summaryrefslogtreecommitdiff
path: root/lib/webrick/httpservlet/filehandler.rb
AgeCommit message (Collapse)Author
2008-05-20* lib/webrick/httpservlet/filehandler.rb: should normalize pathgotoyuzo
name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-03-03merge revision(s) 15677:shyouhei
* lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@15678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-01-09* win32/Makefile.sub (OPTFLAGS): I have experienced trouble on y- flag,ocean
(VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040] * lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder) [ruby-core:7075] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-12-16* lib/webrick/httpserver.rb (WEBrick::HTTPServer#run): should waitgotoyuzo
for reading request till data arrive. [ruby-talk:121068] * lib/webrick/server.rb (WEBrick::GenericServer#start_thread): should log about all accepted socket. [ruby-core:03962] * lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params): "%%" and "%u" are supported. [webricken:135] * lib/webrick/httpservlet/filehandler.rb (WEBrick::HTTPServlet::FileHandler#check_filename): :NondisclosureName is acceptable if it is Enumerable. * lib/webrick/config.rb (WEBrick::Config::FileHandler): default value of :NondisclosureName is [".ht*", "*~"]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-10-17* lib/webrick/config.rb (WEBrick::Config::General): add default values:gotoyuzo
- WEBrick::Config[:DoNotReverseLookup] - WEBrick::Config[:RequestCallback] (it used as an alias of :RequestHandler in WEBrick::HTTPServer#run) - WEBrick::Config::FileHandler[:AcceptableLanguages] * lib/webrick/httpservlet/filehandler.rb (WEBrick::HTTPServlet::FileHandler#set_filename): search files having suffix of language-name which Accept-Language header field includes if :AcceptableLanguages options is present. * lib/webrick/httpservlet/filehandler.rb (WEBrick::HTTPServlet::FileHandler#get_servlet): new method to search servlet correspond to the suffix of filename. * lib/webrick/httprequest.rb: add attributes access methods: accept, accept_charset, accept_encoding, accept_language, content_length and content_type. * lib/webrick/httpresponse.rb: add attribute access methods: content_length, content_length=, content_type and content_type=. * lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types): use the second suffix to detect media type. (the first suffix may be a language name.) * lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues): add method to parse Accept header field. it returns an Array of values sorted by the qvalues. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7056 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-09-16* lib/webrick/cgi.rb (WEBrick::CGI#start): should set REMOTE_USERgotoyuzo
to request.user attribute. * lib/webrick/httpservlet/filehandler.rb (WEBrick::HTTPServlet::FileHandler#initialize): should expand the pathname of document root directory. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6913 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-08-13* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_range_header):gotoyuzo
fix regex for range-spec. * lib/webrick/httpservlet/filehandler.rb (WEBrick::HTTPServlet::DefaultFileHandler#make_partial_content): multipart/byteranges response was broken. * lib/webrick/httpservlet/erbhandler.rb (WEBrick::HTTPServlet::ERBHandler#do_GET): should select media type by suffix of script filename. * lib/xmlrpc/server.rb: refine example code. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6763 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2003-09-08* lib/webrick/accesslog.rb (AccessLog::setup_params): use req.portgotoyuzo
instead of config[:Port] or req.request_uri.port. * lib/webrick/httprequest.rb (HTTPRequest#meta_vars): ditto. * lib/webrick/httpservlet/filehandler.rb (FileHandler#dir_list): ditto. * lib/webrick/config.rb: :Listen option never be used. * lib/webrick/server.rb (GenericServer#initialize): don't use :Listen option and add warning message. * lib/webrick/log.rb (BasicLog#<<): shortcut of log(INFO, ...). * lib/webrick/httpserver.rb (HTTPServer#accesslog): use << for logging. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4528 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2003-07-23* lib/webrick: imported.gotoyuzo
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 15:32:34 +0000