From 1d3d27b42d1371ba6242ec217ca803f107ceb9eb Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 6 May 2001 15:06:00 +0000
Subject: forgot some checkins.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi/session.rb | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'lib/cgi/session.rb')

diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index 1120fb50f0..1a3379b88a 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -96,10 +96,19 @@ class CGI
     end
 
     class FileStore
+      def check_id(id)
+	/[^0-9a-zA-Z]/ =~ id.to_s ? false : true
+      end
+      module_function :check_id
+
       def initialize(session, option={})
 	dir = option['tmpdir'] || ENV['TMP'] || '/tmp'
 	prefix = option['prefix'] || ''
-	path = dir+"/"+prefix+session.session_id
+	id = session.session_id
+	unless check_id(id)
+	  raise ArgumentError, "session_id `%s' is invalid" % id
+	end
+	path = dir+"/"+prefix+id
 	path.untaint
 	unless File::exist? path
 	  @hash = {}
@@ -149,9 +158,9 @@ class CGI
     class MemoryStore
       GLOBAL_HASH_TABLE = {}
 
-      def initialize(session, option={})
+      def initialize(session, option=nil)
 	@session_id = session.session_id
-	GLOBAL_HASH_TABLE[@session_id] = {}
+	GLOBAL_HASH_TABLE[@session_id] ||= {}
       end
 
       def restore
@@ -167,7 +176,7 @@ class CGI
       end
 
       def delete
-	GLOBAL_HASH_TABLE[@session_id] = nil
+	GLOBAL_HASH_TABLE.delete(@session_id)
       end
     end
   end
-- 
cgit v1.2.3