diff options
| -rw-r--r-- | ChangeLog | 15 | ||||
| -rw-r--r-- | lib/webrick/cgi.rb | 1 | ||||
| -rw-r--r-- | lib/webrick/httputils.rb | 15 | ||||
| -rw-r--r-- | lib/webrick/ssl.rb | 2 | ||||
| -rw-r--r-- | test/webrick/test_cgi.rb | 46 | ||||
| -rw-r--r-- | test/webrick/utils.rb | 1 | ||||
| -rw-r--r-- | test/webrick/webrick.cgi | 26 |
7 files changed, 100 insertions, 6 deletions
@@ -1,3 +1,18 @@ +Mon Jan 10 15:28:51 2005 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should + escape SCRIPT_NAME and PATH_INFO before being parsed as a URI. + + * lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add + new method to escape URI path component. + + * lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value + of :SSLEnable is false. + + * test/webrick/{test_cgi.rb,webrick.cgi}: new file. + + * test/webrick/utils.rb: require "webrick/https.h". + Sun Jan 9 14:12:17 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * io.c (rb_f_select): IO list could be altered. [ruby-dev:25312] diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb index 1282bdcd9..6878da574 100644 --- a/lib/webrick/cgi.rb +++ b/lib/webrick/cgi.rb @@ -147,6 +147,7 @@ module WEBrick if path_info = @env["PATH_INFO"] url << path_info end + url = WEBrick::HTTPUtils.escape_path(url) if query_string = @env["QUERY_STRING"] unless query_string.empty? url << "?" << query_string diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb index e45d8e049..e0855222f 100644 --- a/lib/webrick/httputils.rb +++ b/lib/webrick/httputils.rb @@ -352,15 +352,18 @@ module WEBrick unwise = '{}|\\^[]`' nonascii = (0x80..0xff).collect{|c| c.chr }.join + module_function + def _make_regex(str) /([#{Regexp.escape(str)}])/n end + def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1[0] } end def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end - module_function :_make_regex, :_escape, :_unescape UNESCAPED = _make_regex(control+space+delims+unwise+nonascii) UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii) NONASCII = _make_regex(nonascii) ESCAPED = /%([0-9a-fA-F]{2})/ + UNESCAPED_PCHAR = _make_regex!(unreserved+":@&=+$,") def escape(str) _escape(str, UNESCAPED) @@ -380,12 +383,14 @@ module WEBrick _unescape(str.gsub(/\+/, " "), ESCAPED) end + def escape_path(str) + str.split("/").collect{|i| + _escape(i, UNESCAPED_PCHAR) + }.join("/") + end + def escape8bit(str) _escape(str, NONASCII) end - - module_function :escape, :unescape, :escape_form, :unescape_form, - :escape8bit - end end diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb index 4562ba494..03bfdf4aa 100644 --- a/lib/webrick/ssl.rb +++ b/lib/webrick/ssl.rb @@ -14,7 +14,7 @@ module WEBrick osslv = ::OpenSSL::OPENSSL_VERSION.split[1] SSL = { :ServerSoftware => "#{svrsoft} OpenSSL/#{osslv}", - :SSLEnable => true, + :SSLEnable => false, :SSLCertificate => nil, :SSLPrivateKey => nil, :SSLClientCA => nil, diff --git a/test/webrick/test_cgi.rb b/test/webrick/test_cgi.rb new file mode 100644 index 000000000..60d5da6a7 --- /dev/null +++ b/test/webrick/test_cgi.rb @@ -0,0 +1,46 @@ +require "webrick" +require File.join(File.dirname(__FILE__), "utils.rb") +require "test/unit" +begin + loadpath = $:.dup + $:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))]) + require 'envutil' +ensure + $:.replace(loadpath) +end + +class TestWEBrickCGI < Test::Unit::TestCase + def test_cgi + accepted = started = stopped = 0 + requested0 = requested1 = 0 + config = { + :CGIInterpreter => EnvUtil.rubybin, + :DocumentRoot => File.dirname(__FILE__), + } + TestWEBrick.start_httpserver(config){|server, addr, port| + http = Net::HTTP.new(addr, port) + req = Net::HTTP::Get.new("/webrick.cgi") + http.request(req){|res| assert_equal("/webrick.cgi", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/path/info") + http.request(req){|res| assert_equal("/path/info", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/%3F%3F%3F?foo=bar") + http.request(req){|res| assert_equal("/???", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi/%A4%DB%A4%B2/%A4%DB%A4%B2") + http.request(req){|res| + assert_equal("/\xA4\xDB\xA4\xB2/\xA4\xDB\xA4\xB2", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi?a=1;a=2;b=x") + http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)} + req = Net::HTTP::Get.new("/webrick.cgi?a=1&a=2&b=x") + http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body)} + + req = Net::HTTP::Post.new("/webrick.cgi?a=x;a=y;b=1") + req["Content-Type"] = "application/x-www-form-urlencoded" + http.request(req, "a=1;a=2;b=x"){|res| + assert_equal("a=1, a=2, b=x", res.body)} + req = Net::HTTP::Post.new("/webrick.cgi?a=x&a=y&b=1") + req["Content-Type"] = "application/x-www-form-urlencoded" + http.request(req, "a=1&a=2&b=x"){|res| + assert_equal("a=1, a=2, b=x", res.body)} + } + end +end diff --git a/test/webrick/utils.rb b/test/webrick/utils.rb index 50ffd759a..adb0d106e 100644 --- a/test/webrick/utils.rb +++ b/test/webrick/utils.rb @@ -1,4 +1,5 @@ require "webrick" +require "webrick/https" require "webrick/httpproxy" module TestWEBrick diff --git a/test/webrick/webrick.cgi b/test/webrick/webrick.cgi new file mode 100644 index 000000000..97e137745 --- /dev/null +++ b/test/webrick/webrick.cgi @@ -0,0 +1,26 @@ +#!ruby -d +require "webrick/cgi" + +class TestApp < WEBrick::CGI + def do_GET(req, res) + res["content-type"] = "text/plain" + if p = req.path_info + res.body = p + elsif (q = req.query).size > 0 + res.body = q.keys.sort.collect{|key| + q[key].list.sort.collect{|v| + "#{key}=#{v}" + }.join(", ") + }.join(", ") + else + res.body = req.script_name + end + end + + def do_POST(req, res) + do_GET(req, res) + end +end + +cgi = TestApp.new +cgi.start |