Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jul 14, 2015
  1. @tenderlove
Commits on Jul 13, 2015
  1. @tenderlove
Commits on Jun 24, 2015
  1. @teoljungberg

    Strip trailing whitespace

    teoljungberg authored
  2. @teoljungberg

    Rename files to follow ruby naming conventions

    teoljungberg authored teoljungberg committed
    If a class is named NullLogger, it’s file would be named null_logger.rb
Commits on Jun 18, 2015
  1. @tenderlove

    add make_delete_cookie_header

    tenderlove authored
    *  lib/rack/utils.rb: add a method for constructing "delete" cookie
    headers.  This allows us to construct cookie headers without depending
    on the side effects of mutating a hash.
Commits on Jun 16, 2015
  1. @tenderlove

    Merge branch 'master-sec'

    tenderlove authored
    * master-sec:
      update history
      raise an exception if the parameters are too deep
    
    Conflicts:
    	HISTORY.md
Commits on Jun 14, 2015
  1. @spastorino

    Merge pull request #885 from deepj/constants-and-frozen-strings

    spastorino authored
    Constantize all rack environment variables and make them frozen
Commits on Jun 13, 2015
  1. @tenderlove

    extract a `make_cookie_header` method

    tenderlove authored
    This method doesn't mutate anything
  2. @sigmavirus24
  3. @burtlo @sigmavirus24

    FIX: Backwards compatibility with soupy data

    burtlo authored sigmavirus24 committed
    * Broken quotes needs to be checked before RFC2231 otherwise the filenames are
      not correctly found
    
    * Parsing "files" out of the header was converted to an empty string instead
      instead of nil when the body was empty.
    
    I love working at the #OSL
  4. @burtlo @sigmavirus24

    Force encoding of parsed filename

    burtlo authored sigmavirus24 committed
    I love working at the #OSL
  5. @burtlo @sigmavirus24

    Feature: Provided support for non-ascii character in public header

    burtlo authored sigmavirus24 committed
    I love that we worked on this @MadisonRuby for #OSL
  6. @sigmavirus24
  7. @sigmavirus24

    Move RFC2183 constant too

    sigmavirus24 authored
  8. @sigmavirus24
Commits on Jun 12, 2015
  1. @matthewd

    Merge pull request #835 from greysteil/handle-param-parsing-errors-in…

    matthewd authored
    …-method-override
    
    Ignore param parsing errors in MethodOverride
  2. @tenderlove
  3. @deepj
  4. @AMekss
  5. @tenderlove

    Don't get ancestors' constant as Handler that name is same

    Tadashi Saito authored tenderlove committed
  6. @tenderlove

    assume secure random is always available

    tenderlove authored
    secure_random should always be available on Ruby 2.2+, it just may not
    use openssl
Commits on Jun 11, 2015
  1. @tenderlove

    raise an exception if the parameters are too deep

    tenderlove authored
    CVE-2015-3225
    
    Conflicts:
    	lib/rack/utils.rb
    	test/spec_utils.rb
Commits on Jun 10, 2015
  1. @spastorino
  2. @spastorino

    Use == to compare form_input to rack.input

    Santiago Pastorino & Alexis Mas authored spastorino committed
    Partially reverts b059307 and 7f34329
  3. @spastorino

    URI::RFC2396 is always defined in Ruby 2.2+

    Santiago Pastorino & Alexis Mas authored spastorino committed
Commits on Jun 9, 2015
  1. @tenderlove
  2. @tenderlove

    `params_class` should be private

    tenderlove authored
    the class type is an implementation detail and should not be shared.
  3. @tenderlove

    consolidate where to find the default_query_parser make keyspace requ…

    tenderlove authored
    …ired
    
    we should only be able to find the default_query_parser in one place,
    Utils.  Also the keyspace size should be a require parameter
  4. @tenderlove

    use the factory method for allocating new params objects

    tenderlove authored
    since the query parser only supports one type (the type it was allocated
    with), we can just use the factory method for allocating new child
    parameter types.  This should speed up the parser since we don't need to
    ask for the class of the params type all the time
  5. @tenderlove
  6. @tenderlove

    remove more dead code

    tenderlove authored
  7. @tenderlove

    remove dead code

    tenderlove authored
  8. @tenderlove

    make some methods private

    tenderlove authored
  9. @tenderlove

    ask the query parser to "normalize_params"

    tenderlove authored
    the query parser that constructed the params hash may be diffrent than
    the one that `Util` delegated to.  We should use the same query parser
    to `normalize_params` as constructed the params object.
  10. @tenderlove

    ask the query parser to construct a params object

    tenderlove authored
    this decouples the rest of the code from knowing how a params object is
    actually constructed
Something went wrong with that request. Please try again.