| Age | Commit message (Collapse) | Author |
|---|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3729
|
|
`path_info` contains filesystem encoding and binary.
Example is `"/webrick.cgi/%A5%DB%A4%B2/%A4%DB%A4%B2"` in `TestWEBrickCGI#test_cgi`.
|
|
http://ci.rvm.jp/results/trunk-test@ruby-sky1/3012894
```
/tmp/ruby/v3/src/trunk-test/tool/lib/minitest/unit.rb:199:in `assert': webrick log start: (MiniTest::Assertion)
[2020-06-19 23:01:59] ERROR ArgumentError: invalid byte sequence in UTF-8
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `scan'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `set_filename'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:310:in `exec_handler'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:245:in `do_GET'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/abstract.rb:105:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:241:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:140:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:96:in `run'
/tmp/ruby/v3/src/trunk-test/lib/webrick/server.rb:307:in `block in start_thread'
```
|
|
instead of `@root.encoding`.
And fallback to ASCII-8BIT when filesystem encoding is US-ASCII.
When `@root.encoding` is not compatible filesystem encoding,
`Encoding::CompatibilityError` raised at `webrick/httpservlet/filehandler.rb:341`.
So `DocumentRoot` must be compatible with filesystem encoding.
|
|
This reverts 750203c514e0e9a49f7d53fb54084e6844fca42a and 93e6fa1d319d19ce7fba37e4b9924862447b9f38
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200619T054159Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200619-14304-utgij/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-19 16:28:42] ERROR `/あ.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-19 16:28:42] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
`prevent_directory_traversal` treats `path_info` as filesystem encoding.
So path_info should be filesystem encoding in request URL.
On some environments, fallback to ASCII-8BIT when EncodingError.
|
|
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200618T113134Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200618-84004-1t0dh8f/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-18 22:18:07] ERROR `/??.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
```
|
|
Try to fix 404 error on mswinci.
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200614T225859Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200615-24932-11ykstf/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-15 09:48:29] ERROR `/あ.txt' not found.
webrick log end.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-15 09:48:29] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
Notes:
Merged: https://github.com/ruby/ruby/pull/3227
|
|
[Bug #16753]
https://github.com/ruby/webrick/commit/83cf440858
|
|
Fixed misspellings reported at [Bug #16437], for default gems.
|
|
The values of @header are expected to be all strings;
WEBrick::HTTPResponse::[]=(key, val) explicitly converts the second
argument to a string and assigns it to @header hash.
However, there were some points in WEBrick internal code that assigns
non-String to @header. This change fixes the issues.
The values are checked by `header_value =~ /\r\n/` in check_header.
The type confusion caused conflict with removal of `Object#=~`
[Feature #15231].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError
is raised in IO.copy_stream with offset.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63008 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Use the new Proc response body feature to generate a multipart
range response dynamically. We use a flat array to minimize
object overhead as much as possible; as many ranges may fit
into an HTTP request header.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
(make_partial_content): use multipart_body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62959 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Content-Length is ignored by WEBrick::HTTPResponse even if we
calculate it, so instead we chunk responses to HTTP/1.1 clients
and terminate HTTP/1.0 connections.
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
quiet warning
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This is also compatible with range responses generated
by Rack::File (tested with rack 2.0.3).
* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
use File object for the single range case
* test/webrick/test_filehandler.rb (get_res_body): use send_body
to test result
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-1219][ci skip] Patch by @leafac
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53648 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb (set_dir_list): pass the
given queries to subdirectories.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44919 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40862 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40860 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40859 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpservlet/filehandler.rb (set_dir_list): revert r20152
partially and fix misuse of bytesize and regexp repetition operator.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40847 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb: ditto.
* lib/webrick/config.rb: ditto.
* lib/webrick/cookie.rb: ditto.
* lib/webrick/httpauth/authenticator.rb: ditto.
* lib/webrick/httpauth/basicauth.rb: ditto.
* lib/webrick/httpauth/digestauth.rb: ditto.
* lib/webrick/httpproxy.rb: ditto.
* lib/webrick/httprequest.rb: ditto.
* lib/webrick/httpresponse.rb: ditto.
* lib/webrick/https.rb: ditto.
* lib/webrick/httpserver.rb: ditto.
* lib/webrick/httpservlet/cgihandler.rb: ditto.
* lib/webrick/httpservlet/filehandler.rb: ditto.
* lib/webrick/httpservlet/prochandler.rb: ditto.
* lib/webrick/httputils.rb: ditto.
* lib/webrick/httpversion.rb: ditto.
* lib/webrick/log.rb: ditto.
* lib/webrick/server.rb: ditto.
* lib/webrick/ssl.rb: ditto.
* lib/webrick/utils.rb: ditto.
* lib/webrick/version.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31573 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(prevent_directory_traversal): apply filesystem encoding to path
only during calling File.expand_path. [ruby-dev:41423]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
add bytes-unit. [ruby-dev:40030]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:37768]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use #bytesize instead of #size. a patch submitted from
raspberry lemon in [ruby-core:18571].
* lib/webrick/httpauth/digestauth.rb, lib/webrick/httpproxy.rb,
lib/webrick/httprequest.rb, lib/webrick/httpservlet/cgi_runner.rb,
lib/webrick/httpservlet/abstract.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/cgihandler.rb, lib/webrick/utils.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
name in path_info to prevent script disclosure vulnerability on
DOSISH filesystems. (fix: CVE-2008-1891)
Note: NTFS/FAT filesystem should not be published by the platforms
other than Windows. Pathname interpretation (including short
filename) is less than perfect.
* lib/webrick/httpservlet/abstract.rb
(WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri):
should escape the value of Location: header.
* lib/webrick/httpservlet/cgi_runner.rb: accept interpreter
command line arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
separators in path_info to prevent directory traversal
attacks on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/json/lib/json/pure/parser.rb, ext/openssl/lib/openssl/x509.rb,
ext/win32ole/sample/olegen.rb, lib/date/format.rb, lib/irb/context.rb,
lib/irb/workspace.rb, lib/net/http.rb, lib/net/imap.rb,
lib/rdoc/generator.rb, lib/rdoc/markup/to_html.rb,
lib/rdoc/markup/to_latex.rb, lib/rdoc/parsers/parse_c.rb,
lib/rdoc/ri/formatter.rb, lib/rexml/parsers/baseparser.rb,
lib/rexml/quickpath.rb, lib/rexml/text.rb, lib/rss/parser.rb,
lib/uri/common.rb, lib/uri/generic.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/filehandler.rb, lib/yaml/baseemitter.rb,
lib/yaml/encoding.rb: performance tuning arround String#gsub.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15442 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(VisualC++6) so use -O2b2xg- if $(MSC_VER) < 1400. [ruby-core:7040]
* lib/webrick/httpservlet/filehandler.rb: fixed typo. (Kero van Gelder)
[ruby-core:7075]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/webrick/httpserver.rb (HTTPServer#intialize),
lib/webrick/httpservlet/cgihandler.rb (CGIHandler#initialize),
lib/webrick/httpservlet/erbhandler.rb (ERBHandler#initialize),
lib/webrick/httpservlet/filehandler.rb(DefaultFileHandler#initialize):
super (called with no arguments) takes default value of optional
arguments. [ruby-dev:26743]
* lib/webrick/httputils.rb: add a media-type "text/html" for .xhtml.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8943 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
should log about all accepted socket. [ruby-core:03962]
* lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params):
"%%" and "%u" are supported. [webricken:135]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#check_filename):
:NondisclosureName is acceptable if it is Enumerable.
* lib/webrick/config.rb (WEBrick::Config::FileHandler):
default value of :NondisclosureName is [".ht*", "*~"].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
add WEBrick::Config::FileHandler[:AcceptableLanguages].
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#set_filename): search files
having suffix of language-name which Accept-Language header field
includes if :AcceptableLanguages options is present.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#get_servlet): new method to
search servlet correspond to the suffix of filename.
* lib/webrick/httprequest.rb: add attributes access methods: accept,
accept_charset, accept_encoding, accept_language, content_length
and content_type.
* lib/webrick/httpresponse.rb: add attribute access methods:
content_length, content_length=, content_type and content_type=.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types):
use the second suffix to detect media type. (the first suffix
may be a language name.)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues):
add method to parse Accept header field. it returns an Array of
values sorted by the qvalues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7033 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to request.user attribute.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#initialize): should expand
the pathname of document root directory.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6913 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix regex for range-spec.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::DefaultFileHandler#make_partial_content):
multipart/byteranges response was broken.
* lib/xmlrpc/server.rb: refine example code.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6761 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
instead of config[:Port] or req.request_uri.port.
* lib/webrick/httprequest.rb (HTTPRequest#meta_vars): ditto.
* lib/webrick/httpservlet/filehandler.rb (FileHandler#dir_list): ditto.
* lib/webrick/config.rb: :Listen option never be used.
* lib/webrick/server.rb (GenericServer#initialize): don't use :Listen
option and add warning message.
* lib/webrick/log.rb (BasicLog#<<): shortcut of log(INFO, ...).
* lib/webrick/httpserver.rb (HTTPServer#accesslog): use << for logging.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4528 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
