[前][次][番号順一覧][スレッド一覧]

ruby-changes:9323

From: xibbar <ko1@a...>
Date: Thu, 18 Dec 2008 21:20:33 +0900 (JST)
Subject: [ruby-changes:9323] Ruby:r20861 (trunk): * lib/cgi/session.rb: fix bug for ignore session_id option.

xibbar	2008-12-18 21:20:13 +0900 (Thu, 18 Dec 2008)

  New Revision: 20861

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=20861

  Log:
    * lib/cgi/session.rb: fix bug for ignore session_id option.
      report from [ruby-core:18635], [Bug #572]
    * lib/cgi/core.rb: use Encoding#find when encoding set.
    
    * test/cgi/test_cgi_session.rb: test for session_id specified.

  Modified files:
    trunk/ChangeLog
    trunk/lib/cgi/core.rb
    trunk/lib/cgi/session.rb
    trunk/test/cgi/test_cgi_session.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 20860)
+++ ChangeLog	(revision 20861)
@@ -1,3 +1,12 @@
+Thu Dec 18 21:12:28 2008  Takeyuki FUJIOKA  <xibbar@r...>
+
+	* lib/cgi/session.rb: fix bug for ignore session_id option.
+	  report from [ruby-core:18635], [Bug #572]
+
+	* lib/cgi/core.rb: use Encoding#find when encoding set.
+
+	* test/cgi/test_cgi_session.rb: test for session_id specified.
+
 Thu Dec 18 17:00:56 2008  Yukihiro Matsumoto  <matz@r...>
 
 	* hash.c (rb_hash_aset): string key copying only happen if key is
Index: lib/cgi/session.rb
===================================================================
--- lib/cgi/session.rb	(revision 20860)
+++ lib/cgi/session.rb	(revision 20861)
@@ -188,7 +188,6 @@
         md5.update('foobar')
         session_id = md5.hexdigest
       end
-      @new_session = true
       session_id
     end
     private :create_new_id
@@ -256,6 +255,7 @@
       unless session_id
         if option['new_session']
           session_id = create_new_id
+          @new_session = true
         end
       end
       unless session_id
@@ -271,6 +271,7 @@
             raise ArgumentError, "session_key `%s' should be supplied"%session_key
           end
           session_id = create_new_id
+          @new_session = true
         end
       end
       @session_id = session_id
@@ -281,7 +282,8 @@
         unless option.fetch('new_session', true)
           raise ArgumentError, "invalid session_id `%s'"%session_id
         end
-        session_id = @session_id = create_new_id
+        session_id = @session_id = create_new_id unless session_id
+        @new_session=true
         retry
       end
       request.instance_eval do
Index: lib/cgi/core.rb
===================================================================
--- lib/cgi/core.rb	(revision 20860)
+++ lib/cgi/core.rb	(revision 20861)
@@ -590,7 +590,7 @@
                       read_from_cmdline
                     end.dup.force_encoding(@accept_charset)
                   )
-        unless @accept_charset=~/ASCII-8BIT/i || @accept_charset==Encoding::ASCII_8BIT
+        unless Encoding.find(@accept_charset) == Encoding::ASCII_8BIT
           @params.each do |key,values|
             values.each do |value|
               unless value.valid_encoding?
Index: test/cgi/test_cgi_session.rb
===================================================================
--- test/cgi/test_cgi_session.rb	(revision 20860)
+++ test/cgi/test_cgi_session.rb	(revision 20861)
@@ -91,7 +91,83 @@
     assert_equal(value1,session["key1"])
     assert_equal(value2,session["key2"])
     session.close
+  end
+  def test_cgi_session_specify_session_id
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+  #    'QUERY_STRING'    => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F',
+  #    'HTTP_COOKIE'     => '_session_id=12345; name1=val1&val2;',
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    value1="value1"
+    value2="\x8F\xBC\x8D]"
+    value2.force_encoding("SJIS") if RUBY_VERSION>="1.9"
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_id"=>"foo")
+    session["key1"]=value1
+    session["key2"]=value2
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    assert_equal("foo",session.session_id)
+    session_id=session.session_id
+    session.close
+    $stdout = StringIO.new
+    cgi.out{""}
 
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+      # 'HTTP_COOKIE'     => "_session_id=#{session_id}",
+      'QUERY_STRING'    => "_session_id=#{session.session_id}",
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir)
+    $stdout = StringIO.new
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    assert_equal("foo",session.session_id)
+    session.close
+  end
+  def test_cgi_session_specify_session_key
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+  #    'QUERY_STRING'    => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F',
+  #    'HTTP_COOKIE'     => '_session_id=12345; name1=val1&val2;',
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    value1="value1"
+    value2="\x8F\xBC\x8D]"
+    value2.force_encoding("SJIS") if RUBY_VERSION>="1.9"
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar")
+    session["key1"]=value1
+    session["key2"]=value2
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    session_id=session.session_id
+    session.close
+    $stdout = StringIO.new
+    cgi.out{""}
 
+    @environ = {
+      'REQUEST_METHOD'  => 'GET',
+      'HTTP_COOKIE'     => "bar=#{session_id}",
+      # 'QUERY_STRING'    => "bar=#{session.session_id}",
+      'SERVER_SOFTWARE' => 'Apache 2.2.0',
+      'SERVER_PROTOCOL' => 'HTTP/1.1',
+    }
+    ENV.update(@environ)
+    cgi = CGI.new
+    session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar")
+    $stdout = StringIO.new
+    assert_equal(value1,session["key1"])
+    assert_equal(value2,session["key2"])
+    session.close
   end
 end

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]