Merge cgi-0.4.2

hsbt · nagachika · commit ecb9f7ef372c · 2025-03-08T16:27:22.000+09:00
diff --git a/lib/cgi.rb b/lib/cgi.rb
@@ -288,7 +288,7 @@
 #
 
 class CGI
-  VERSION = "0.4.1"
+  VERSION = "0.4.2"
 end
 
 require 'cgi/core'
diff --git a/lib/cgi/cgi.gemspec b/lib/cgi/cgi.gemspec
@@ -25,7 +25,8 @@ Gem::Specification.new do |spec|
   spec.executables   = []
 
   spec.files = [
-    "LICENSE.txt",
+    "COPYING",
+    "BSDL",
     "README.md",
     *Dir["lib{.rb,/**/*.rb}", "bin/*"]  ]
 
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
-          values = cookies[name].value + values
+          cookies[name].concat(values)
+        else
+          cookies[name] = Cookie.new(name, *values)
         end
-        cookies[name] = Cookie.new(name, *values)
       end
 
       cookies
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
@@ -11,7 +11,10 @@
 # cgi/session.rb for more details on session storage managers.
 
 require_relative '../session'
-require 'pstore'
+begin
+  require 'pstore'
+rescue LoadError
+end
 
 class CGI
   class Session
@@ -82,7 +85,7 @@ def delete
         File::unlink path
       end
 
-    end
+    end if defined?(::PStore)
   end
 end
 # :enddoc:
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
@@ -184,7 +184,7 @@ def unescapeHTML(string)
   def escapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
     unless elements.empty?
-      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
+      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
         CGI.escapeHTML($&)
       end
     else
@@ -204,7 +204,7 @@ def escapeElement(string, *elements)
   def unescapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
     unless elements.empty?
-      string.gsub(/&lt;\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?&gt;/i) do
+      string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
         unescapeHTML($&)
       end
     else
diff --git a/test/cgi/test_cgi_session.rb b/test/cgi/test_cgi_session.rb
@@ -91,7 +91,7 @@ def test_cgi_session_pstore
     assert_equal(value1,session["key1"])
     assert_equal(value2,session["key2"])
     session.close
-  end
+  end if defined?(::PStore)
   def test_cgi_session_specify_session_id
     update_env(
       'REQUEST_METHOD'  => 'GET',
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
@@ -269,6 +269,14 @@ def test_cgi_escapeElement
     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"]))
     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<BR><A HREF="url"></A>', "A", "IMG"))
     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<BR><A HREF="url"></A>', ["A", "IMG"]))
+
+    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<A <A HREF="url"></A>', "A", "IMG"))
+    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<A <A HREF="url"></A>', ["A", "IMG"]))
+    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<A <A HREF="url"></A>', "A", "IMG"))
+    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<A <A HREF="url"></A>', ["A", "IMG"]))
+
+    assert_equal("&lt;A &lt;A ", escapeElement('<A <A ', "A", "IMG"))
+    assert_equal("&lt;A &lt;A ", escapeElement('<A <A ', ["A", "IMG"]))
   end
 
 
@@ -277,6 +285,16 @@ def test_cgi_unescapeElement
     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescapeElement(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG"))
     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
+
+    assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
+    assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
+    assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
+    assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
+
+    assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), "A", "IMG"))
+    assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), ["A", "IMG"]))
+    assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), "A", "IMG"))
+    assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), ["A", "IMG"]))
   end
 end
 

Original file line number	Diff line number	Diff line change
`@@ -288,7 +288,7 @@`
`288`	`288`	`#`
`289`	`289`
`290`	`290`	`class CGI`
`291`		`- VERSION = "0.4.1"`
	`291`	`+ VERSION = "0.4.2"`
`292`	`292`	`end`
`293`	`293`
`294`	`294`	`require 'cgi/core'`