Santiago Pastorino [Mon, 22 Apr 2013 23:20:51 +0000 (20:20 -0300)]
prevent crash when cookie doesn't contain "--"
This backports
881ce764f3fd70a20c5800892a132f1e6c8e7c50 so that rack
won't crash when there isn't a "--" in the rack_session cookie
Fixes #523
Conflicts:
lib/rack/session/cookie.rb
test/spec_session_cookie.rb
Santiago Pastorino [Mon, 22 Apr 2013 23:56:05 +0000 (20:56 -0300)]
Add Gemfile
James Tucker [Fri, 8 Feb 2013 03:00:33 +0000 (19:00 -0800)]
Bump version number
James Tucker [Fri, 8 Feb 2013 02:59:02 +0000 (18:59 -0800)]
Update README for todays releases
James Tucker [Wed, 6 Feb 2013 23:35:11 +0000 (15:35 -0800)]
Use secure_compare for hmac comparison
* Closes CVE-2013-0263
James Tucker [Wed, 6 Feb 2013 23:31:53 +0000 (15:31 -0800)]
Add secure_compare to Rack::Utils
Conflicts:
lib/rack/utils.rb
test/spec_utils.rb
James Tucker [Sun, 13 Jan 2013 22:00:43 +0000 (14:00 -0800)]
Bump version
James Tucker [Sun, 13 Jan 2013 21:55:50 +0000 (13:55 -0800)]
Update README for release. Add security section.
Conflicts:
README
James Tucker [Sun, 13 Jan 2013 21:33:08 +0000 (13:33 -0800)]
Squash warnings in spec_auth
James Tucker [Sun, 13 Jan 2013 21:10:20 +0000 (13:10 -0800)]
Reimplement auth scheme fix
* Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
* Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
* Checked Rails - they don't use our authorization code
* Checked Warden - uses rails
* Checked Omniauth - uses rails
* Checked doorkeeper - users rails
* Checked rack-authentication - does it's own thing
* Checked warden-oauth - doesn't do headers
* Checked devise - uses rails
* Checked oauth2-rack - header creation only
* Checked rack-oauth2-server - does it's own thing
* Probably missed a bunch, but that'll have to do
James Tucker [Mon, 7 Jan 2013 01:29:57 +0000 (17:29 -0800)]
Revert incorrect change to release number
James Tucker [Mon, 7 Jan 2013 01:28:09 +0000 (17:28 -0800)]
Bump to 1.2.6
James Tucker [Sun, 6 Jan 2013 23:46:33 +0000 (15:46 -0800)]
Update README based on master
James Tucker [Fri, 4 Jan 2013 16:02:50 +0000 (11:02 -0500)]
Fix parsing performance for unquoted filenames
Special thanks to Paul Rogers & Eric Wong
James Tucker [Mon, 19 Mar 2012 02:11:09 +0000 (19:11 -0700)]
Add warning to strongly recommend to people to have secrets protecting their cookies
James Tucker [Wed, 28 Dec 2011 02:47:26 +0000 (22:47 -0400)]
Add release notes, and bump version
James Tucker [Wed, 28 Dec 2011 01:05:58 +0000 (21:05 -0400)]
rubygems no longer preloads thread, which means we need it for Mutex
James Tucker [Wed, 28 Dec 2011 00:59:42 +0000 (20:59 -0400)]
Backport `Limit the size of parameter keys`
Conflicts:
lib/rack/utils.rb
test/spec_request.rb
Michael Fellinger [Sat, 19 Nov 2011 19:24:44 +0000 (11:24 -0800)]
Merge pull request #270 from mtfuji/rack-1.2
Rack 1.2
John Doe [Sat, 19 Nov 2011 09:51:24 +0000 (18:51 +0900)]
add .docx and .xlsx mime types.
James Tucker [Fri, 16 Sep 2011 23:58:38 +0000 (16:58 -0700)]
Update readme
James Tucker [Fri, 16 Sep 2011 23:56:43 +0000 (16:56 -0700)]
Bump version
James Tucker [Fri, 16 Sep 2011 23:56:13 +0000 (16:56 -0700)]
Ensure that the MRI regex engine isn't fooled by bad unicode
nleguen [Sat, 2 Jul 2011 20:57:29 +0000 (13:57 -0700)]
Edited lib/rack/sendfile.rb via GitHub
Samuel Williams [Wed, 29 Jun 2011 17:21:14 +0000 (10:21 -0700)]
Minor error in documentation regarding the order of parameters in HTTP_X_ACCEL_MAPPING.
Conflicts:
lib/rack/sendfile.rb
Konstantin Haase [Thu, 16 Jun 2011 09:15:30 +0000 (11:15 +0200)]
update core team list
James Tucker [Mon, 23 May 2011 07:41:00 +0000 (00:41 -0700)]
Update gemspec for 1.2.3 release
James Tucker [Mon, 23 May 2011 07:31:33 +0000 (00:31 -0700)]
Update for 1.2.3 release
James Tucker [Mon, 23 May 2011 07:23:54 +0000 (00:23 -0700)]
Pull in 1.3.0 release notes to README
James Tucker [Mon, 23 May 2011 05:50:04 +0000 (22:50 -0700)]
We don't actually use rdoctask
James Tucker [Mon, 23 May 2011 05:49:10 +0000 (22:49 -0700)]
Update SPEC
James Tucker [Mon, 23 May 2011 05:48:17 +0000 (22:48 -0700)]
Grammatical corrections (thanks digitalally)
James Tucker [Mon, 23 May 2011 05:19:33 +0000 (22:19 -0700)]
Update links and correct a spelling error
raggi [Tue, 3 May 2011 05:27:10 +0000 (22:27 -0700)]
1.9 not having '.' in load path
Maël Clérambault [Fri, 18 Mar 2011 23:05:42 +0000 (16:05 -0700)]
Force content-length to 0 so apache mod_xsendfile does not hang
Konstantin Haase [Fri, 18 Mar 2011 13:35:53 +0000 (14:35 +0100)]
in auth/digest/params, do not accidentially pass block used for construction to Hash#initialize, where it is used for default values at might be triggered again later on
raggi [Thu, 10 Feb 2011 02:32:26 +0000 (18:32 -0800)]
improve gemloader to include runtime deps if any, and not break on complex requirements
raggi [Sat, 1 Jan 2011 01:18:27 +0000 (20:18 -0500)]
Adding SPEC with rake task dependencies
raggi [Mon, 20 Dec 2010 03:25:45 +0000 (19:25 -0800)]
Use gemloader in fulltest
raggi [Mon, 20 Dec 2010 03:19:47 +0000 (19:19 -0800)]
Add gemloader script that will provide the ability to activate development dependencies at the correct version for point releases
raggi [Mon, 20 Dec 2010 03:06:45 +0000 (19:06 -0800)]
Add stage to gitignore
Andrew Bortz [Tue, 7 Sep 2010 20:40:48 +0000 (04:40 +0800)]
Resolve absolute path of config so daemonize works
raggi [Mon, 4 Oct 2010 01:09:13 +0000 (22:09 -0300)]
Rack::Logger conforms to Rack::Lint, closes Lighthouse #89
stahnma [Fri, 10 Sep 2010 22:03:15 +0000 (06:03 +0800)]
Adding Rakefile to rack.gemspec
Konstantin Haase [Wed, 8 Sep 2010 12:59:52 +0000 (20:59 +0800)]
Skip Rack::Lint::InputWrapper serialization in TestRequest. Makes tests pass on Ruby 1.9.1p378.
raggi [Thu, 8 Jul 2010 13:23:39 +0000 (14:23 +0100)]
The application should be loaded prior to daemonization to prevent issues with chdir etc.
raggi [Thu, 8 Jul 2010 13:23:12 +0000 (14:23 +0100)]
Debugging should not change semantics of load path or require modification before loading the application
raggi [Thu, 17 Jun 2010 11:18:27 +0000 (08:18 -0300)]
Update gitignore to ignore compiled classes and the lighttpd error log
raggi [Thu, 17 Jun 2010 11:17:31 +0000 (08:17 -0300)]
Use ::File.unlink in place of Tempfile#unlink to avoid 1.9.1 bug
Michael Fellinger [Thu, 17 Jun 2010 02:43:36 +0000 (11:43 +0900)]
Fix ESCAPE_HTML_PATTERN construction
Christian Neukirchen [Sun, 13 Mar 2011 00:36:34 +0000 (01:36 +0100)]
Prepare for 1.2.2
Brad Ediger [Fri, 4 Mar 2011 17:50:27 +0000 (11:50 -0600)]
MD5 Digest auth: fail if authenticator returns nil
Fixes the authenticator API to deny access if nil is returned from the
authenticator block. Without this patch, the nil gets to_s'd to "" and
an empty password would be accepted.
Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
Christian Neukirchen [Tue, 15 Jun 2010 09:52:37 +0000 (11:52 +0200)]
Fix Rakefile
Christian Neukirchen [Tue, 15 Jun 2010 09:39:08 +0000 (11:39 +0200)]
Prepare 1.2.1
Christian Neukirchen [Tue, 15 Jun 2010 09:37:52 +0000 (11:37 +0200)]
Rename spec/ back to test/
visudo [Wed, 12 May 2010 04:43:31 +0000 (00:43 -0400)]
Make CGI handler obey rack spec by wrapping stdin in a rewindable
stream.
Signed-off-by: raggi <jftucker@gmail.com>
Christian Neukirchen [Sun, 13 Jun 2010 17:57:49 +0000 (19:57 +0200)]
Merge remote branch 'official/master'
Christian Neukirchen [Sun, 13 Jun 2010 17:38:43 +0000 (19:38 +0200)]
More gemspec fixes
Christian Neukirchen [Sun, 13 Jun 2010 17:37:40 +0000 (19:37 +0200)]
Hard-core version number in gemspec
Christian Neukirchen [Sun, 13 Jun 2010 17:36:13 +0000 (19:36 +0200)]
Push Rack.release to 1.2
Christian Neukirchen [Sun, 13 Jun 2010 17:35:35 +0000 (19:35 +0200)]
Last README updates
Christian Neukirchen [Sun, 13 Jun 2010 17:34:01 +0000 (19:34 +0200)]
Merge branch 'bacon'
Christian Neukirchen [Sun, 13 Jun 2010 15:00:34 +0000 (17:00 +0200)]
Fix gem dependencies to use bacon
Christian Neukirchen [Sun, 13 Jun 2010 14:54:03 +0000 (16:54 +0200)]
Silence test suite
raggi [Sun, 13 Jun 2010 12:18:07 +0000 (09:18 -0300)]
Fix thin specs for 1.0 and bacon
Fix TestRequest for servers that add unserializables in env.
Michael Fellinger [Sun, 13 Jun 2010 09:40:09 +0000 (18:40 +0900)]
Improve performance and flexibility of Rack::Utils.escape_html
Michael Fellinger [Sat, 12 Jun 2010 14:34:13 +0000 (23:34 +0900)]
require time in response because it's used for cookies
Michael Fellinger [Sat, 12 Jun 2010 14:33:52 +0000 (23:33 +0900)]
Fix Handler::CGI so it uses $stdin.binmode
Michael Fellinger [Sat, 12 Jun 2010 14:33:25 +0000 (23:33 +0900)]
Fix spec requires and the missing ones
Christian Neukirchen [Sat, 12 Jun 2010 10:43:36 +0000 (12:43 +0200)]
Update README and gemspec
Michael Fellinger [Sat, 12 Jun 2010 09:44:04 +0000 (18:44 +0900)]
Ported specs to bacon
Michael Fellinger [Fri, 11 Jun 2010 01:29:10 +0000 (10:29 +0900)]
Add Request.trace? and Request.options?
Michael Fellinger [Thu, 10 Jun 2010 03:45:39 +0000 (12:45 +0900)]
Add mime-type for webm
Michael Fellinger [Wed, 9 Jun 2010 03:59:59 +0000 (12:59 +0900)]
Remove trailing whitespace
Konstantin Haase [Tue, 8 Jun 2010 19:06:39 +0000 (21:06 +0200)]
make sure PATH_INFO and SCRIPT_NAME get reset
Tim Connor [Sat, 1 May 2010 06:57:36 +0000 (23:57 -0700)]
don't dupe env in urlmap so modifications down the chain persist back up
Tim Connor [Sat, 1 May 2010 06:38:07 +0000 (23:38 -0700)]
test for mapping in builder
Michael Fellinger [Wed, 9 Jun 2010 03:44:59 +0000 (12:44 +0900)]
Don't use 'unknown' in HTTP_X_FORWARDED_FOR
Timur Batyrshin [Wed, 31 Mar 2010 11:29:47 +0000 (19:29 +0800)]
set ENV["RACK_ENV"] to options[:environment] as many frameworks rely on this
Michael Fellinger [Tue, 8 Jun 2010 16:03:01 +0000 (01:03 +0900)]
Implement proper RFC 2822 Time format based on RFC 2109 example for cookie expires
Michael Fellinger [Tue, 8 Jun 2010 15:29:10 +0000 (00:29 +0900)]
Get rid of a few more warnings
Michael Fellinger [Tue, 8 Jun 2010 15:27:03 +0000 (00:27 +0900)]
Avoid warning on 1.8.7 regarding File.to_path
Michael Fellinger [Tue, 8 Jun 2010 15:22:16 +0000 (00:22 +0900)]
The correct IP from HTTP_X_FORWARDED_FOR is the first one
Simon Chiang [Fri, 14 May 2010 23:26:15 +0000 (07:26 +0800)]
removed parsing of quoted values
Matias Korhonen [Wed, 26 May 2010 13:46:30 +0000 (16:46 +0300)]
Fixes the nginx #send_file configuration example.
Simon Chiang [Wed, 5 May 2010 17:54:07 +0000 (11:54 -0600)]
updated Session::Memcache initialization to pass MemCache options correctly
Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
Anil Wadghule [Wed, 5 May 2010 11:28:20 +0000 (16:58 +0530)]
Improved comment by giving example
Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
Zach Brock [Fri, 8 Jan 2010 05:43:51 +0000 (21:43 -0800)]
allow delete of cookies with same name but different domain
Adding a spec for adding multiple cookies with the same name on
different domains
Jon Bardin [Thu, 29 Apr 2010 00:43:55 +0000 (17:43 -0700)]
added test for bug with escaping query string parameters
Ryan Tomayko [Thu, 29 Apr 2010 21:55:34 +0000 (14:55 -0700)]
avoid uninitialized ivar warning
Christian Neukirchen [Fri, 9 Apr 2010 15:05:25 +0000 (17:05 +0200)]
Fully remove camping
Christian Neukirchen [Fri, 9 Apr 2010 15:02:52 +0000 (17:02 +0200)]
Remove Camping adapter
Camping 2.0 supports Rack as-is.
Joshua Peek [Wed, 7 Apr 2010 18:34:00 +0000 (13:34 -0500)]
size is not part of the input SPEC
If size is added as a formal requirement, revert this commit. Till
then Lint should bomb if middleware tries to access
env['rack.input'].size.
Discussion about adding #size to rack.input
http://groups.google.com/group/rack-devel/browse_thread/thread/
9c06163a4b13ccad
Joshua Peek [Wed, 7 Apr 2010 18:32:22 +0000 (13:32 -0500)]
Require 'rack' from mock.rb since it references Rack::VERSION
(Fixes tests)
raggi [Tue, 23 Mar 2010 19:49:28 +0000 (19:49 +0000)]
Update Rack::Mock to use Rack::VERSION too
raggi [Tue, 23 Mar 2010 19:48:31 +0000 (19:48 +0000)]
Merge branch 'rag'
* rag:
Update all handlers to use Rack::VERSION instead of a hardcoded array for the protocol version.
Make Rack::Recursive thread safe by removing shared state
Deprecate unused log object in Rack::Handler::SCGI
Move trap(:INT) to Rack::Server and support optional Handler protocol where handlers may implement .shutdown to do pre-exit cleanup.
Fix a bug in CGI detection
Adding options passthrough for Rack::Server.start to make CGI apps easier to author
raggi [Tue, 23 Mar 2010 19:47:50 +0000 (19:47 +0000)]
Update all handlers to use Rack::VERSION instead of a hardcoded array for the protocol version.
raggi [Tue, 23 Mar 2010 19:37:38 +0000 (19:37 +0000)]
Make Rack::Recursive thread safe by removing shared state
raggi [Tue, 23 Mar 2010 19:36:05 +0000 (19:36 +0000)]
Deprecate unused log object in Rack::Handler::SCGI
raggi [Tue, 23 Mar 2010 19:29:44 +0000 (19:29 +0000)]
Move trap(:INT) to Rack::Server and support optional Handler protocol where handlers may implement .shutdown to do pre-exit cleanup.
projects / rack / log