Skip to content

Commit

Permalink
merge some parts of CGI 0.1.1
Browse files Browse the repository at this point in the history
	Fix integer overflow

	Make use of the check in rb_alloc_tmp_buffer2.

	When parsing cookies, only decode the values

	Bump version
  • Loading branch information
unak authored and hsbt committed Nov 21, 2022
1 parent 6066b8c commit ad079c1
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 3 deletions.
3 changes: 2 additions & 1 deletion ext/cgi/escape/escape.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ static VALUE
optimized_escape_html(VALUE str)
{
VALUE vbuf;
char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
const char *cstr = RSTRING_PTR(str);
const char *end = cstr + RSTRING_LEN(str);

Expand Down
1 change: 0 additions & 1 deletion lib/cgi/cookie.rb
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,6 @@ def self.parse(raw_cookie)
raw_cookie.split(/;\s?/).each do |pairs|
name, values = pairs.split('=',2)
next unless name and values
name = CGI.unescape(name)
values ||= ""
values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
if cookies.has_key?(name)
Expand Down
2 changes: 1 addition & 1 deletion lib/cgi/version.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
class CGI
VERSION = "0.1.0"
VERSION = "0.1.0.1"
end
5 changes: 5 additions & 0 deletions test/cgi/test_cgi_cookie.rb
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ def test_cgi_cookie_parse
end
end

def test_cgi_cookie_parse_not_decode_name
cookie_str = "%66oo=baz;foo=bar"
cookies = CGI::Cookie.parse(cookie_str)
assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
end

def test_cgi_cookie_arrayinterface
cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
Expand Down

0 comments on commit ad079c1

Please sign in to comment.