[DRE-commits] [ruby-rack] 03/06: refresh patches
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Thu Aug 6 08:38:41 UTC 2015
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository ruby-rack.
commit 8cde17aaffd43b4493f2e0a5665a17430a03b4a5
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date: Thu Aug 6 13:57:58 2015 +0530
refresh patches
---
debian/patches/0001-Fix-Params_Depth.patch | 63 +++---------------------------
1 file changed, 6 insertions(+), 57 deletions(-)
diff --git a/debian/patches/0001-Fix-Params_Depth.patch b/debian/patches/0001-Fix-Params_Depth.patch
index c6f68af..39891fa 100644
--- a/debian/patches/0001-Fix-Params_Depth.patch
+++ b/debian/patches/0001-Fix-Params_Depth.patch
@@ -12,63 +12,12 @@ Conflicts:
test/spec_utils.rb | 12 ++++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
-diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
-index 6576dd2..4656f4a 100644
---- a/lib/rack/utils.rb
-+++ b/lib/rack/utils.rb
-@@ -49,12 +49,17 @@ module Rack
-
- class << self
- attr_accessor :key_space_limit
-+ attr_accessor :param_depth_limit
- end
-
- # The default number of bytes to allow parameter keys to take up.
- # This helps prevent a rogue client from flooding a Request.
- self.key_space_limit = 65536
-
-+ # Default depth at which the parameter parser will raise an exception for
-+ # being too deep. This helps prevent SystemStackErrors
-+ self.param_depth_limit = 100
-+
- # Stolen from Mongrel, with some small modifications:
- # Parses a query string by breaking it up at the '&'
- # and ';' characters. You can also use this to parse
-@@ -94,7 +99,9 @@ module Rack
- end
- module_function :parse_nested_query
-
-- def normalize_params(params, name, v = nil)
-+ def normalize_params(params, name, v = nil, depth = Utils.param_depth_limit)
-+ raise RangeError if depth <= 0
-+
- name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
- k = $1 || ''
- after = $' || ''
-@@ -112,14 +119,14 @@ module Rack
- params[k] ||= []
- raise TypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
- if params_hash_type?(params[k].last) && !params[k].last.key?(child_key)
-- normalize_params(params[k].last, child_key, v)
-+ normalize_params(params[k].last, child_key, v, depth - 1)
- else
-- params[k] << normalize_params(params.class.new, child_key, v)
-+ params[k] << normalize_params(params.class.new, child_key, v, depth - 1)
- end
- else
- params[k] ||= params.class.new
- raise TypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
-- params[k] = normalize_params(params[k], after, v)
-+ params[k] = normalize_params(params[k], after, v, depth - 1)
- end
-
- return params
-diff --git a/test/spec_utils.rb b/test/spec_utils.rb
-index 69e3fbb..ac1e003 100644
---- a/test/spec_utils.rb
-+++ b/test/spec_utils.rb
-@@ -114,6 +114,18 @@ describe Rack::Utils do
- Rack::Utils.parse_query("foo%3Dbaz=bar").should.equal "foo=baz" => "bar"
+Index: ruby-rack/test/spec_utils.rb
+===================================================================
+--- ruby-rack.orig/test/spec_utils.rb
++++ ruby-rack/test/spec_utils.rb
+@@ -146,6 +146,18 @@ describe Rack::Utils do
+ }.should.not.raise
end
+ should "raise an exception if the params are too deep" do
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-rack.git
More information about the Pkg-ruby-extras-commits
mailing list