diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/delegate.rb | 22 | ||||
-rw-r--r-- | lib/net/telnet.rb | 20 | ||||
-rw-r--r-- | lib/webrick/httpservlet/abstract.rb | 2 | ||||
-rw-r--r-- | lib/webrick/httpservlet/cgi_runner.rb | 4 | ||||
-rw-r--r-- | lib/webrick/httpservlet/filehandler.rb | 60 |
5 files changed, 74 insertions, 34 deletions
diff --git a/lib/delegate.rb b/lib/delegate.rb index 220933c464..971b4a4aec 100644 --- a/lib/delegate.rb +++ b/lib/delegate.rb @@ -227,13 +227,15 @@ class SimpleDelegator<Delegator # Clone support for the object returned by \_\_getobj\_\_. def clone - super - __setobj__(__getobj__.clone) + new = super + new.__setobj__(__getobj__.clone) + new end # Duplication support for the object returned by \_\_getobj\_\_. - def dup(obj) - super - __setobj__(__getobj__.dup) + def dup + new = super + new.__setobj__(__getobj__.clone) + new end end @@ -280,12 +282,14 @@ def DelegateClass(superclass) @_dc_obj = obj end def clone # :nodoc: - super - __setobj__(__getobj__.clone) + new = super + new.__setobj__(__getobj__.clone) + new end def dup # :nodoc: - super - __setobj__(__getobj__.dup) + new = super + new.__setobj__(__getobj__.clone) + new end } for method in methods diff --git a/lib/net/telnet.rb b/lib/net/telnet.rb index 80b95a5149..73471c3327 100644 --- a/lib/net/telnet.rb +++ b/lib/net/telnet.rb @@ -520,10 +520,15 @@ module Net # value specified when this instance was created will be # used, or, failing that, the default value of 0 seconds, # which means not to wait for more input. + # FailEOF:: if true, when the remote end closes the connection then an + # EOFError will be raised. Otherwise, defaults to the old + # behaviour that the function will return whatever data + # has been received already, or nil if nothing was received. # def waitfor(options) # :yield: recvdata time_out = @options["Timeout"] waittime = @options["Waittime"] + fail_eof = @options["FailEOF"] if options.kind_of?(Hash) prompt = if options.has_key?("Match") @@ -535,6 +540,7 @@ module Net end time_out = options["Timeout"] if options.has_key?("Timeout") waittime = options["Waittime"] if options.has_key?("Waittime") + fail_eof = options["FailEOF"] if options.has_key?("FailEOF") else prompt = options end @@ -559,7 +565,8 @@ module Net Integer(c.rindex(/#{IAC}#{SB}/no)) buf = preprocess(c[0 ... c.rindex(/#{IAC}#{SB}/no)]) rest = c[c.rindex(/#{IAC}#{SB}/no) .. -1] - elsif pt = c.rindex(/#{IAC}[^#{IAC}#{AO}#{AYT}#{DM}#{IP}#{NOP}]?\z/no) + elsif pt = c.rindex(/#{IAC}[^#{IAC}#{AO}#{AYT}#{DM}#{IP}#{NOP}]?\z/no) || + c.rindex(/\r\z/no) buf = preprocess(c[0 ... pt]) rest = c[pt .. -1] else @@ -571,14 +578,21 @@ module Net # # We cannot use preprocess() on this data, because that # method makes some Telnetmode-specific assumptions. - buf = c - buf.gsub!(/#{EOL}/no, "\n") unless @options["Binmode"] + buf = rest + c rest = '' + unless @options["Binmode"] + if pt = buf.rindex(/\r\z/no) + buf = buf[0 ... pt] + rest = buf[pt .. -1] + end + buf.gsub!(/#{EOL}/no, "\n") + end end @log.print(buf) if @options.has_key?("Output_log") line += buf yield buf if block_given? rescue EOFError # End of file reached + raise if fail_eof if line == '' line = nil yield nil if block_given? diff --git a/lib/webrick/httpservlet/abstract.rb b/lib/webrick/httpservlet/abstract.rb index 03861e8fc7..5375c4622d 100644 --- a/lib/webrick/httpservlet/abstract.rb +++ b/lib/webrick/httpservlet/abstract.rb @@ -58,7 +58,7 @@ module WEBrick def redirect_to_directory_uri(req, res) if req.path[-1] != ?/ - location = req.path + "/" + location = WEBrick::HTTPUtils.escape_path(req.path + "/") if req.query_string && req.query_string.size > 0 location << "?" << req.query_string end diff --git a/lib/webrick/httpservlet/cgi_runner.rb b/lib/webrick/httpservlet/cgi_runner.rb index 1069a68d58..006abd458e 100644 --- a/lib/webrick/httpservlet/cgi_runner.rb +++ b/lib/webrick/httpservlet/cgi_runner.rb @@ -39,7 +39,9 @@ dir = File::dirname(ENV["SCRIPT_FILENAME"]) Dir::chdir dir if interpreter = ARGV[0] - exec(interpreter, ENV["SCRIPT_FILENAME"]) + argv = ARGV.dup + argv << ENV["SCRIPT_FILENAME"] + exec(*argv) # NOTREACHED end exec ENV["SCRIPT_FILENAME"] diff --git a/lib/webrick/httpservlet/filehandler.rb b/lib/webrick/httpservlet/filehandler.rb index c8278b7b85..24f59d7142 100644 --- a/lib/webrick/httpservlet/filehandler.rb +++ b/lib/webrick/httpservlet/filehandler.rb @@ -199,26 +199,38 @@ module WEBrick private + def trailing_pathsep?(path) + # check for trailing path separator: + # File.dirname("/aaaa/bbbb/") #=> "/aaaa") + # File.dirname("/aaaa/bbbb/x") #=> "/aaaa/bbbb") + # File.dirname("/aaaa/bbbb") #=> "/aaaa") + # File.dirname("/aaaa/bbbbx") #=> "/aaaa") + return File.dirname(path) != File.dirname(path+"x") + end + def prevent_directory_traversal(req, res) - # Preventing directory traversal on DOSISH platforms; + # Preventing directory traversal on Windows platforms; # Backslashes (0x5c) in path_info are not interpreted as special # character in URI notation. So the value of path_info should be # normalize before accessing to the filesystem. - if File::ALT_SEPARATOR + + if trailing_pathsep?(req.path_info) # File.expand_path removes the trailing path separator. # Adding a character is a workaround to save it. # File.expand_path("/aaa/") #=> "/aaa" # File.expand_path("/aaa/" + "x") #=> "/aaa/x" expanded = File.expand_path(req.path_info + "x") - expanded[-1, 1] = "" # remove trailing "x" - req.path_info = expanded + expanded.chop! # remove trailing "x" + else + expanded = File.expand_path(req.path_info) end + req.path_info = expanded end def exec_handler(req, res) raise HTTPStatus::NotFound, "`#{req.path}' not found" unless @root if set_filename(req, res) - handler = get_handler(req) + handler = get_handler(req, res) call_callback(:HandlerCallback, req, res) h = handler.get_instance(@config, res.filename) h.service(req, res) @@ -228,9 +240,13 @@ module WEBrick return false end - def get_handler(req) - suffix1 = (/\.(\w+)$/ =~ req.script_name) && $1.downcase - suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ req.script_name) && $1.downcase + def get_handler(req, res) + suffix1 = (/\.(\w+)\z/ =~ res.filename) && $1.downcase + if /\.(\w+)\.([\w\-]+)\z/ =~ res.filename + if @options[:AcceptableLanguages].include?($2.downcase) + suffix2 = $1.downcase + end + end handler_table = @options[:HandlerTable] return handler_table[suffix1] || handler_table[suffix2] || HandlerTable[suffix1] || HandlerTable[suffix2] || @@ -243,15 +259,13 @@ module WEBrick path_info.unshift("") # dummy for checking @root dir while base = path_info.first - check_filename(req, res, base) break if base == "/" - break unless File.directory?(res.filename + base) + break unless File.directory?(File.expand_path(res.filename + base)) shift_path_info(req, res, path_info) call_callback(:DirectoryCallback, req, res) end if base = path_info.first - check_filename(req, res, base) if base == "/" if file = search_index_file(req, res) shift_path_info(req, res, path_info, file) @@ -272,12 +286,10 @@ module WEBrick end def check_filename(req, res, name) - @options[:NondisclosureName].each{|pattern| - if File.fnmatch("/#{pattern}", name, File::FNM_CASEFOLD) - @logger.warn("the request refers nondisclosure name `#{name}'.") - raise HTTPStatus::NotFound, "`#{req.path}' not found." - end - } + if nondisclosure_name?(name) || windows_ambiguous_name?(name) + @logger.warn("the request refers nondisclosure name `#{name}'.") + raise HTTPStatus::NotFound, "`#{req.path}' not found." + end end def shift_path_info(req, res, path_info, base=nil) @@ -285,7 +297,8 @@ module WEBrick base = base || tmp req.path_info = path_info.join req.script_name << base - res.filename << base + res.filename = File.expand_path(res.filename + base) + check_filename(req, res, File.basename(res.filename)) end def search_index_file(req, res) @@ -325,6 +338,12 @@ module WEBrick end end + def windows_ambiguous_name?(name) + return true if /[. ]+\z/ =~ name + return true if /::\$DATA\z/ =~ name + return false + end + def nondisclosure_name?(name) @options[:NondisclosureName].each{|pattern| if File.fnmatch(pattern, name, File::FNM_CASEFOLD) @@ -343,7 +362,8 @@ module WEBrick list = Dir::entries(local_path).collect{|name| next if name == "." || name == ".." next if nondisclosure_name?(name) - st = (File::stat(local_path + name) rescue nil) + next if windows_ambiguous_name?(name) + st = (File::stat(File.join(local_path, name)) rescue nil) if st.nil? [ name, nil, -1 ] elsif st.directory? @@ -383,7 +403,7 @@ module WEBrick res.body << "<A HREF=\"?S=#{d1}\">Size</A>\n" res.body << "<HR>\n" - list.unshift [ "..", File::mtime(local_path+".."), -1 ] + list.unshift [ "..", File::mtime(local_path+"/.."), -1 ] list.each{ |name, time, size| if name == ".." dname = "Parent Directory" |