8000 Make Rack::Lint disallow PATH_INFO="" SCRIPT_NAME="" by jeremyevans · Pull Request #2316 · rack/rack · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Make Rack::Lint disallow PATH_INFO="" SCRIPT_NAME="" #2316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Make Rack::Lint disallow PATH_INFO="" SCRIPT_NAME="" #2316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ All notable changes to this project will be documented in this file. For info on
- Fix `NoMethodError` in `Rack::Request#wrap_ipv6` when `x-forwarded-host` is empty. ([#2270](https://github.com/rack/rack/pull/2270), [@oieioi](https://github.com/oieioi))
- Fix the specification for `SERVER_PORT` which was incorrectly documented as required to be an `Integer` if present - it must be a `String` containing digits only. ([#2296](https://github.com/rack/rack/pull/2296), [@ioquatix])
- `SERVER_NAME` and `HTTP_HOST` are now more strictly validated according to the relevant specifications. ([#2298](https://github.com/rack/rack/pull/2298), [@ioquatix])
- `Rack::Lint` now disallows `PATH_INFO="" SCRIPT_NAME=""`. ([#2298](https://github.com/rack/rack/issues/2307), [@jeremyevans])

## [3.1.12] - 2025-03-11

Expand Down
2 changes: 1 addition & 1 deletion lib/rack/lint.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ def check_environment(env)
end

## and one of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be set, e.g. <tt>PATH_INFO</tt> can be <tt>/</tt> if <tt>SCRIPT_NAME</tt> is empty.
unless env[SCRIPT_NAME] || env[PATH_INFO]
if env[SCRIPT_NAME].to_s.empty? && env[PATH_INFO].to_s.empty?
raise LintError, "One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)"
end

Expand Down
21 changes: 20 additions & 1 deletion test/spec_lint.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,25 @@ def obj.fatal(*) end
}.must_raise(Rack::Lint::LintError).
message.must_match(/One of .* must be set/)

lambda {
Rack::Lint.new(valid_app).call(env("PATH_INFO" => "", "SCRIPT_NAME" => ""))
}.must_raise(Rack::Lint::LintError).
message.must_match(/One of .* must be set/)

lambda {
e = env("PATH_INFO" => "")
e.delete("SCRIPT_NAME")
Rack::Lint.new(valid_app).call(e)
}.must_raise(Rack::Lint::LintError).
message.must_match(/One of .* must be set/)

lambda {
e = env("SCRIPT_NAME" => "")
e.delete("PATH_INFO")
Rack::Lint.new(valid_app).call(e)
}.must_raise(Rack::Lint::LintError).
message.must_match(/One of .* must be set/)

lambda {
Rack::Lint.new(valid_app).call(env("SCRIPT_NAME" => "/"))
}.must_raise(Rack::Lint::LintError).
Expand Down Expand Up @@ -318,7 +337,7 @@ def result.name
end

it "accepts empty PATH_INFO" do
Rack::Lint.new(valid_app).call(env("PATH_INFO" => "")).first.must_equal 200
Rack::Lint.new(valid_app).call(env("PATH_INFO" => "", "SCRIPT_NAME" => "/foo")).first.must_equal 200
end

it "notices request-target asterisk form errors" do
Expand Down
Loading
0