Age | Commit message (Collapse) | Author |
|
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@16495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@11599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for the value of IPv6 address in the Host: header field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
inpect argument from sprintf. [ruby-dev:29039]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040]
* lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder)
[ruby-core:7075]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(WEBrick::HTTPServlet::CGIHandler#do_GET): the value of Set-Cookie:
header field should be splited into each cookie. [ruby-Bugs:2199]
* lib/webrick/cookie.rb (WEBrick::Cookie.parse_set_cookie): new method
to parse the value of Set-Cookie: header field.
* test/webrick/test_cookie.rb, test/webrick/test_cgi.rb,
test/webrick/webrick.cgi: add some test for cookie.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It is harmful to permit the access to ~/public_html by default.
suggested by Hiroyuki Iwatsuki.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
refer the value of QUERY_STRING. [ruby-list:41186]
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#query_string=):
add new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
$stdout.binmode.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
sockets should be non-blocking mode. [ruby-dev:26405]
* lib/webrick/utils.rb (WEBrick::Utils.set_non_blocking): new method.
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#read_chunked):
should call sock.read repeatedly until the preferred size data
is obtained.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8769 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mistook in merging the patch of [ruby-dev:26235] at
revision 1.4.2.6.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8745 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
discard if key=val pair is empty. patch from Gary Wright.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8666 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ENV["REQUEST_URI"] is better to get correct Request-URI
than ENV["SCRIPT_NAME"] + ENV["PATH_INFO"]. [ruby-dev:26235]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
break the loop if the socket reached to EOF. [ruby-talk:142285]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8475 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
and WEBrick::CGI#config. (backported from HEAD)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.escape_path): should
not use String#split("/"). (backported from HEAD)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8424 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- should raise ArgumentError if no port is specified.
- even if the specified port is 0, all TCPServers should be
initialized with the port given to the first one.
* lib/webrick/server.rb (WEBrick::GenericServer#initialize): if :Port
parameter is 0, it should be updated with the port number which
ectually listened.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8187 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
restore @token if accept failure. suggested by Dominique Brezinski.
[ruby-core:04518]
I forgot it in my last commit ;)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8127 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to the value of status header field. ([ruby-dev:40617])
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
of :SSLEnable is false.
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_service):
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the response by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
new method to escape URI path component.
* lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should
escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.
* test/webrick/*, sample/webrick/httpproxy.rb: add new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
raise NotImplementedError if password is encrypted by digest
algorithms. This patch is contributed by sheepman. [ruby-list:40467]
* lib/webrick/httpauth/digestauth.rb
(WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
This patch is contributed by sheepman. [ruby-list:40482]
* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding. fixed: [ruby-dev:25336]
* test/webrick/test_httpauth.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7711 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7594 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/webrick/httpauth/{basicauth.rb,digestauth.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7593 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for reading request till data arrive. [ruby-talk:121068]
* lib/webrick/server.rb (WEBrick::GenericServer#start_thread):
should log about all accepted socket. [ruby-core:03962]
* lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params):
"%%" and "%u" are supported. [webricken:135]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#check_filename):
:NondisclosureName is acceptable if it is Enumerable.
* lib/webrick/config.rb (WEBrick::Config::FileHandler):
default value of :NondisclosureName is [".ht*", "*~"].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
:DoNotReverseLookup option. (Socket#do_not_reverse_lookup is a
ruby 1.9 feature)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7221 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
avoid warnings. [webrickja:128]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7192 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
should check if path_info is not nil. [webrickja:126]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7100 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ensure to close @body. (http://bugs.debian.org/277520)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7094 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- WEBrick::Config[:DoNotReverseLookup]
- WEBrick::Config[:RequestCallback] (it used as an alias of
:RequestHandler in WEBrick::HTTPServer#run)
- WEBrick::Config::FileHandler[:AcceptableLanguages]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#set_filename): search files
having suffix of language-name which Accept-Language header field
includes if :AcceptableLanguages options is present.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#get_servlet): new method to
search servlet correspond to the suffix of filename.
* lib/webrick/httprequest.rb: add attributes access methods: accept,
accept_charset, accept_encoding, accept_language, content_length
and content_type.
* lib/webrick/httpresponse.rb: add attribute access methods:
content_length, content_length=, content_type and content_type=.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types):
use the second suffix to detect media type. (the first suffix
may be a language name.)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues):
add method to parse Accept header field. it returns an Array of
values sorted by the qvalues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7056 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
method to register virtual hosting servers.
* lib/webrick/server.rb (WEBrick::GenericServer#accept): call
do_not_reverse_lookup for each socket if :DoNotReverseLookup
is set. [ruby-core:02357]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to request.user attribute.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#initialize): should expand
the pathname of document root directory.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6913 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
should call :ProxyContentHandler before finishing CONNECT.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6804 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix regex for range-spec.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::DefaultFileHandler#make_partial_content):
multipart/byteranges response was broken.
* lib/webrick/httpservlet/erbhandler.rb
(WEBrick::HTTPServlet::ERBHandler#do_GET): should select media type
by suffix of script filename.
* lib/xmlrpc/server.rb: refine example code.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6763 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
escape space.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6699 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(WEBrick::HTTPServlet::CGIhandler#do_GET): set SystemRoot environment
variable to CGI process on Windows native platforms. [ruby-dev:23936]
* lib/webrick/httpservlet/cgihandler.rb
(WEBrick::HTTPServlet::CGIhandler#do_GET): use $?.exitstatus and
refine log message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
refine regex for header-name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@5561 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
@config[:Logger] if it was not given.
* sample/webrick/*: new files.
* MANIFEST: add sample/webrick/*
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@5407 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb (CGI::Socket): add check for existence of
OpenSSL module in all HTTPS related methods.
* lib/webrick/cgi.rb (CGI::Socket#cipher): should create similar
value to OpenSSL::SSLSocket#cipher.
* lib/webrick/httpresponse.rb (HTTPResponse#setup_header): should
set "connection: close" if @keep_alive is false.
* lib/webrick/https.rb (HTTPrequest#meta_vars): add supprt for
SSL_PROTOCOL, SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb (CGI#start): NPH scripts return status line
instead of Status: header field.
* lib/webrick/cgi.rb (CGI::Socket): refine some coditions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5229 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5226 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* MANIFEST: add lib/webrick/cgi.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH.
* lib/webrick/https.rb (HTTPRequest#parse): should check presence
of cert() method to detect SSLSocket.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5221 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
empty Hash if the body is empty.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Exception to avoid unexpected aborting. [ruby-core:01853]
* lib/webrick/server.rb (GenericServer#start_thread): should check
that peeraddr isn't nil before printing.
* lib/webrick/httpresponse.rb (HTTPResponse#start_thread): should
rescue Exception to avoid unexpected aborting of thread.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpserver.rb (HTTPServer#run): should pass the
request's keep_alive flag to the response.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5031 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/https.rb (HTTPRequest#meta_vars): create
SSL_CLIENT_CERT_CHAIN_n from @client_cert_chain.
* ext/openssl/ossl_ssl.c (ossl_ssl_get_peer_cert_chain): return nil
if no cert-chain was given.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4897 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4888 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
IOError from IO::accept. [ruby-dev:21692]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4838 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
set real and effective IDs. and setup group access list by
initgroups.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-talk:82735], [ruby-talk:82748], [ruby-talk:82818]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|