webrick: filter out HTTP_PROXY for CGIHandler

* lib/webrick/httpservlet/cgihandler.rb (do_GET): delete HTTP_PROXY * test/webrick/test_cgi.rb (test_cgi_env): new test * test/webrick/webrick.cgi (do_GET): new endpoint to dump env [ruby-core:76511] [Bug #12610] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55731 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-07-22 16:43:12 +0000
committer: normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-07-22 16:43:12 +0000
commit: 793772611119dbd63e1e83f83af12c702912ed3a (patch)
tree: 4010aedbc93b40fbdec47395577a79c2115d393a
parent: 94a989846e9a5259fd7d61e6dbd59bba3bdba8ee (diff)
download: ruby-793772611119dbd63e1e83f83af12c702912ed3a.tar.gz
4 files changed, 25 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2d3ba13ac1..92fafd9451 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sat Jul 23 01:41:29 2016  Eric Wong  <e@80x24.org>
+
+	* lib/webrick/httpservlet/cgihandler.rb (do_GET): delete HTTP_PROXY
+	* test/webrick/test_cgi.rb (test_cgi_env): new test
+	* test/webrick/webrick.cgi (do_GET): new endpoint to dump env
+	  [ruby-core:76511] [Bug #12610]
+
 Fri Jul 22 19:55:20 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* vm.c (vm_set_main_stack): remove unnecessary check.  toplevel
diff --git a/lib/webrick/httpservlet/cgihandler.rb b/lib/webrick/httpservlet/cgihandler.rb
index 051bb7cfcc..ba6b0b6032 100644
--- a/lib/webrick/httpservlet/cgihandler.rb
+++ b/lib/webrick/httpservlet/cgihandler.rb
@@ -52,6 +52,7 @@ module WEBrick
           meta = req.meta_vars
           meta["SCRIPT_FILENAME"] = @script_filename
           meta["PATH"] = @config[:CGIPathEnv]
+          meta.delete("HTTP_PROXY")
           if /mswin|bccwin|mingw/ =~ RUBY_PLATFORM
             meta["SystemRoot"] = ENV["SystemRoot"]
           end
diff --git a/test/webrick/test_cgi.rb b/test/webrick/test_cgi.rb
index 9dd6be8155..764c63f325 100644
--- a/test/webrick/test_cgi.rb
+++ b/test/webrick/test_cgi.rb
@@ -114,6 +114,20 @@ class TestWEBrickCGI < Test::Unit::TestCase
     }
   end
 
+  def test_cgi_env
+    start_cgi_server do |server, addr, port, log|
+      http = Net::HTTP.new(addr, port)
+      req = Net::HTTP::Get.new("/webrick.cgi/dumpenv")
+      req['proxy'] = 'http://example.com/'
+      req['hello'] = 'world'
+      http.request(req) do |res|
+        env = Marshal.load(res.body)
+        assert_equal 'world', env['HTTP_HELLO']
+        assert_not_operator env, :include?, 'HTTP_PROXY'
+      end
+    end
+  end
+
   CtrlSeq = [0x7f, *(1..31)].pack("C*").gsub(/\s+/, '')
   CtrlPat = /#{Regexp.quote(CtrlSeq)}/o
   DumpPat = /#{Regexp.quote(CtrlSeq.dump[1...-1])}/o
diff --git a/test/webrick/webrick.cgi b/test/webrick/webrick.cgi
index 43c1af825c..a294fa72f9 100644
--- a/test/webrick/webrick.cgi
+++ b/test/webrick/webrick.cgi
@@ -4,7 +4,9 @@ require "webrick/cgi"
 class TestApp < WEBrick::CGI
   def do_GET(req, res)
     res["content-type"] = "text/plain"
-    if (p = req.path_info) && p.length > 0
+    if req.path_info == "/dumpenv"
+      res.body = Marshal.dump(ENV.to_hash)
+    elsif (p = req.path_info) && p.length > 0
       res.body = p
     elsif (q = req.query).size > 0
       res.body = q.keys.sort.collect{|key|
author	normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-07-22 16:43:12 +0000
committer	normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-07-22 16:43:12 +0000
commit	793772611119dbd63e1e83f83af12c702912ed3a (patch)
tree	4010aedbc93b40fbdec47395577a79c2115d393a
parent	94a989846e9a5259fd7d61e6dbd59bba3bdba8ee (diff)
download	ruby-793772611119dbd63e1e83f83af12c702912ed3a.tar.gz