summaryrefslogtreecommitdiff
path: root/test/cgi
AgeCommit message (Collapse)Author
2025-02-26[ruby/cgi] Escape/unescape unclosed tags as wellHiroshi SHIBATA
https://github.com/ruby/cgi/commit/cd1eb08076 Co-authored-by: Nobuyoshi Nakada <[email protected]>
2025-01-10Make Pstore tests as optionalHiroshi SHIBATA
Notes: Merged: https://github.com/ruby/ruby/pull/12537
2023-11-30[ruby/cgi] Add failing test cases for CGI::Escape.unescapeHTMLflosacca
https://github.com/ruby/cgi/commit/92fdb3316b
2023-11-07[ruby/cgi] Add snake case aliases for escapeURIComponentJean Boussier
As agreed in [Feature #18822] https://github.com/ruby/cgi/commit/9d1161ec9d
2023-05-29[ruby/cgi] Add TruffleRuby support and add it in CIBenoit Daloze
https://github.com/ruby/cgi/commit/1240fec9c9
2022-11-28[ruby/cgi] Loosen the domain regex to accept '.'Xenor Chang
(https://github.com/ruby/cgi/pull/29) * Loosen the domain regex to accept '.' Co-authored-by: Nobuyoshi Nakada <[email protected]> https://github.com/ruby/cgi/commit/5e09d632f3 Co-authored-by: Hiroshi SHIBATA <[email protected]>
2022-11-24[ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on older rubiesJean Boussier
https://github.com/ruby/cgi/commit/05f0c58048
2022-11-22[ruby/cgi] Relax domain label restrictionsNobuyoshi Nakada
https://github.com/ruby/cgi/commit/b46d41c363
2022-11-22[ruby/cgi] Prevent CRLF injectionYusuke Endoh
Throw a RuntimeError if the HTTP response header contains CR or LF to prevent HTTP response splitting. https://hackerone.com/reports/1204695 https://github.com/ruby/cgi/commit/64c5045c0a
2022-11-22[ruby/cgi] Check cookie name/path/domain charactersNobuyoshi Nakada
https://hackerone.com/reports/1204977 https://github.com/ruby/cgi/commit/30107a4797
2022-08-16[ruby/cgi] Implement `CGI.url_encode` and `CGI.url_decode`Jean Boussier
[Feature #18822] Ruby is somewhat missing an RFC 3986 compliant escape method. https://github.com/ruby/cgi/commit/c2729c7f33
2022-06-06[ruby/cgi] jruby supportPavel Rosický
https://github.com/ruby/cgi/commit/93326fb622
2021-12-12[ruby/cgi] Check integer overflow in long rangeNobuyoshi Nakada
https://hackerone.com/reports/1328463 https://github.com/ruby/cgi/commit/ccaf6027e0
2021-11-24[ruby/cgi] When parsing cookies, only decode the valuesNobuyoshi Nakada
https://github.com/ruby/cgi/commit/052eb3a828
2021-04-22[ruby/cgi] Add test for escapeHTML/unescapeHTML invalid encoding fix in pure ↵Jeremy Evans
ruby version Also, remove pointless assert_nothing_raised(ArgumentError) while here. https://github.com/ruby/cgi/commit/c05edf5608
2020-03-02need to restore $stdin.Koichi Sasada
2019-11-18Deprecate taint/trust and related methods, and make the methods no-opsJeremy Evans
This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. Notes: Merged: https://github.com/ruby/ruby/pull/2476
2019-08-04change call CGI methods from :: to .Semyon Pupkov
Closes: https://github.com/ruby/ruby/pull/1749
2019-06-23Get rid of error with frozen string literalMSP-Greg (Greg L)
[Bug #14194]
2018-05-03Revert "ext/cgi/escape: preserve String subclass in result"normal
This reverts commit 6afea14043b0c0e603f26c89ae0d043f65852668 r63328 I misread the original bug report and got results flipped. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63330 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-02ext/cgi/escape: preserve String subclass in resultnormal
* ext/cgi/escape/escape.c (optimized_escape_html): use rb_str_new_with_class (optimized_unescape_html): ditto (optimized_escape): ditto (optimized_unescape): ditto * test/cgi/test_cgi_util.rb (test_escape_string_subclass): new test [ruby-core:86847] [Bug #14732] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-18Fix strange indentationk0kubun
which I introduced at r58773. Hard tabs and spaces are mixed... git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58783 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-17cgi/util.rb: Don't escape tilde in #escapek0kubun
to make it compatible with ERB::Util.url_encode. ext/cgi/escape/escape.c: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-06share `@@accept_charset`nobu
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to share `@@accept_charset` class variable, so that it is always accessible. [ruby-core:80986] [Bug #13539] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-18{lib,test}/cgi: Specify frozen_string_literal: true.kazu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-02escape.c: check argumentnobu
* ext/cgi/escape/escape.c (optimized_unescape): check accept_charset encoding argument. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57501 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-02test_cgi_util.rb: encoding testsnobu
* test/cgi/test_cgi_util.rb (test_cgi_unescape): \u is useless on old versions. * test/cgi/test_cgi_util.rb (test_cgi_include_unescape): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-27* lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]naruse
* lib/webrick/cookie.rb (parse): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-26test: use assert_includenobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-04-20cgi/util.rb: remove CGI::Util#_unescapenobu
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape method instead of _unescape, and should pass the optional argument to the super method. * lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-14test_cgi_util.rb: test_cgi_unescapeHTML_invalidnobu
* test/cgi/test_cgi_util.rb (test_cgi_unescapeHTML_invalid): test for invalid escaped HTML, borrowed from rubyspec. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-06ASCII-incompatible escapenobu
* lib/cgi/util.rb (escapeHTML, unescapeHTML): consider ASCII-incompatible encodings. [Fix GH-1239] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53754 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-22escape.c: should not freezenobu
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML should return unfrozen new string. [ruby-core:72426] [Bug #11858] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-21escape.c: Preserve original statenobu
* ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-20cgi/escape: Optimize CGI.escapeHTMLnobu
* cgi/escape/escape.c: Optimize CGI.escapeHTML for ASCII-compatible encodings. [Fix GH-1164] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-20test_cgi_util.rb: fix arguments ordersnobu
* test/cgi/test_cgi_util.rb: fix arguments orders, expected values should be placed first and then actual results. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16Add frozen_string_literal: false for all filesnaruse
When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-14test: use String#b instead of dup.force_encodingnobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53109 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-05-14* lib/cgi/cookie.rb: Implement HttpOnly flag for cookies.xibbar
[fix GH-887] Patch by @martinpovolny git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-04-29cookie.rb: trailing commanobu
* lib/cgi/cookie.rb: add trailing comma for further lines. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-03-12fix env leaksnobu
* lib/rubygems/test_case.rb (setup, teardown): fix environment variable change leaks. * test/cgi/update_env.rb: ditto. * test/rake/test_rake_application_options.rb (setup, teardown): ditto. * test/rake/test_rake_file_utils.rb (setup, teardown): ditto. * test/rubygems/test_gem_request.rb (setup): add https_proxy. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-11-13* test/lib/envutil.rb: Moved from test/ruby/.akr
* test/lib/find_executable.rb: Ditto. * test/lib/memory_status.rb: Ditto. * test/lib/test/unit.rb: require envutil. * test/: Don't require envutil in test files. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-08-09* test/cgi/test_cgi_core.rb: removed obsoleted condition for Ruby 1.8.hsbt
* test/cgi/test_cgi_header.rb: ditto. * test/cgi/test_cgi_multipart.rb: ditto. * test/cgi/test_cgi_tag_helper.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-06-10* lib/cgi/core.rb: Provide a mechanism to specify thexibbar
max_multipart_length of multipart data. [Feature #8370] patch by Leif Eriksen <[email protected]> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-05-27Use Tempfile#close!.akr
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-05-27* lib/cgi/core.rb: Use Tempfile#close(true) instead of Tempfile#unlinkakr
to close file descriptors. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46181 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-03-21cgi/util.rb: use aliasnobu
* lib/cgi/util.rb (escape_html, unescape_html): make synonyms aliases instead of wrapper methods. * lib/cgi/util.rb (escape_element, unescape_element): ditto. [Fixes GH-573] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-03-21test_cgi_util.rb: escape for ruby-mode.elnobu
* test/cgi/test_cgi_util.rb (CGIUtilTest): escape '<' not ruby-mode.el to confuse with here documents. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-05-03* lib/cgi/util.rb: class methods modulize for using like a function.xibbar
[Feature #8354] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-11* lib/cgi/html.rb: fix tagmaker because attributes should recognize.xibbar
[Bug #8252] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-03 10:22:51 +0000