option={})
 	dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
 	prefix = option['prefix'] || ''
-	path = dir+"/"+prefix+session.session_id
+	id = session.session_id
+	unless check_id(id)
+	  raise ArgumentError, "session_id `%s' is invalid" % id
+	end
+	path = dir+"/"+prefix+id
 	path.untaint
 	unless File::exist? path
 	  @hash = {}
@@ -149,9 +158,9 @@ class CGI
     class MemoryStore
       GLOBAL_HASH_TABLE = {}
 
-      def initialize(session, option={})
+      def initialize(session, option=nil)
 	@session_id = session.session_id
-	GLOBAL_HASH_TABLE[@session_id] = {}
+	GLOBAL_HASH_TABLE[@session_id] ||= {}
       end
 
       def restore
@@ -167,7 +176,7 @@ class CGI
       end
 
       def delete
-	GLOBAL_HASH_TABLE[@session_id] = nil
+	GLOBAL_HASH_TABLE.delete(@session_id)
       end
     end
   end
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-05-06 15:06:00 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-05-06 15:06:00 +0000
commit	1d3d27b42d1371ba6242ec217ca803f107ceb9eb (patch)
tree	8d7e184fd63610124717df8dec31e719901965ad /lib/cgi
parent	94df732f8b69356626130e0ec8b2dbc9340082ef (diff)