merge some parts of CGI 0.1.1

Fix integer overflow Make use of the check in rb_alloc_tmp_buffer2. When parsing cookies, only decode the values Bump version
ruby · Nov 24, 2021 · f69aeb8 · f69aeb8
1 parent b198562
commit f69aeb8
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 4 deletions.
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE
 optimized_escape_html(VALUE str)
 {
     VALUE vbuf;
-    char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+    typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+    char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
     const char *cstr = RSTRING_PTR(str);
     const char *end = cstr + RSTRING_LEN(str);
 

diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ def self.parse(raw_cookie)
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)

diff --git a/lib/cgi/version.rb b/lib/cgi/version.rb
@@ -1,3 +1,3 @@
 class CGI
-  VERSION = "0.1.0"
+  VERSION = "0.1.0.1"
 end
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ def test_cgi_cookie_parse
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')

diff --git a/version.h b/version.h
@@ -2,7 +2,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 5
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 202
+#define RUBY_PATCHLEVEL 203
 
 #define RUBY_RELEASE_YEAR 2021
 #define RUBY_RELEASE_MONTH 11