diff options
| author | NAKAMURA Usaku <[email protected]> | 2021-11-24 20:21:17 +0900 |
|---|---|---|
| committer | NAKAMURA Usaku <[email protected]> | 2021-11-24 20:21:17 +0900 |
| commit | f69aeb83146be640995753667fdd6c6f157527f5 (patch) | |
| tree | c1c61407f77b0f3ef859d3d46b77bdb5e361a549 | |
| parent | b1985629565c3c54b1a64d6faf213e8144857515 (diff) | |
merge some parts of CGI 0.1.1v2_7_5
Fix integer overflow
Make use of the check in rb_alloc_tmp_buffer2.
When parsing cookies, only decode the values
Bump version
| -rw-r--r-- | ext/cgi/escape/escape.c | 3 | ||||
| -rw-r--r-- | lib/cgi/cookie.rb | 1 | ||||
| -rw-r--r-- | lib/cgi/version.rb | 2 | ||||
| -rw-r--r-- | test/cgi/test_cgi_cookie.rb | 5 | ||||
| -rw-r--r-- | version.h | 2 |
5 files changed, 9 insertions, 4 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 47188819cd..feedea34c8 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -36,7 +36,8 @@ static VALUE optimized_escape_html(VALUE str) { VALUE vbuf; - char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN); + typedef char escape_buf[HTML_ESCAPE_MAX_LEN]; + char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str)); const char *cstr = RSTRING_PTR(str); const char *end = cstr + RSTRING_LEN(str); diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb index ae9ab58ede..6b0d89ca3b 100644 --- a/lib/cgi/cookie.rb +++ b/lib/cgi/cookie.rb @@ -159,7 +159,6 @@ class CGI raw_cookie.split(/;\s?/).each do |pairs| name, values = pairs.split('=',2) next unless name and values - name = CGI.unescape(name) values ||= "" values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) } if cookies.has_key?(name) diff --git a/lib/cgi/version.rb b/lib/cgi/version.rb index 9d17c91b95..e145a762c6 100644 --- a/lib/cgi/version.rb +++ b/lib/cgi/version.rb @@ -1,3 +1,3 @@ class CGI - VERSION = "0.1.0" + VERSION = "0.1.0.1" end diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb index 115a57e4a1..985cc0d7a1 100644 --- a/test/cgi/test_cgi_cookie.rb +++ b/test/cgi/test_cgi_cookie.rb @@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase end end + def test_cgi_cookie_parse_not_decode_name + cookie_str = "%66oo=baz;foo=bar" + cookies = CGI::Cookie.parse(cookie_str) + assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies) + end def test_cgi_cookie_arrayinterface cookie = CGI::Cookie.new('name1', 'a', 'b', 'c') @@ -2,7 +2,7 @@ # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 5 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 202 +#define RUBY_PATCHLEVEL 203 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 11 |