Hello community,
here is the log from the commit of package rubygem-rack-1_4 for
openSUSE:Factory checked in at 2015-06-23 11:58:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-1_4 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-1_4.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-1_4"
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-1_4/rubygem-rack-1_4.changes
2014-11-24 11:13:03.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-rack-1_4.new/rubygem-rack-1_4.changes
2015-06-23 11:58:02.000000000 +0200
@@ -1,0 +2,12 @@
+Fri Jun 19 04:32:35 UTC 2015 - co...@suse.com
+
+- updated to version 1.4.7
+ no changelog found
+
+-------------------------------------------------------------------
+Wed Jun 17 04:37:53 UTC 2015 - co...@suse.com
+
+- updated to version 1.4.6
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
rack-1.4.5.gem
New:
----
rack-1.4.7.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-1_4.spec ++++++
--- /var/tmp/diff_new_pack.4U62Gq/_old 2015-06-23 11:58:02.000000000 +0200
+++ /var/tmp/diff_new_pack.4U62Gq/_new 2015-06-23 11:58:02.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-rack-1_4
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-1_4
-Version: 1.4.5
+Version: 1.4.7
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-1.4.5.gem -> rack-1.4.7.gem ++++++
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/multipart/parser.rb
new/lib/rack/multipart/parser.rb
--- old/lib/rack/multipart/parser.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/lib/rack/multipart/parser.rb 2015-06-18 23:12:06.000000000 +0200
@@ -2,6 +2,8 @@
module Rack
module Multipart
+ class MultipartLimitError < Errno::EMFILE; end
+
class Parser
BUFSIZE = 16384
@@ -14,10 +16,17 @@
fast_forward_to_first_boundary
+ opened_files = 0
loop do
+
head, filename, content_type, name, body =
get_current_head_and_filename_and_content_type_and_name_and_body
+ if Utils.multipart_part_limit > 0
+ opened_files += 1 if filename
+ raise MultipartLimitError, 'Maximum file multiparts in content
reached' if opened_files >= Utils.multipart_part_limit
+ end
+
# Save the rest.
if i = @buf.index(rx)
body << @buf.slice!(0, i)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/server.rb new/lib/rack/server.rb
--- old/lib/rack/server.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/lib/rack/server.rb 2015-06-18 23:12:06.000000000 +0200
@@ -337,6 +337,8 @@
return :exited unless ::File.exist?(options[:pid])
pid = ::File.read(options[:pid]).to_i
+ return :dead if pid == 0
+
Process.kill(0, pid)
:running
rescue Errno::ESRCH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/utils.rb new/lib/rack/utils.rb
--- old/lib/rack/utils.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/lib/rack/utils.rb 2015-06-18 23:12:06.000000000 +0200
@@ -51,12 +51,23 @@
class << self
attr_accessor :key_space_limit
+ attr_accessor :param_depth_limit
+ attr_accessor :multipart_part_limit
end
# The default number of bytes to allow parameter keys to take up.
# This helps prevent a rogue client from flooding a Request.
self.key_space_limit = 65536
+ # Default depth at which the parameter parser will raise an exception for
+ # being too deep. This helps prevent SystemStackErrors
+ self.param_depth_limit = 100
+ #
+ # The maximum number of parts a request can contain. Accepting to many part
+ # can lead to the server running out of file handles.
+ # Set to `0` for no limit.
+ self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || 128).to_i
+
# Stolen from Mongrel, with some small modifications:
# Parses a query string by breaking it up at the '&'
# and ';' characters. You can also use this to parse
@@ -100,7 +111,9 @@
end
module_function :parse_nested_query
- def normalize_params(params, name, v = nil)
+ def normalize_params(params, name, v = nil, depth =
Utils.param_depth_limit)
+ raise RangeError if depth <= 0
+
name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
k = $1 || ''
after = $' || ''
@@ -118,14 +131,14 @@
params[k] ||= []
raise TypeError, "expected Array (got #{params[k].class.name}) for
param `#{k}'" unless params[k].is_a?(Array)
if params_hash_type?(params[k].last) && !params[k].last.key?(child_key)
- normalize_params(params[k].last, child_key, v)
+ normalize_params(params[k].last, child_key, v, depth - 1)
else
- params[k] << normalize_params(params.class.new, child_key, v)
+ params[k] << normalize_params(params.class.new, child_key, v, depth
- 1)
end
else
params[k] ||= params.class.new
raise TypeError, "expected Hash (got #{params[k].class.name}) for
param `#{k}'" unless params_hash_type?(params[k])
- params[k] = normalize_params(params[k], after, v)
+ params[k] = normalize_params(params[k], after, v, depth - 1)
end
return params
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack.rb new/lib/rack.rb
--- old/lib/rack.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/lib/rack.rb 2015-06-18 23:12:06.000000000 +0200
@@ -20,7 +20,7 @@
# Return the Rack release as a dotted string.
def self.release
- "1.4"
+ "1.4.7"
end
autoload :Builder, "rack/builder"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 1970-01-01 01:00:00.000000000 +0100
+++ new/metadata 2015-06-18 23:12:06.000000000 +0200
@@ -1,128 +1,120 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
name: rack
-version: !ruby/object:Gem::Version
- hash: 13
- prerelease:
- segments:
- - 1
- - 4
- - 5
- version: 1.4.5
+version: !ruby/object:Gem::Version
+ version: 1.4.7
platform: ruby
-authors:
+authors:
- Christian Neukirchen
autorequire:
bindir: bin
cert_chain: []
-
-date: 2013-02-08 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2015-06-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
name: bacon
- prerelease: false
- requirement: &id001 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
type: :development
- version_requirements: *id001
-- !ruby/object:Gem::Dependency
- name: rake
prerelease: false
- requirement: &id002 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
+- !ruby/object:Gem::Dependency
+ name: rake
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
type: :development
- version_requirements: *id002
-- !ruby/object:Gem::Dependency
- name: ruby-fcgi
prerelease: false
- requirement: &id003 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
+- !ruby/object:Gem::Dependency
+ name: ruby-fcgi
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
type: :development
- version_requirements: *id003
-- !ruby/object:Gem::Dependency
- name: memcache-client
prerelease: false
- requirement: &id004 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
+- !ruby/object:Gem::Dependency
+ name: memcache-client
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
type: :development
- version_requirements: *id004
-- !ruby/object:Gem::Dependency
- name: mongrel
prerelease: false
- requirement: &id005 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3904189667
- segments:
- - 1
- - 2
- - 0
- - pre
- - 2
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
+- !ruby/object:Gem::Dependency
+ name: mongrel
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
version: 1.2.0.pre2
type: :development
- version_requirements: *id005
-- !ruby/object:Gem::Dependency
- name: thin
prerelease: false
- requirement: &id006 !ruby/object:Gem::Requirement
- none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: 1.2.0.pre2
+- !ruby/object:Gem::Dependency
+ name: thin
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
type: :development
- version_requirements: *id006
+ prerelease: false
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: '0'
description: |
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
-
- Also see http://rack.github.com/.
+ Also see http://rack.github.com/.
email: chneukirc...@gmail.com
-executables:
+executables:
- rackup
extensions: []
-
-extra_rdoc_files:
+extra_rdoc_files:
- README.rdoc
- KNOWN-ISSUES
-files:
+files:
+- COPYING
+- KNOWN-ISSUES
+- README.rdoc
+- Rakefile
+- SPEC
- bin/rackup
- contrib/rack.png
- contrib/rack.svg
@@ -131,6 +123,7 @@
- example/lobster.ru
- example/protectedlobster.rb
- example/protectedlobster.ru
+- lib/rack.rb
- lib/rack/auth/abstract/handler.rb
- lib/rack/auth/abstract/request.rb
- lib/rack/auth/basic.rb
@@ -154,6 +147,7 @@
- lib/rack/directory.rb
- lib/rack/etag.rb
- lib/rack/file.rb
+- lib/rack/handler.rb
- lib/rack/handler/cgi.rb
- lib/rack/handler/evented_mongrel.rb
- lib/rack/handler/fastcgi.rb
@@ -163,7 +157,6 @@
- lib/rack/handler/swiftiplied_mongrel.rb
- lib/rack/handler/thin.rb
- lib/rack/handler/webrick.rb
-- lib/rack/handler.rb
- lib/rack/head.rb
- lib/rack/lint.rb
- lib/rack/lobster.rb
@@ -172,10 +165,10 @@
- lib/rack/methodoverride.rb
- lib/rack/mime.rb
- lib/rack/mock.rb
+- lib/rack/multipart.rb
- lib/rack/multipart/generator.rb
- lib/rack/multipart/parser.rb
- lib/rack/multipart/uploaded_file.rb
-- lib/rack/multipart.rb
- lib/rack/nulllogger.rb
- lib/rack/recursive.rb
- lib/rack/reloader.rb
@@ -194,7 +187,7 @@
- lib/rack/static.rb
- lib/rack/urlmap.rb
- lib/rack/utils.rb
-- lib/rack.rb
+- rack.gemspec
- test/builder/anything.rb
- test/builder/comment.ru
- test/builder/end.ru
@@ -207,6 +200,7 @@
- test/cgi/assets/javascripts/app.js
- test/cgi/assets/stylesheets/app.css
- test/cgi/lighttpd.conf
+- test/cgi/lighttpd.errors
- test/cgi/rackup_stub.rb
- test/cgi/sample_rackup.ru
- test/cgi/test
@@ -234,6 +228,7 @@
- test/multipart/none
- test/multipart/semicolon
- test/multipart/text
+- test/multipart/three_files_three_fields
- test/multipart/webkit
- test/rackup/config.ru
- test/registering_handler/rack/handler/registering_myself.rb
@@ -289,46 +284,30 @@
- test/testrequest.rb
- test/unregistered_handler/rack/handler/unregistered.rb
- test/unregistered_handler/rack/handler/unregistered_long_one.rb
-- COPYING
-- KNOWN-ISSUES
-- rack.gemspec
-- Rakefile
-- README.rdoc
-- SPEC
homepage: http://rack.github.com/
licenses: []
-
+metadata: {}
post_install_message:
rdoc_options: []
-
-require_paths:
+require_paths:
- lib
-required_ruby_version: !ruby/object:Gem::Requirement
- none: false
- requirements:
+required_ruby_version: !ruby/object:Gem::Requirement
+ requirements:
- - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
- none: false
- requirements:
+ - !ruby/object:Gem::Version
+ version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+ requirements:
- - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 0
- version: "0"
+ - !ruby/object:Gem::Version
+ version: '0'
requirements: []
-
rubyforge_project: rack
-rubygems_version: 1.8.24
+rubygems_version: 2.4.5
signing_key:
-specification_version: 3
+specification_version: 4
summary: a modular Ruby webserver interface
-test_files:
+test_files:
- test/spec_auth.rb
- test/spec_auth_basic.rb
- test/spec_auth_digest.rb
@@ -376,4 +355,3 @@
- test/spec_urlmap.rb
- test/spec_utils.rb
- test/spec_webrick.rb
-has_rdoc:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rack.gemspec new/rack.gemspec
--- old/rack.gemspec 1970-01-01 01:00:00.000000000 +0100
+++ new/rack.gemspec 2015-06-18 23:12:06.000000000 +0200
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = "rack"
- s.version = "1.4.5"
+ s.version = "1.4.7"
s.platform = Gem::Platform::RUBY
s.summary = "a modular Ruby webserver interface"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/cgi/lighttpd.errors new/test/cgi/lighttpd.errors
--- old/test/cgi/lighttpd.errors 1970-01-01 01:00:00.000000000 +0100
+++ new/test/cgi/lighttpd.errors 2015-06-18 23:12:06.000000000 +0200
@@ -0,0 +1 @@
+2015-06-16 14:11:43: (log.c.164) server started
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/multipart/three_files_three_fields
new/test/multipart/three_files_three_fields
--- old/test/multipart/three_files_three_fields 1970-01-01 01:00:00.000000000
+0100
+++ new/test/multipart/three_files_three_fields 2015-06-18 23:12:06.000000000
+0200
@@ -0,0 +1,31 @@
+--AaB03x
+content-disposition: form-data; name="reply"
+
+yes
+--AaB03x
+content-disposition: form-data; name="to"
+
+people
+--AaB03x
+content-disposition: form-data; name="from"
+
+others
+--AaB03x
+content-disposition: form-data; name="fileupload1"; filename="file1.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload2"; filename="file2.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload3"; filename="file3.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x--
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/spec_multipart.rb new/test/spec_multipart.rb
--- old/test/spec_multipart.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/test/spec_multipart.rb 2015-06-18 23:12:06.000000000 +0200
@@ -364,22 +364,56 @@
end
it "builds complete params with the chunk size of 16384 slicing exactly on
boundary" do
- data = File.open(multipart_file("fail_16384_nofile")) { |f| f.read
}.gsub(/\n/, "\r\n")
- options = {
- "CONTENT_TYPE" => "multipart/form-data;
boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
- "CONTENT_LENGTH" => data.length.to_s,
- :input => StringIO.new(data)
- }
- env = Rack::MockRequest.env_for("/", options)
- params = Rack::Multipart.parse_multipart(env)
-
- params.should.not.equal nil
- params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
- params["AAAAAAAAAAAAAAAAAAA"].keys.should.include
"PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
-
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include
"new"
-
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include
"-2"
-
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include
"ba_unit_id"
-
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal
"1017"
+ begin
+ previous_limit = Rack::Utils.multipart_part_limit
+ Rack::Utils.multipart_part_limit = 256
+
+ data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read
}.gsub(/\n/, "\r\n")
+ options = {
+ "CONTENT_TYPE" => "multipart/form-data;
boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
+ "CONTENT_LENGTH" => data.length.to_s,
+ :input => StringIO.new(data)
+ }
+ env = Rack::MockRequest.env_for("/", options)
+ params = Rack::Multipart.parse_multipart(env)
+
+ params.should.not.equal nil
+ params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
+ params["AAAAAAAAAAAAAAAAAAA"].keys.should.include
"PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
+
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include
"new"
+
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include
"-2"
+
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include
"ba_unit_id"
+
params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal
"1017"
+ ensure
+ Rack::Utils.multipart_part_limit = previous_limit
+ end
+ end
+
+ should "not reach a multi-part limit" do
+ begin
+ previous_limit = Rack::Utils.multipart_part_limit
+ Rack::Utils.multipart_part_limit = 4
+
+ env = Rack::MockRequest.env_for '/',
multipart_fixture(:three_files_three_fields)
+ params = Rack::Multipart.parse_multipart(env)
+ params['reply'].should.equal 'yes'
+ params['to'].should.equal 'people'
+ params['from'].should.equal 'others'
+ ensure
+ Rack::Utils.multipart_part_limit = previous_limit
+ end
+ end
+
+ should "reach a multipart limit" do
+ begin
+ previous_limit = Rack::Utils.multipart_part_limit
+ Rack::Utils.multipart_part_limit = 3
+
+ env = Rack::MockRequest.env_for '/',
multipart_fixture(:three_files_three_fields)
+ lambda { Rack::Multipart.parse_multipart(env)
}.should.raise(Rack::Multipart::MultipartLimitError)
+ ensure
+ Rack::Utils.multipart_part_limit = previous_limit
+ end
end
should "return nil if no UploadedFiles were used" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/spec_request.rb new/test/spec_request.rb
--- old/test/spec_request.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/test/spec_request.rb 2015-06-18 23:12:06.000000000 +0200
@@ -2,6 +2,7 @@
require 'cgi'
require 'rack/request'
require 'rack/mock'
+require 'securerandom'
describe Rack::Request do
should "wrap the rack variables" do
@@ -613,6 +614,22 @@
f[:tempfile].size.should.equal 76
end
+ should "MultipartLimitError when request has too many multipart parts if
limit set" do
+ begin
+ data = 10000.times.map { "--AaB03x\r\nContent-Type:
text/plain\r\nContent-Disposition: attachment; name=#{SecureRandom.hex(10)};
filename=#{SecureRandom.hex(10)}\r\n\r\ncontents\r\n" }.join("\r\n")
+ data += "--AaB03x--\r"
+
+ options = {
+ "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+ "CONTENT_LENGTH" => data.length.to_s,
+ :input => StringIO.new(data)
+ }
+
+ request = Rack::Request.new Rack::MockRequest.env_for("/", options)
+ lambda { request.POST
}.should.raise(Rack::Multipart::MultipartLimitError)
+ end
+ end
+
should "parse big multipart form data" do
input = <<EOF
--AaB03x\r
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/spec_utils.rb new/test/spec_utils.rb
--- old/test/spec_utils.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/test/spec_utils.rb 2015-06-18 23:12:06.000000000 +0200
@@ -123,6 +123,18 @@
Rack::Utils.parse_query(",foo=bar;,", ";,").should.equal "foo" => "bar"
end
+ should "raise an exception if the params are too deep" do
+ len = Rack::Utils.param_depth_limit
+
+ lambda {
+ Rack::Utils.parse_nested_query("foo#{"[a]" * len}=bar")
+ }.should.raise(RangeError)
+
+ lambda {
+ Rack::Utils.parse_nested_query("foo#{"[a]" * (len - 1)}=bar")
+ }.should.not.raise
+ end
+
should "parse nested query strings correctly" do
Rack::Utils.parse_nested_query("foo").
should.equal "foo" => nil
