merge some parts of CGI 0.1.1

Fix integer overflow Make use of the check in rb_alloc_tmp_buffer2. When parsing cookies, only decode the values Bump version
ruby · Nov 21, 2022 · ad079c1 · ad079c1
1 parent 6066b8c
commit ad079c1
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 3 deletions.
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE
 optimized_escape_html(VALUE str)
 {
     VALUE vbuf;
-    char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+    typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+    char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
     const char *cstr = RSTRING_PTR(str);
     const char *end = cstr + RSTRING_LEN(str);
 

diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ def self.parse(raw_cookie)
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)

diff --git a/lib/cgi/version.rb b/lib/cgi/version.rb
@@ -1,3 +1,3 @@
 class CGI
-  VERSION = "0.1.0"
+  VERSION = "0.1.0.1"
 end
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ def test_cgi_cookie_parse
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')