From 1d2c192d35dcaa0483eebd891fddef0e972c8a59 Mon Sep 17 00:00:00 2001
From: "(no author)" <(no author)@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 24 May 2001 07:13:56 +0000
Subject: This commit was manufactured by cvs2svn to create tag
 'v1_6_4_preview3'.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_6_4_preview3@1446 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi/session.rb | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

(limited to 'lib/cgi/session.rb')

diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index 48f3496939..1a3379b88a 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -1,3 +1,4 @@
+# Copyright (C) 2001  Yukihiro "Matz" Matsumoto
 # Copyright (C) 2000  Network Applied Communication Laboratory, Inc.
 # Copyright (C) 2000  Information-technology Promotion Agency, Japan
 
@@ -15,23 +16,22 @@ class CGI
       }
     end
 
-    def create_new_id
+    def Session::create_new_id
       require 'md5'
       md5 = MD5::new
       md5.update(String(Time::now))
       md5.update(String(rand(0)))
       md5.update(String($$))
       md5.update('foobar')
-      @session_id = md5.hexdigest[0,16]
+      md5.hexdigest[0,16]
     end
-    private :create_new_id
 
     def initialize(request, option={})
       session_key = option['session_key'] || '_session_id'
       id, = option['session_id']
       unless id
 	if option['new_session']
-	  id = create_new_id
+	  id = Session::create_new_id
 	end
       end
       unless id
@@ -43,7 +43,7 @@ class CGI
 	  if option.key?('new_session') and not option['new_session']
 	    raise ArgumentError, "session_key `%s' should be supplied"%session_key
 	  end
-	  id = create_new_id
+	  id = Session::create_new_id
 	end
       end
       @session_id = id
@@ -54,7 +54,9 @@ class CGI
 	@output_cookies =  [
           Cookie::new("name" => session_key,
 		      "value" => id,
-		      "path" => if ENV["SCRIPT_NAME"] then
+		      "path" => if option['session_path'] then
+				  option['session_path']
+		                elsif ENV["SCRIPT_NAME"] then
 				  File::dirname(ENV["SCRIPT_NAME"])
 				else
 				  ""
@@ -94,10 +96,19 @@ class CGI
     end
 
     class FileStore
+      def check_id(id)
+	/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
+      end
+      module_function :check_id
+
       def initialize(session, option={})
 	dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
 	prefix = option['prefix'] || ''
-	path = dir+"/"+prefix+session.session_id
+	id = session.session_id
+	unless check_id(id)
+	  raise ArgumentError, "session_id `%s' is invalid" % id
+	end
+	path = dir+"/"+prefix+id
 	path.untaint
 	unless File::exist? path
 	  @hash = {}
@@ -132,6 +143,7 @@ class CGI
       end
 
       def close
+	return if @f.closed?
 	update
 	@f.close
       end
@@ -146,9 +158,9 @@ class CGI
     class MemoryStore
       GLOBAL_HASH_TABLE = {}
 
-      def initialize(session, option={})
+      def initialize(session, option=nil)
 	@session_id = session.session_id
-	GLOBAL_HASH_TABLE[@session_id] = {}
+	GLOBAL_HASH_TABLE[@session_id] ||= {}
       end
 
       def restore
@@ -164,7 +176,7 @@ class CGI
       end
 
       def delete
-	GLOBAL_HASH_TABLE[@session_id] = nil
+	GLOBAL_HASH_TABLE.delete(@session_id)
       end
     end
   end
-- 
cgit v1.2.3