diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | lib/cgi/core.rb | 2 | ||||
-rw-r--r-- | lib/cgi/session.rb | 6 | ||||
-rw-r--r-- | test/cgi/test_cgi_session.rb | 76 |
4 files changed, 90 insertions, 3 deletions
@@ -1,3 +1,12 @@ +Thu Dec 18 21:12:28 2008 Takeyuki FUJIOKA <xibbar@ruby-lang.org> + + * lib/cgi/session.rb: fix bug for ignore session_id option. + report from [ruby-core:18635], [Bug #572] + + * lib/cgi/core.rb: use Encoding#find when encoding set. + + * test/cgi/test_cgi_session.rb: test for session_id specified. + Thu Dec 18 17:00:56 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * hash.c (rb_hash_aset): string key copying only happen if key is diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb index 87c4f68540..779f326a19 100644 --- a/lib/cgi/core.rb +++ b/lib/cgi/core.rb @@ -590,7 +590,7 @@ class CGI read_from_cmdline end.dup.force_encoding(@accept_charset) ) - unless @accept_charset=~/ASCII-8BIT/i || @accept_charset==Encoding::ASCII_8BIT + unless Encoding.find(@accept_charset) == Encoding::ASCII_8BIT @params.each do |key,values| values.each do |value| unless value.valid_encoding? diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb index 063d910856..2b5aa846d9 100644 --- a/lib/cgi/session.rb +++ b/lib/cgi/session.rb @@ -188,7 +188,6 @@ class CGI md5.update('foobar') session_id = md5.hexdigest end - @new_session = true session_id end private :create_new_id @@ -256,6 +255,7 @@ class CGI unless session_id if option['new_session'] session_id = create_new_id + @new_session = true end end unless session_id @@ -271,6 +271,7 @@ class CGI raise ArgumentError, "session_key `%s' should be supplied"%session_key end session_id = create_new_id + @new_session = true end end @session_id = session_id @@ -281,7 +282,8 @@ class CGI unless option.fetch('new_session', true) raise ArgumentError, "invalid session_id `%s'"%session_id end - session_id = @session_id = create_new_id + session_id = @session_id = create_new_id unless session_id + @new_session=true retry end request.instance_eval do diff --git a/test/cgi/test_cgi_session.rb b/test/cgi/test_cgi_session.rb index 621674980e..4fcb936d4e 100644 --- a/test/cgi/test_cgi_session.rb +++ b/test/cgi/test_cgi_session.rb @@ -91,7 +91,83 @@ class CGISessionTest < Test::Unit::TestCase assert_equal(value1,session["key1"]) assert_equal(value2,session["key2"]) session.close + end + def test_cgi_session_specify_session_id + @environ = { + 'REQUEST_METHOD' => 'GET', + # 'QUERY_STRING' => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F', + # 'HTTP_COOKIE' => '_session_id=12345; name1=val1&val2;', + 'SERVER_SOFTWARE' => 'Apache 2.2.0', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + } + value1="value1" + value2="\x8F\xBC\x8D]" + value2.force_encoding("SJIS") if RUBY_VERSION>="1.9" + ENV.update(@environ) + cgi = CGI.new + session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_id"=>"foo") + session["key1"]=value1 + session["key2"]=value2 + assert_equal(value1,session["key1"]) + assert_equal(value2,session["key2"]) + assert_equal("foo",session.session_id) + session_id=session.session_id + session.close + $stdout = StringIO.new + cgi.out{""} + @environ = { + 'REQUEST_METHOD' => 'GET', + # 'HTTP_COOKIE' => "_session_id=#{session_id}", + 'QUERY_STRING' => "_session_id=#{session.session_id}", + 'SERVER_SOFTWARE' => 'Apache 2.2.0', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + } + ENV.update(@environ) + cgi = CGI.new + session = CGI::Session.new(cgi,"tmpdir"=>@session_dir) + $stdout = StringIO.new + assert_equal(value1,session["key1"]) + assert_equal(value2,session["key2"]) + assert_equal("foo",session.session_id) + session.close + end + def test_cgi_session_specify_session_key + @environ = { + 'REQUEST_METHOD' => 'GET', + # 'QUERY_STRING' => 'id=123&id=456&id=&str=%40h+%3D%7E+%2F%5E%24%2F', + # 'HTTP_COOKIE' => '_session_id=12345; name1=val1&val2;', + 'SERVER_SOFTWARE' => 'Apache 2.2.0', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + } + value1="value1" + value2="\x8F\xBC\x8D]" + value2.force_encoding("SJIS") if RUBY_VERSION>="1.9" + ENV.update(@environ) + cgi = CGI.new + session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar") + session["key1"]=value1 + session["key2"]=value2 + assert_equal(value1,session["key1"]) + assert_equal(value2,session["key2"]) + session_id=session.session_id + session.close + $stdout = StringIO.new + cgi.out{""} + @environ = { + 'REQUEST_METHOD' => 'GET', + 'HTTP_COOKIE' => "bar=#{session_id}", + # 'QUERY_STRING' => "bar=#{session.session_id}", + 'SERVER_SOFTWARE' => 'Apache 2.2.0', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + } + ENV.update(@environ) + cgi = CGI.new + session = CGI::Session.new(cgi,"tmpdir"=>@session_dir,"session_key"=>"bar") + $stdout = StringIO.new + assert_equal(value1,session["key1"]) + assert_equal(value2,session["key2"]) + session.close end end |