| Age | Commit message (Collapse) | Author |
|---|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3729
|
|
`path_info` contains filesystem encoding and binary.
Example is `"/webrick.cgi/%A5%DB%A4%B2/%A4%DB%A4%B2"` in `TestWEBrickCGI#test_cgi`.
|
|
http://ci.rvm.jp/results/trunk-test@ruby-sky1/3012894
```
/tmp/ruby/v3/src/trunk-test/tool/lib/minitest/unit.rb:199:in `assert': webrick log start: (MiniTest::Assertion)
[2020-06-19 23:01:59] ERROR ArgumentError: invalid byte sequence in UTF-8
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `scan'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `set_filename'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:310:in `exec_handler'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:245:in `do_GET'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/abstract.rb:105:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:241:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:140:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:96:in `run'
/tmp/ruby/v3/src/trunk-test/lib/webrick/server.rb:307:in `block in start_thread'
```
|
|
instead of `@root.encoding`.
And fallback to ASCII-8BIT when filesystem encoding is US-ASCII.
When `@root.encoding` is not compatible filesystem encoding,
`Encoding::CompatibilityError` raised at `webrick/httpservlet/filehandler.rb:341`.
So `DocumentRoot` must be compatible with filesystem encoding.
|
|
This reverts 750203c514e0e9a49f7d53fb54084e6844fca42a and 93e6fa1d319d19ce7fba37e4b9924862447b9f38
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200619T054159Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200619-14304-utgij/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-19 16:28:42] ERROR `/あ.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-19 16:28:42] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
`prevent_directory_traversal` treats `path_info` as filesystem encoding.
So path_info should be filesystem encoding in request URL.
On some environments, fallback to ASCII-8BIT when EncodingError.
|
|
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200618T113134Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200618-84004-1t0dh8f/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-18 22:18:07] ERROR `/??.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
```
|
|
Try to fix 404 error on mswinci.
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200614T225859Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200615-24932-11ykstf/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-15 09:48:29] ERROR `/あ.txt' not found.
webrick log end.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-15 09:48:29] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
Notes:
Merged: https://github.com/ruby/ruby/pull/3227
|
|
[Bug #16753]
https://github.com/ruby/webrick/commit/83cf440858
|
|
Fixed misspellings reported at [Bug #16437], for default gems.
|
|
to be array
This way you don't need to escape each entry.
Implements Ruby Feature 15170.
https://github.com/ruby/webrick/commit/d8086e600c
|
|
The values of @header are expected to be all strings;
WEBrick::HTTPResponse::[]=(key, val) explicitly converts the second
argument to a string and assigns it to @header hash.
However, there were some points in WEBrick internal code that assigns
non-String to @header. This change fixes the issues.
The values are checked by `header_value =~ /\r\n/` in check_header.
The type confusion caused conflict with removal of `Object#=~`
[Feature #15231].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError
is raised in IO.copy_stream with offset.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63008 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
WEBrick::HTTPRequest#body can be passed a block to process the
body in chunks. Use this feature to avoid building a giant
string in memory.
* lib/webrick/httpservlet/cgihandler.rb (do_GET):
avoid reading entire request body into memory
(do_POST is aliased to do_GET, so it handles bodies)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62961 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Use the new Proc response body feature to generate a multipart
range response dynamically. We use a flat array to minimize
object overhead as much as possible; as many ranges may fit
into an HTTP request header.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
(make_partial_content): use multipart_body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62959 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Content-Length is ignored by WEBrick::HTTPResponse even if we
calculate it, so instead we chunk responses to HTTP/1.1 clients
and terminate HTTP/1.0 connections.
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
quiet warning
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This is also compatible with range responses generated
by Rack::File (tested with rack 2.0.3).
* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
use File object for the single range case
* test/webrick/test_filehandler.rb (get_res_body): use send_body
to test result
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
IO#reopen seems to behave strangely on Win32 based on the logs
posted by Greg for [Bug #14420]. Lets try to fix the issue by
using File.open explicitly (but not Kernel#open).
* lib/webrick/httpservelet/cgi_runner: use File.open explicitly
[Bug #14220]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/cgihandler.rb (do_GET): delete HTTP_PROXY
* test/webrick/test_cgi.rb (test_cgi_env): new test
* test/webrick/webrick.cgi (do_GET): new endpoint to dump env
[ruby-core:76511] [Bug #12610]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55731 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-1219][ci skip] Patch by @leafac
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53648 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/cgihandler.rb: ditto.
* lib/webrick/httpservlet/erbhandler.rb: ditto.
* lib/webrick/server.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46560 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb (set_dir_list): pass the
given queries to subdirectories.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44919 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40862 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40860 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40859 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb (set_dir_list): revert r20152
partially and fix misuse of bytesize and regexp repetition operator.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40847 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb: ditto.
* lib/webrick/config.rb: ditto.
* lib/webrick/cookie.rb: ditto.
* lib/webrick/httpauth/authenticator.rb: ditto.
* lib/webrick/httpauth/basicauth.rb: ditto.
* lib/webrick/httpauth/digestauth.rb: ditto.
* lib/webrick/httpproxy.rb: ditto.
* lib/webrick/httprequest.rb: ditto.
* lib/webrick/httpresponse.rb: ditto.
* lib/webrick/https.rb: ditto.
* lib/webrick/httpserver.rb: ditto.
* lib/webrick/httpservlet/cgihandler.rb: ditto.
* lib/webrick/httpservlet/filehandler.rb: ditto.
* lib/webrick/httpservlet/prochandler.rb: ditto.
* lib/webrick/httputils.rb: ditto.
* lib/webrick/httpversion.rb: ditto.
* lib/webrick/log.rb: ditto.
* lib/webrick/server.rb: ditto.
* lib/webrick/ssl.rb: ditto.
* lib/webrick/utils.rb: ditto.
* lib/webrick/version.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
example. Patch by shlensky [Fixes #232 on github]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38709 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
alter the content-type of the response. [Ruby 1.9 - Bug #4685]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32117 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31573 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch by Run Paint [ruby-core:30991]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29726 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(prevent_directory_traversal): apply filesystem encoding to path
only during calling File.expand_path. [ruby-dev:41423]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(WEBrick::HTTPServlet::CGIHandler#do_GET):
set binary mode for tempfile.
http://pc12.2ch.net/test/read.cgi/tech/1265467681/286
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26887 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
add bytes-unit. [ruby-dev:40030]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/cgihandler.rb: use RbConfig.ruby.
* test/ruby/envutil.rb: ditto.
* benchmark/report.rb: ditto.
* benchmark/runc.rb: ditto.
* tool/eval.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:37768]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
are symbols now. [ruby-core:24580]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use #bytesize instead of #size. a patch submitted from
raspberry lemon in [ruby-core:18571].
* lib/webrick/httpauth/digestauth.rb, lib/webrick/httpproxy.rb,
lib/webrick/httprequest.rb, lib/webrick/httpservlet/cgi_runner.rb,
lib/webrick/httpservlet/abstract.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/cgihandler.rb, lib/webrick/utils.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(WEBrick::HTTPServlet::CGIHandler#do_GET):
Set the HTTP status code to 302 if a Location header field is
present and the status code is not valid as a client
redirection. cf. RFC 3875 6.2.3, 6.2.4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
