Pete Elmore [Tue, 22 Oct 2013 00:22:48 +0000 (17:22 -0700)]
Minor fix to Rack::File OPTIONS for Lint.
Pete Elmore [Tue, 22 Oct 2013 00:13:11 +0000 (17:13 -0700)]
Add OPTIONS support to File and MockRequest.
Also update the specs for same.
RFC 2616, section 9.2 specifies OPTIONS requests. Not much effort to
support it for this case; there's already an ALLOWED_VERBS cosntant in
Rack::File, and the spec describes the body of the request as optional.
Konstantin Haase [Fri, 27 Sep 2013 08:35:33 +0000 (01:35 -0700)]
Merge pull request #606 from aweiksnar/patch-1
add parentheses to method definitions with arguments
Alex Weiksnar [Fri, 27 Sep 2013 03:04:24 +0000 (22:04 -0500)]
add parentheses to method definitions with arguments
to keep it uniform with the rest of the repo
Santiago Pastorino [Mon, 9 Sep 2013 21:32:18 +0000 (14:32 -0700)]
Merge pull request #601 from bajamircea/master
Remove unused require rbconfig
bajamircea [Mon, 9 Sep 2013 21:05:46 +0000 (22:05 +0100)]
Remove unused require rbconfig
Rbconfig is no longer used in the :deps task, so no longer required
Konstantin Haase [Mon, 9 Sep 2013 14:44:58 +0000 (07:44 -0700)]
Merge pull request #600 from SamSaffron/master
avoid copying entire payload twice just to hash it
Sam [Mon, 9 Sep 2013 06:24:10 +0000 (16:24 +1000)]
avoid copying entire payload just to calc md5
Konstantin Haase [Tue, 3 Sep 2013 11:16:29 +0000 (04:16 -0700)]
Merge pull request #596 from SamSaffron/master
Conditional get is causing exceptions during regular usage
Konstantin Haase [Sun, 25 Aug 2013 09:58:09 +0000 (02:58 -0700)]
Merge pull request #597 from vipulnsward/change_equality_check
Change equality check to stop warnings
Vipul A M [Sun, 25 Aug 2013 08:05:30 +0000 (13:35 +0530)]
Change equality check to stop warnings
Santiago Pastorino [Thu, 22 Aug 2013 19:12:41 +0000 (12:12 -0700)]
Merge pull request #588 from statianzo/tempfile-form-input
Use equal? to compare form_input to rack.input
Santiago Pastorino [Thu, 22 Aug 2013 19:03:17 +0000 (12:03 -0700)]
Merge pull request #595 from benpickles/use-sub-not-gsub
Use `sub` as we only need to substitute once.
Sam [Wed, 21 Aug 2013 03:26:14 +0000 (13:26 +1000)]
conditional get is causing exceptions during regular usage, avoid the exception raising for all trivial cases (empty and shorter than minimal length strings)
Ben Pickles [Tue, 20 Aug 2013 20:39:54 +0000 (21:39 +0100)]
Use `sub` as we only need to substitute once.
(Hence the use of `\z`)
Jason Staten [Thu, 18 Jul 2013 23:19:32 +0000 (17:19 -0600)]
Use equal? to compare form_input to rack.input
Using equal? provides consistent results of equality between 1.8, 1.9,
and 2.0 when comparing Tempfile objects.
In 1.8, == will change the position of the Tempfile.
In 1.9+, == compares Tempfiles correctly.
In 1.8, eql? compares Tempfiles correctly
In 1.9+, t.eql?(t) always returns false
Santiago Pastorino [Mon, 15 Jul 2013 03:09:27 +0000 (20:09 -0700)]
Merge pull request #585 from MSch/patch-1
Fix bug in sendfile.rb
Martin Schürrer [Sun, 14 Jul 2013 18:14:03 +0000 (20:14 +0200)]
Fix bug in sendfile.rb
The error message called `variation` without the env leading to an `ArgumentError`. It should call `type` instead.
James Tucker [Thu, 4 Jul 2013 23:33:30 +0000 (16:33 -0700)]
Merge branch 'rack-1.5' (cleanup release diff)
* rack-1.5:
Bump version number
Add release notes for todays releases
Prevent symlink path traversals
Stop overwriting existing pidfiles.
Use secure_compare for hmac comparison
Add secure_compare to Rack::Utils
Ensure binary modes are used in tests, for Windows
Fix a bug where host matching occurs out of order
Add JSON cookie coder. To be default after 1.6+
add license information to gemspec
Fix reference link
Document Rack::Deflater
Request#trusted_proxy? no longer accepts lines
Add find and set methods to Session object
Conflicts:
lib/rack/session/cookie.rb
rack.gemspec
test/spec_session_cookie.rb
James Tucker [Thu, 4 Jul 2013 23:17:43 +0000 (16:17 -0700)]
Refactor rack static header rules application
James Tucker [Thu, 4 Jul 2013 23:07:43 +0000 (16:07 -0700)]
Merge pull request #560 from mattwildig/static-threads
Make Rack::Static custom headers thread safe
James Tucker [Thu, 4 Jul 2013 22:15:48 +0000 (15:15 -0700)]
Merge pull request #583 from gshutler/cookie-http-only
Set HttpOnly for cookies using :http_only
Garry Shutler [Wed, 3 Jul 2013 18:43:50 +0000 (19:43 +0100)]
Set HttpOnly for cookies using :http_only
Santiago Pastorino [Fri, 28 Jun 2013 19:57:13 +0000 (12:57 -0700)]
Merge pull request #580 from sikachu/unauthorized_helper
Add Response#unauthorized? helper
Prem Sichanugrist [Fri, 28 Jun 2013 19:48:03 +0000 (15:48 -0400)]
Add Response#unauthorized? helper
This helper should come in handy when you want to test the authorization
in your application.
Santiago Pastorino [Thu, 27 Jun 2013 18:59:17 +0000 (11:59 -0700)]
Merge pull request #579 from nealharris/escape-error-message-in-rack-showstatus
html escape detail for error message
Neal Harris [Fri, 21 Jun 2013 21:35:37 +0000 (14:35 -0700)]
html escape detail for error message
Konstantin Haase [Sun, 16 Jun 2013 23:51:48 +0000 (16:51 -0700)]
Merge pull request #578 from jamiehodge/link-unlink
add #link? and #unlink?
Jamie Hodge [Sat, 15 Jun 2013 20:15:00 +0000 (22:15 +0200)]
add #link? and #unlink?
Konstantin Haase [Sat, 15 Jun 2013 10:24:04 +0000 (03:24 -0700)]
Merge pull request #575 from jamiehodge/link-unlink
add LINK and UNLINK methods to method override
Jamie Hodge [Fri, 14 Jun 2013 08:41:51 +0000 (10:41 +0200)]
add LINK and UNLINK methods
Christian Neukirchen [Tue, 11 Jun 2013 14:40:16 +0000 (07:40 -0700)]
Merge pull request #572 from tricknotes/modify-github-pages-domain
Modify GitHub pages domain
Ryunosuke SATO [Tue, 11 Jun 2013 11:33:48 +0000 (20:33 +0900)]
Modify GitHub pages domain
Now this page is served as `rack.github.io`.
* https://github.com/blog/1452-new-github-pages-domain-github-io
Santiago Pastorino [Tue, 28 May 2013 20:00:23 +0000 (13:00 -0700)]
Merge pull request #565 from vipulnsward/fix_typo2
Fix some typos
Vipul A M [Thu, 23 May 2013 20:17:29 +0000 (01:47 +0530)]
Fix some typos
Santiago Pastorino [Thu, 23 May 2013 19:19:15 +0000 (12:19 -0700)]
Merge pull request #561 from jdelStrother/eoferror
Ensure request.POST always raises EOFError on bad input
Jonathan del Strother [Tue, 21 May 2013 14:36:25 +0000 (15:36 +0100)]
Ensure request.POST always raises EOFError on bad input
Before this fix, if you had a bad multipart request, request.POST would only raise EOFError the first time it was called, and would then return nil on subsequent invocations. This would typically result in the cryptic "can't convert nil into Hash" as a result of calling request.params
Matt Wildig [Mon, 20 May 2013 22:55:10 +0000 (23:55 +0100)]
Make Rack::Static custom headers thread safe
* Do not manipulate instance variables of Rack::File, add new headers
after return from the file server.
* Do not use instance variable to store path, use local vars and params
instead.
Fixes #558
Santiago Pastorino [Fri, 10 May 2013 17:23:02 +0000 (10:23 -0700)]
Merge pull request #555 from spagalloco/fix_warnings
fix instance variable not initialized warning in Rack::Deflater::GzipStream
Steve Agalloco [Wed, 8 May 2013 19:43:22 +0000 (15:43 -0400)]
fix instance variable not initialized warning in Rack::Deflater::GzipStream
James Tucker [Mon, 29 Apr 2013 21:24:37 +0000 (14:24 -0700)]
Add timezone to CommonLogger, as per spec.
Closes #550
James Tucker [Mon, 29 Apr 2013 18:55:32 +0000 (11:55 -0700)]
Add deflated JSON support
Konstantin Haase [Mon, 22 Apr 2013 15:45:12 +0000 (17:45 +0200)]
Merge branch 'master' of github.com:rack/rack
Konstantin Haase [Mon, 22 Apr 2013 15:45:04 +0000 (17:45 +0200)]
update team list
James Tucker [Mon, 22 Apr 2013 15:43:11 +0000 (08:43 -0700)]
Merge pull request #514 from postmodern/localhost_development
Default host to localhost when in development mode.
James Tucker [Mon, 22 Apr 2013 15:38:11 +0000 (08:38 -0700)]
delfater: ensure that parent body is always closed
* Fixes a bug where body is not enumerated (i.e. HEAD), and as such is never
closed.
* Users suffering from the above bug are encouraged to investigate their
middleware order.
* Supersedes and closes #531.
James Tucker [Sun, 21 Apr 2013 21:10:06 +0000 (14:10 -0700)]
Sure up HTML escaping in Rack::Directory
* Supersedes & closes #522
James Tucker [Sun, 21 Apr 2013 20:43:33 +0000 (13:43 -0700)]
Fix typo, thanks @spastorino
James Tucker [Sun, 21 Apr 2013 20:37:52 +0000 (13:37 -0700)]
Add note about parameter parsing not changing
James Tucker [Sun, 21 Apr 2013 20:16:20 +0000 (13:16 -0700)]
Prevent signals from being sent to pid 0
* Closes #544
Konstantin Haase [Sat, 20 Apr 2013 14:38:49 +0000 (07:38 -0700)]
Merge pull request #546 from spastorino/tiny_refactor
Use respond_to?
Santiago Pastorino [Sat, 20 Apr 2013 14:35:08 +0000 (11:35 -0300)]
Use respond_to?
Konstantin Haase [Sat, 20 Apr 2013 14:19:42 +0000 (07:19 -0700)]
Merge pull request #515 from autohaus24/fix_invalid_characters_in_multipart_uploads
fix invalid characters in multipart uploads
Konstantin Haase [Sat, 20 Apr 2013 08:05:44 +0000 (01:05 -0700)]
Merge pull request #545 from spastorino/travis_failures_on_20
Do not allow failures in Travis when using Ruby 2.0
Michael Raidel [Thu, 6 Sep 2012 13:35:30 +0000 (15:35 +0200)]
fix invalid characters in multipart uploads
Santiago Pastorino [Sat, 20 Apr 2013 01:42:21 +0000 (22:42 -0300)]
Do not allow failures in Travis when using Ruby 2.0
Michael Fellinger [Fri, 19 Apr 2013 19:44:52 +0000 (21:44 +0200)]
correct Request#port for lighttpd2 proxy case
Konstantin Haase [Wed, 17 Apr 2013 18:03:07 +0000 (11:03 -0700)]
Merge pull request #542 from snyff/patch-2
Update md5.rb
Konstantin Haase [Mon, 15 Apr 2013 10:23:34 +0000 (03:23 -0700)]
Merge pull request #541 from crx/status_code_cleanup
Remove unassigned HTTP status codes
Louis Nyffenegger [Mon, 15 Apr 2013 03:26:06 +0000 (13:26 +1000)]
Update md5.rb
Separated patch to fix timing attack
Chase DuBois [Sun, 14 Apr 2013 23:07:17 +0000 (16:07 -0700)]
Remove unassigned HTTP status codes
Konstantin Haase [Sat, 13 Apr 2013 11:01:09 +0000 (04:01 -0700)]
Merge pull request #540 from vipulnsward/fix_some_typos
fix typos
Konstantin Haase [Sat, 13 Apr 2013 11:00:19 +0000 (04:00 -0700)]
Merge pull request #539 from vipulnsward/cleanup_tests
cleanup tests for unused variables
Vipul A M [Sat, 13 Apr 2013 06:13:26 +0000 (11:43 +0530)]
cleanup tests for unused variables
Vipul A M [Sat, 13 Apr 2013 05:52:33 +0000 (11:22 +0530)]
fix typos
Konstantin Haase [Fri, 12 Apr 2013 17:37:56 +0000 (10:37 -0700)]
Merge pull request #537 from vipulnsward/remove_loop
remove extra loop, variable initialization
Vipul A M [Wed, 10 Apr 2013 04:21:28 +0000 (09:51 +0530)]
remove extra loop, variable initialization
Konstantin Haase [Fri, 12 Apr 2013 17:03:08 +0000 (10:03 -0700)]
Merge pull request #538 from basvodde/master
Removed default pid file from help text
Konstantin Haase [Fri, 12 Apr 2013 16:52:00 +0000 (09:52 -0700)]
Merge pull request #535 from oscardelben/fix_env_typo
Don't rely on ENV. Fixes #532
Bas Vodde [Fri, 12 Apr 2013 02:32:13 +0000 (10:32 +0800)]
Removed the comment that rack.pid is the default as it doesn't seem to be the default at all
Oscar Del Ben [Sun, 31 Mar 2013 01:49:54 +0000 (18:49 -0700)]
Don't rely on ENV. Fixes #532
Konstantin Haase [Fri, 29 Mar 2013 16:01:58 +0000 (09:01 -0700)]
Merge pull request #533 from dahakawang/master
add partial rack hijack for WEBrick
David Wang [Fri, 29 Mar 2013 09:20:26 +0000 (17:20 +0800)]
add test for WEBrick partial hijack
David Wang [Wed, 27 Mar 2013 05:46:23 +0000 (13:46 +0800)]
add partial rack hijack support for WEBrick
Postmodern [Thu, 28 Feb 2013 00:10:50 +0000 (16:10 -0800)]
Determine the default value for Host, based on the environment.
Postmodern [Sun, 10 Feb 2013 05:30:25 +0000 (21:30 -0800)]
Rack::Handler::Thin: default the host to localhost in development mode.
Postmodern [Sun, 10 Feb 2013 05:30:09 +0000 (21:30 -0800)]
Rack::Handler::Mongrel: default the host to localhost in development mode.
Postmodern [Sun, 10 Feb 2013 05:29:59 +0000 (21:29 -0800)]
Rack::Handler::WEBrick: default the host to localhost in development mode.
Postmodern [Sun, 10 Feb 2013 05:28:55 +0000 (21:28 -0800)]
Default host to localhost when in development mode.
* Running Rack apps on 0.0.0.0 in development mode will allow malicious
users on the local network (ex: a Coffee Shop or a Conference) to abuse
or potentially exploit the app. Safer to default host to localhost when in
development mode.
James Tucker [Sat, 9 Feb 2013 22:47:19 +0000 (14:47 -0800)]
Merge pull request #513 from spastorino/mime_match_conditionals
Make Rack::Mime.match? conditionals a bit cleaner
Santiago Pastorino [Sat, 9 Feb 2013 19:41:18 +0000 (17:41 -0200)]
Refactor Rack::Mime.match? conditionals to make them a bit cleaner
James Tucker [Fri, 8 Feb 2013 03:02:09 +0000 (19:02 -0800)]
Master is now 1.6-ish, as it has removals
James Tucker [Fri, 8 Feb 2013 03:01:22 +0000 (19:01 -0800)]
Bump version number
James Tucker [Fri, 8 Feb 2013 02:57:06 +0000 (18:57 -0800)]
Add release notes for todays releases
James Tucker [Fri, 8 Feb 2013 02:57:06 +0000 (18:57 -0800)]
Add release notes for todays releases
James Tucker [Thu, 7 Feb 2013 00:25:22 +0000 (16:25 -0800)]
Prevent symlink path traversals
* Closes CVE-2013-0262
James Tucker [Thu, 7 Feb 2013 00:25:22 +0000 (16:25 -0800)]
Prevent symlink path traversals
* Closes CVE-2013-0262
Tim Moore [Wed, 30 Jan 2013 02:45:32 +0000 (13:45 +1100)]
Stop overwriting existing pidfiles.
A race condition can arise when two servers are started simultaneously. Both
instances may complete the check for an existing pidfile before either one
writes it.
Now the pidfile is opened with ::File::EXCL, which raises an error if the file
already exists. This error is handled by retrying the check and the write.
James Tucker [Thu, 7 Feb 2013 22:47:10 +0000 (14:47 -0800)]
Use secure_compare for hmac comparison
* Closes CVE-2013-0263
James Tucker [Wed, 6 Feb 2013 23:31:53 +0000 (15:31 -0800)]
Add secure_compare to Rack::Utils
Conflicts:
test/spec_utils.rb
James Tucker [Thu, 7 Feb 2013 02:01:06 +0000 (18:01 -0800)]
Ensure binary modes are used in tests, for Windows
James Tucker [Thu, 7 Feb 2013 01:40:34 +0000 (17:40 -0800)]
Fix a bug where host matching occurs out of order
* Closes #504
James Tucker [Wed, 6 Feb 2013 22:13:10 +0000 (14:13 -0800)]
Add JSON cookie coder. To be default after 1.6+
Jordi Massaguer Pla [Wed, 6 Feb 2013 12:41:16 +0000 (13:41 +0100)]
add license information to gemspec
this way it can be used with rubygems.org API
Oscar Del Ben [Sun, 3 Feb 2013 05:28:50 +0000 (21:28 -0800)]
Fix reference link
Oscar Del Ben [Sun, 3 Feb 2013 03:50:01 +0000 (19:50 -0800)]
Document Rack::Deflater
James Tucker [Sat, 2 Feb 2013 16:06:26 +0000 (08:06 -0800)]
Request#trusted_proxy? no longer accepts lines
* Closes #508
* Adds some limited coverage. More issues highlighted - incomplete local ips.
Santiago Pastorino [Tue, 29 Jan 2013 14:01:44 +0000 (12:01 -0200)]
Add find and set methods to Session object
James Tucker [Thu, 7 Feb 2013 22:47:10 +0000 (14:47 -0800)]
Use secure_compare for hmac comparison
* Closes CVE-2013-0263
James Tucker [Wed, 6 Feb 2013 23:31:53 +0000 (15:31 -0800)]
Add secure_compare to Rack::Utils
Conflicts:
test/spec_utils.rb