Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Merge to 1.4 #517

Closed
wants to merge 98 commits into
from

Conversation

Projects
None yet

LTe commented Feb 13, 2013

This is our magic change: Picklive/rack@149be7f

Maybe we can write middleware for that or try to merge to rack/rack branch?

infertux and others added some commits Nov 18, 2011

Ignore incorrectly formatted cookies.
This will prevent the application software (like Rails) to crash when given
unescaped cookie value (e.g. "100%" instead of "100%25").
Merge branch 'master' of git://github.com/rack/rack
Conflicts:
	lib/rack/request.rb
	lib/rack/utils.rb
	rack.gemspec
Prevent error in Utils.parse_query/KeySpaceConstrainedParams when a k…
…ey is nil

Before this when parsing a query string or a cookie string, an error were
raised because of the `key.size` in `KeySpaceConstrainedParams#[]=`.
This caused an error when params contained something parsed as a `nil` key.
Skipping empty params inside query what lead to parsing error.
Example of these cookies would be: "foo=bar,;bar=foo" or ",foo=bar;,"
rackup: include the value of each -I command line option in $LOAD_PATH
`rackup -h` says '-I' can be used more than once.  However, instead of adding
each value to $LOAD_PATH, rackup would discard the value of all but the last
'-I' option.

Signed-off-by: Anurag Priyam <anurag08priyam@gmail.com>
Check if the PID in pidfile is still running #371
Then abort or remove the pidfile
Improve pidfile reporting and test coverage
 * Output reduced to a single line
 * Integration test added that also suppresses and checks output
update the dead link
remove the dead link

use internet archive for a dead link

added working link
Set __LINE__ correctly for rackup files.
Before this change the line numbers were off by one, which broke
debugging tools like Pry in addition to causing a smidgen of user
confusion.

Reported-At: pry/pry#571
load session data for merge!
ID#prepare_session calls merge! on the newly-created SessionHash, but
this method is not overridden to parse existing data. As such, any
previous session data passed in from an earlier middleware is discarded.

For me, this was breaking Rack::Test while testing a Sinatra app.
Rack::Static :index can handle multiple folders
* Tries to serve the defined :index in every folder
* Useful for documentation like nanoc.
Wrap test apps in Rack::Lint and fix uncovered errors (second pass)
Update tests for Config, ContentLength, ContentType and Deflater.
Wrap test apps in Rack::Lint and fix uncovered errors (third pass)
Update tests for Directory, ETag, File and Head.
Wrap test apps in Rack::Lint and fix uncovered errors (fourth pass)
Update tests for Lobster, Lock, Logger and MethodOverride.
Wrap test apps in Rack::Lint and fix uncovered errors (fifth pass)
Update tests for MockRequest, MockResponse, NullLogger, Recursive and Runtime.
Wrap test apps in Rack::Lint and fix uncovered errors (sixth pass)
Update tests for Sendfile, Session::Cookie, Session::Memcache and Session::Pool.

Conflicts:
	test/spec_session_cookie.rb
Wrap test apps in Rack::Lint and fix uncovered errors (seventh pass)
Update tests for ShowExceptions, ShowStatus, Static and URLMap.
Update Rack::Deflater specs
- Always wrap apps in Rack::Lint
- Never assume response body is an Array (!)

Conflicts:
	test/spec_deflater.rb
Don't set blank Cache-Control header in Rack::ETag
A Cache-Control header with an empty string is meaningless (confusing,
even, to those inspecting response headers) and slightly wasteful.

Signed-off-by: Stephen Celis <stephen@stephencelis.com>
load session data for merge!
ID#prepare_session calls merge! on the newly-created SessionHash, but
this method is not overridden to parse existing data. As such, any
previous session data passed in from an earlier middleware is discarded.

For me, this was breaking Rack::Test while testing a Sinatra app.
Fix script name escaping in Rack::Directory
Closes #415 and replaces it, which came with no tests and an insecure
implementation.
- correct existing raise test
- amend it so rack lock releases the mutex on throws as well and raises
- added raise test
Add redrawn logos by Zachary Scott
Date: Mon, 22 Oct 2012 10:29:22 -0400
Message-ID: <CAH6G9XNkVkUWh9JPT9HuHzJ4KmRNoPSr8ov3q0rgzH3b=u3cGw@mail.gmail.com>

On Mon, Oct 22, 2012 at 10:17 AM, Christian Neukirchen
<chneukirchen@gmail.com> wrote:
> Is it ok to put the other files as MIT license into contrib/?
> (Perhaps add a copyright message to the .svg)

Whatever you want, they're all yours.
Thanks!
Clarify the body.close spec section
 * This item is frequently missed, including in core.
 * This is not a change in semantic requirement, and does not update the SPEC
   version.
Rack::Response now conforms to body.close SPEC
 * Previously 204, 205 and 304 bodies were not closed correctly.
Refactor spec_cascade and spec_head
 * StringIO is a better choice than a struct here.
Do not fail on cookies that are not URI escaped
 * Closes #360

Conflicts:
	test/spec_request.rb
Fix parsing multiple ranges
Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
Fix parsing performance for unquoted filenames
Special thanks to Paul Rogers & Eric Wong

Conflicts:
	test/spec_multipart.rb
multipart/parser: avoid unbounded #gets method
Malicious clients may send excessively long lines
to trigger out-of-memory errors in a Rack web server.
Reimplement auth scheme fix
 * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
 * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
 * Checked Rails - they don't use our authorization code
 * Checked Warden - uses rails
 * Checked Omniauth - uses rails
 * Checked doorkeeper - users rails
 * Checked rack-authentication - does it's own thing
 * Checked warden-oauth - doesn't do headers
 * Checked devise - uses rails
 * Checked oauth2-rack - header creation only
 * Checked rack-oauth2-server - does it's own thing
 * Probably missed a bunch, but that'll have to do
Add secure_compare to Rack::Utils
Conflicts:
	test/spec_utils.rb
Prevent symlink path traversals
 * Closes CVE-2013-0262
Merge remote-tracking branch 'rack/rack-1.4'
Conflicts:
	Rakefile
	lib/rack/backports/uri/common_192.rb
	lib/rack/session/cookie.rb
	lib/rack/utils.rb
	test/spec_request.rb
	test/spec_session_cookie.rb
	test/spec_utils.rb

@LTe LTe closed this Feb 13, 2013

@LTe LTe deleted the Picklive:merge-to-1.4 branch Feb 13, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment