203 Commits

Author SHA1 Message Date
Earlopain
a82e7132df Fix uplevel for cgi under bundler
Since there is `bundled_gems.rb` it is not always one. Fixes the following:
```sh
$ ruby -w -rbundler/inline -e "gemfile {}; require 'cgi'"
/home/earlopain/.rbenv/versions/ruby-dev/lib/ruby/3.5.0+0/bundled_gems.rb:59: warning: CGI library is removed from Ruby 3.5. Please use cgi/escape instead for CGI.escape and CGI.unescape features.
If you need to use the full features of CGI library, Please install cgi gem.
```

into:

```sh
$ ruby -w -rbundler/inline -e "gemfile {}; require 'cgi'"
-e:1: warning: CGI library is removed from Ruby 3.5. Please use cgi/escape instead for CGI.escape and CGI.unescape features.
If you need to use the full features of CGI library, Please install cgi gem.
```
2025-05-20 18:22:41 +09:00
Hiroshi SHIBATA
5aade8a84a Added migration wrapper for cgi.rb and cgi/util.rb 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
600c616507 Removed CGI library without CGI::Escape features 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
8a1d45144b Support require 'cgi/escape' with extracting CGI::Escape from CGI::Util 2025-05-09 14:27:28 +09:00
Hiroshi SHIBATA
237ab21f25 [ruby/cgi] Escape/unescape unclosed tags as well
https://github.com/ruby/cgi/commit/cd1eb08076

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
2025-02-26 07:34:04 +00:00
Hiroshi SHIBATA
fc60a04de9 [ruby/cgi] Use String#concat instead of String#+ for reducing cpu usage
https://github.com/ruby/cgi/commit/9907b76dad

Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
2025-02-26 07:34:03 +00:00
Hiroshi SHIBATA
d97884a58b [ruby/cgi] Use license files same as ruby/ruby
https://github.com/ruby/cgi/commit/defbdf9a30
2025-02-21 06:20:13 +00:00
Hiroshi SHIBATA
3185550623 Make Pstore tests as optional 2025-01-10 10:19:39 +09:00
Jean Boussier
ced84beb25 [ruby/cgi] Add snake case aliases for escapeURIComponent
As agreed in [Feature #18822]

https://github.com/ruby/cgi/commit/9d1161ec9d
2023-11-07 10:22:30 +00:00
Alexandre ZANNI
7865cebfb7 [ruby/cgi] doc: fix method name
there was probably a copy paste mistake in the example of unescapeURIComponent (copied from unescape)

https://github.com/ruby/cgi/commit/f8fb627e90
2023-10-14 16:46:14 +00:00
Benoit Daloze
f61bd3ca80 [ruby/cgi] Add TruffleRuby support and add it in CI
https://github.com/ruby/cgi/commit/1240fec9c9
2023-05-29 19:33:38 +00:00
Hiroshi SHIBATA
d8751c0aa7 [ruby/cgi] blade is hosted under ruby-lang.org now
https://github.com/ruby/cgi/commit/826ba3140c
2023-01-23 03:41:54 +00:00
Xenor Chang
745dcf5326 [ruby/cgi] Loosen the domain regex to accept '.'
(https://github.com/ruby/cgi/pull/29)

* Loosen the domain regex to accept '.'

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>

https://github.com/ruby/cgi/commit/5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
2022-11-28 04:34:11 +00:00
Nobuyoshi Nakada
58682b6980 [ruby/cgi] Relax domain label restrictions
https://github.com/ruby/cgi/commit/b46d41c363
2022-11-22 02:12:50 +00:00
Yusuke Endoh
0e75b2f2e6 [ruby/cgi] Prevent CRLF injection
Throw a RuntimeError if the HTTP response header contains CR or LF to
prevent HTTP response splitting.

https://hackerone.com/reports/1204695

https://github.com/ruby/cgi/commit/64c5045c0a
2022-11-22 02:00:11 +00:00
Nobuyoshi Nakada
c05f85f373 [ruby/cgi] Check cookie name/path/domain characters
https://hackerone.com/reports/1204977

https://github.com/ruby/cgi/commit/30107a4797
2022-11-22 02:00:10 +00:00
Jean Boussier
3850113e20 [ruby/cgi] Implement CGI.url_encode and CGI.url_decode
[Feature #18822]

Ruby is somewhat missing an RFC 3986 compliant escape method.

https://github.com/ruby/cgi/commit/c2729c7f33
2022-08-16 19:12:03 +09:00
Pavel Rosický
4bc7cef866
[ruby/cgi] jruby support
https://github.com/ruby/cgi/commit/93326fb622
2022-06-06 18:13:01 +09:00
Nobuyoshi Nakada
6eb500e2df [ruby/cgi] Extract CGI::Session#new_store_file
https://github.com/ruby/cgi/commit/b3e2ff9164
2021-12-15 08:24:41 +09:00
Nobuyoshi Nakada
f53f6d9284
[ruby/cgi] Exclude unused files from built package
https://github.com/ruby/cgi/commit/e840b6c368
2021-11-27 18:40:03 +09:00
Nobuyoshi Nakada
45034e9de3 [ruby/cgi] Set extconf.rb to extensions
Fix https://github.com/ruby/cgi/pull/11

https://github.com/ruby/cgi/commit/60d8f5e7d9
2021-11-27 14:44:46 +09:00
Nobuyoshi Nakada
0f31b3f465 [ruby/cgi] When parsing cookies, only decode the values
https://github.com/ruby/cgi/commit/052eb3a828
2021-11-24 19:59:00 +09:00
Nobuyoshi Nakada
62fc81fe12 [ruby/cgi] Use Time#strftime
https://github.com/ruby/cgi/commit/caf1d0755d
2021-09-03 17:50:00 +09:00
Olle Jonsson
2440d60acb
[ruby/cgi] gemspec: Explicitly empty executables list
The gem exposes no executables

https://github.com/ruby/cgi/commit/cd7106ad97
2021-04-22 11:51:37 +09:00
pavel
2756938369
[ruby/cgi] handle invalid encoding
https://github.com/ruby/cgi/commit/2b1c2e21a4
2021-04-22 11:51:36 +09:00
Hiroshi SHIBATA
8fb02b7a97
Update the license for the default gems to dual licenses 2020-08-18 20:26:39 +09:00
Hiroshi SHIBATA
e732d376af [ruby/cgi] Drop to Ruby 2.4
https://github.com/ruby/cgi/commit/8a86536e94
2020-08-03 18:30:19 +09:00
Nobuyoshi Nakada
b2d96abb42 Extract version number from the source
"requiring version.rb" strategy has some issues.

- cannot work when cross-compiling
- often introduces wrong namespace
- must know the superclasses
- costs at each runtime than at build-time

etc.
2020-07-30 19:03:18 +09:00
Kazuhiro NISHIYAMA
de10631dcf
Add workaround for test-bundler failure
https://github.com/ruby/actions/runs/500526558?check_suite_focus=true#step:16:127
```
Failures:

  1) Bundler.setup when Bundler is bundled doesn't blow up
     Failure/Error: expect(err).to be_empty

       expected `"fatal: not a git repository (or any of the parent directories): .git\nfatal: not a git repository (o...the parent directories): .git\nfatal: not a git repository (or any of the parent directories): .git".empty?` to return true, got false

       Commands:
       $ /home/runner/work/actions/actions/snapshot-master/ruby \
         -I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
         -rsupport/hax -rsupport/artifice/fail \
         /home/runner/work/actions/actions/snapshot-master/libexec/bundle install --retry 0
       Resolving dependencies...
       Using bundler 2.1.4
       Bundle complete! 1 Gemfile dependency, 1 gem now installed.
       Use `bundle info [gemname]` to see where a bundled gem is installed.
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       # $? => 0

       $ /home/runner/work/actions/actions/snapshot-master/ruby \
         -I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
         -rsupport/hax -rsupport/artifice/fail \
         /home/runner/work/actions/actions/snapshot-master/libexec/bundle exec ruby -e \
         require\ \'bundler\'\;\ Bundler.setup
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       fatal: not a git repository (or any of the parent directories): .git
       # $? => 0
     # ./spec/bundler/runtime/setup_spec.rb:1056:in `block (3 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:111:in `block (3 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:111:in `block (2 levels) in <top (required)>'
     # ./spec/bundler/spec_helper.rb:78:in `block (2 levels) in <top (required)>'
make: *** [yes-test-bundler] Error 1
```
2020-03-12 19:17:08 +09:00
Jeremy Evans
ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
2019-11-18 01:00:25 +02:00
Hiroshi SHIBATA
fc85bdeb77
Promote cgi to default gems 2019-11-07 16:36:14 +09:00
Nobuyoshi Nakada
45454bdb8b
Prefer Regexp#=~ to Regexp#match when the RHS may be nil 2019-08-19 16:39:42 +09:00
ohbarye
b1678338e5
Fix typo: duplicated the [skip-ci] 2019-08-09 16:23:49 -07:00
Semyon Pupkov
4173258fd0
change call CGI methods from :: to .
Closes: https://github.com/ruby/ruby/pull/1749
2019-08-04 09:19:30 +09:00
kazu
c01a5ee85e Use delete_prefix instead of sub(/\Afixed-pattern/, '')
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-12-04 08:22:10 +00:00
nobu
6b1e425144 lib/cgi/util.rb: use require
* lib/cgi/util.rb: reverted r65505.  require_relative does not
  work for cgi/escape.so, as extension libraries are placed in
  other directories than ruby libraries.  [Bug #15206]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65511 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-11-03 05:29:02 +00:00
marcandre
e859e668d2 lib/*: Prefer require_relative over require.
[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-11-02 17:52:33 +00:00
kazu
b4d935455f Use &. instead of modifier if
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-04 13:30:25 +00:00
kazu
e03ea9c596 Use printf instead of puts and sprintf
[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61174 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-12 15:01:04 +00:00
shyouhei
f2a91397fd Add uplevel keyword to Kernel#warn and use it
If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.

This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.

This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.

This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.

rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.

From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-12 11:56:25 +00:00
kazu
42fbe19fa8 Fix cgi/core code example missing comma
ref https://github.com/rurema/doctree/pull/448
[ci skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59469 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-08-02 15:10:38 +00:00
k0kubun
e1b4327545 cgi/util.rb: Don't escape tilde in #escape
to make it compatible with ERB::Util.url_encode.

ext/cgi/escape/escape.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-17 12:34:59 +00:00
nobu
97849e1178 share @@accept_charset
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
  share `@@accept_charset` class variable, so that it is always
  accessible.  [ruby-core:80986] [Bug #13539]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-06 01:33:04 +00:00
kazu
fbd5cda6aa {lib,test}/cgi: Specify frozen_string_literal: true.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-18 05:52:16 +00:00
normal
f845a9ef76 lib/*: remove closed checks
Follow r56795.  Since Ruby 2.2, calling #close on a closed
socket no longer raises exceptions.

* lib/cgi/session.rb (update): remove closed? check
* lib/net/http.rb (finish, transport_request): ditto
* lib/net/imap.rb (disconnect): ditto
* lib/net/pop.rb (do_start, do_finish): ditto
* lib/net/smtp.rb (do_start, do_finish): ditto
* lib/open3.rb (popen_run, pipeline_run): ditto
* lib/pstore.rb (transaction): ditto
* lib/shell/process-controller.rb (sfork):
* lib/tempfile (_close, call, Tempfile.create): ditto
* lib/webrick/httpauth/htdigest.rb (flush): ditto
* lib/webrick/httpauth/htpasswd.rb (flush): ditto
* lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-21 23:05:41 +00:00
naruse
5f33c6b0f5 * lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
* lib/webrick/cookie.rb (parse): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-27 03:17:47 +00:00
hsbt
e303695ebd * lib/cgi/util.rb: added to missing quote.
[fix GH-1363][ci skip] Patch by @dwaller

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55185 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-28 01:26:21 +00:00
nobu
20cd25c86f cgi/util.rb: remove CGI::Util#_unescape
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
  method instead of _unescape, and should pass the optional
  argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
  method.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-04-20 08:33:33 +00:00
nobu
d463c492bc cgi/escape: Optimize CGI.unescape
* cgi/escape/escape.c: Optimize CGI.unescape performance by C ext
  for ASCII-compatible encodings.  [Fix GH-1250]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-21 04:57:57 +00:00
nobu
8e46f401b2 ASCII-incompatible escape
* lib/cgi/util.rb (escapeHTML, unescapeHTML): consider
  ASCII-incompatible encodings.  [Fix GH-1239]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53754 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-02-06 13:31:07 +00:00