From 3286a9c39bb838ad4824e8809aa7af67aba07dea Mon Sep 17 00:00:00 2001
From: gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 10 Jan 2005 06:29:58 +0000
Subject: * lib/webrick/cgi.rb (WEBrick::CGI::Socket#request_line): should  
 escape SCRIPT_NAME and PATH_INFO before being parsed as a URI.

* lib/webrick/httputils.rb (WEBrick::HTTPUtils#escape_path): add
  new method to escape URI path component.

* lib/webrick/ssl.rb (WEBrick::Config::SSL): the default value
  of :SSLEnable is false.

* test/webrick/{test_cgi.rb,webrick.cgi}: new file.

* test/webrick/utils.rb: require "webrick/https.h".


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@7758 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/webrick/cgi.rb       |  1 +
 lib/webrick/httputils.rb | 15 ++++++++++-----
 lib/webrick/ssl.rb       |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb
index 1282bdcd9..6878da574 100644
--- a/lib/webrick/cgi.rb
+++ b/lib/webrick/cgi.rb
@@ -147,6 +147,7 @@ module WEBrick
         if path_info = @env["PATH_INFO"]
           url << path_info
         end
+        url = WEBrick::HTTPUtils.escape_path(url)
         if query_string = @env["QUERY_STRING"]
           unless query_string.empty?
             url << "?" << query_string
diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb
index e45d8e049..e0855222f 100644
--- a/lib/webrick/httputils.rb
+++ b/lib/webrick/httputils.rb
@@ -352,15 +352,18 @@ module WEBrick
     unwise   = '{}|\\^[]`'
     nonascii = (0x80..0xff).collect{|c| c.chr }.join
 
+    module_function
+
     def _make_regex(str) /([#{Regexp.escape(str)}])/n end
+    def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end
     def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1[0] } end
     def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end
-    module_function :_make_regex, :_escape, :_unescape
 
     UNESCAPED = _make_regex(control+space+delims+unwise+nonascii)
     UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii)
     NONASCII  = _make_regex(nonascii)
     ESCAPED   = /%([0-9a-fA-F]{2})/
+    UNESCAPED_PCHAR = _make_regex!(unreserved+":@&=+$,")
 
     def escape(str)
       _escape(str, UNESCAPED)
@@ -380,12 +383,14 @@ module WEBrick
       _unescape(str.gsub(/\+/, " "), ESCAPED)
     end
 
+    def escape_path(str)
+      str.split("/").collect{|i|
+        _escape(i, UNESCAPED_PCHAR)
+      }.join("/")
+    end
+
     def escape8bit(str)
       _escape(str, NONASCII)
     end
-
-    module_function :escape, :unescape, :escape_form, :unescape_form,
-                    :escape8bit
-
   end
 end
diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
index 4562ba494..03bfdf4aa 100644
--- a/lib/webrick/ssl.rb
+++ b/lib/webrick/ssl.rb
@@ -14,7 +14,7 @@ module WEBrick
     osslv = ::OpenSSL::OPENSSL_VERSION.split[1]
     SSL = {
       :ServerSoftware       => "#{svrsoft} OpenSSL/#{osslv}",
-      :SSLEnable            => true,
+      :SSLEnable            => false,
       :SSLCertificate       => nil,
       :SSLPrivateKey        => nil,
       :SSLClientCA          => nil,
-- 
cgit