diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/webrick/cgi.rb | 1 | ||||
| -rw-r--r-- | lib/webrick/httputils.rb | 15 | ||||
| -rw-r--r-- | lib/webrick/ssl.rb | 2 |
3 files changed, 12 insertions, 6 deletions
diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb index 1282bdcd9..6878da574 100644 --- a/lib/webrick/cgi.rb +++ b/lib/webrick/cgi.rb @@ -147,6 +147,7 @@ module WEBrick if path_info = @env["PATH_INFO"] url << path_info end + url = WEBrick::HTTPUtils.escape_path(url) if query_string = @env["QUERY_STRING"] unless query_string.empty? url << "?" << query_string diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb index e45d8e049..e0855222f 100644 --- a/lib/webrick/httputils.rb +++ b/lib/webrick/httputils.rb @@ -352,15 +352,18 @@ module WEBrick unwise = '{}|\\^[]`' nonascii = (0x80..0xff).collect{|c| c.chr }.join + module_function + def _make_regex(str) /([#{Regexp.escape(str)}])/n end + def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1[0] } end def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end - module_function :_make_regex, :_escape, :_unescape UNESCAPED = _make_regex(control+space+delims+unwise+nonascii) UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii) NONASCII = _make_regex(nonascii) ESCAPED = /%([0-9a-fA-F]{2})/ + UNESCAPED_PCHAR = _make_regex!(unreserved+":@&=+$,") def escape(str) _escape(str, UNESCAPED) @@ -380,12 +383,14 @@ module WEBrick _unescape(str.gsub(/\+/, " "), ESCAPED) end + def escape_path(str) + str.split("/").collect{|i| + _escape(i, UNESCAPED_PCHAR) + }.join("/") + end + def escape8bit(str) _escape(str, NONASCII) end - - module_function :escape, :unescape, :escape_form, :unescape_form, - :escape8bit - end end diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb index 4562ba494..03bfdf4aa 100644 --- a/lib/webrick/ssl.rb +++ b/lib/webrick/ssl.rb @@ -14,7 +14,7 @@ module WEBrick osslv = ::OpenSSL::OPENSSL_VERSION.split[1] SSL = { :ServerSoftware => "#{svrsoft} OpenSSL/#{osslv}", - :SSLEnable => true, + :SSLEnable => false, :SSLCertificate => nil, :SSLPrivateKey => nil, :SSLClientCA => nil, |