Edit File by line

# frozen_string_literal: true

[0] Fix | Delete

class CGI

[1] Fix | Delete

module Util; end

[2] Fix | Delete

include Util

[3] Fix | Delete

extend Util

[4] Fix | Delete

end

[5] Fix | Delete

module CGI::Util

[6] Fix | Delete

@@accept_charset="UTF-8" unless defined?(@@accept_charset)

[7] Fix | Delete

# URL-encode a string.

[8] Fix | Delete

# url_encoded_string = CGI.escape("'Stop!' said Fred")

[9] Fix | Delete

# # => "%27Stop%21%27+said+Fred"

[10] Fix | Delete

def escape(string)

[11] Fix | Delete

encoding = string.encoding

[12] Fix | Delete

string.b.gsub(/([^ a-zA-Z0-9_.\-~]+)/) do |m|

[13] Fix | Delete

'%' + m.unpack('H2' * m.bytesize).join('%').upcase

[14] Fix | Delete

end.tr(' ', '+').force_encoding(encoding)

[15] Fix | Delete

end

[16] Fix | Delete

[17] Fix | Delete

# URL-decode a string with encoding(optional).

[18] Fix | Delete

# string = CGI.unescape("%27Stop%21%27+said+Fred")

[19] Fix | Delete

# # => "'Stop!' said Fred"

[20] Fix | Delete

def unescape(string,encoding=@@accept_charset)

[21] Fix | Delete

str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|

[22] Fix | Delete

[m.delete('%')].pack('H*')

[23] Fix | Delete

end.force_encoding(encoding)

[24] Fix | Delete

str.valid_encoding? ? str : str.force_encoding(string.encoding)

[25] Fix | Delete

end

[26] Fix | Delete

[27] Fix | Delete

# The set of special characters and their escaped values

[28] Fix | Delete

TABLE_FOR_ESCAPE_HTML__ = {

[29] Fix | Delete

"'" => ''',

[30] Fix | Delete

'&' => '&',

[31] Fix | Delete

'"' => '"',

[32] Fix | Delete

'<' => '<',

[33] Fix | Delete

'>' => '>',

[34] Fix | Delete

}

[35] Fix | Delete

[36] Fix | Delete

# Escape special characters in HTML, namely '&\"<>

[37] Fix | Delete

# CGI.escapeHTML('Usage: foo "bar" <baz>')

[38] Fix | Delete

# # => "Usage: foo "bar" <baz>"

[39] Fix | Delete

def escapeHTML(string)

[40] Fix | Delete

enc = string.encoding

[41] Fix | Delete

unless enc.ascii_compatible?

[42] Fix | Delete

if enc.dummy?

[43] Fix | Delete

origenc = enc

[44] Fix | Delete

enc = Encoding::Converter.asciicompat_encoding(enc)

[45] Fix | Delete

string = enc ? string.encode(enc) : string.b

[46] Fix | Delete

end

[47] Fix | Delete

table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]

[48] Fix | Delete

string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)

[49] Fix | Delete

string.encode!(origenc) if origenc

[50] Fix | Delete

return string

[51] Fix | Delete

end

[52] Fix | Delete

string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)

[53] Fix | Delete

end

[54] Fix | Delete

[55] Fix | Delete

begin

[56] Fix | Delete

require 'cgi/escape'

[57] Fix | Delete

rescue LoadError

[58] Fix | Delete

end

[59] Fix | Delete

[60] Fix | Delete

# Unescape a string that has been HTML-escaped

[61] Fix | Delete

# CGI.unescapeHTML("Usage: foo "bar" <baz>")

[62] Fix | Delete

# # => "Usage: foo \"bar\" <baz>"

[63] Fix | Delete

def unescapeHTML(string)

[64] Fix | Delete

enc = string.encoding

[65] Fix | Delete

unless enc.ascii_compatible?

[66] Fix | Delete

if enc.dummy?

[67] Fix | Delete

origenc = enc

[68] Fix | Delete

enc = Encoding::Converter.asciicompat_encoding(enc)

[69] Fix | Delete

string = enc ? string.encode(enc) : string.b

[70] Fix | Delete

end

[71] Fix | Delete

string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do

[72] Fix | Delete

case $1.encode(Encoding::US_ASCII)

[73] Fix | Delete

when 'apos' then "'".encode(enc)

[74] Fix | Delete

when 'amp' then '&'.encode(enc)

[75] Fix | Delete

when 'quot' then '"'.encode(enc)

[76] Fix | Delete

when 'gt' then '>'.encode(enc)

[77] Fix | Delete

when 'lt' then '<'.encode(enc)

[78] Fix | Delete

when /\A#0*(\d+)\z/ then $1.to_i.chr(enc)

[79] Fix | Delete

when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc)

[80] Fix | Delete

end

[81] Fix | Delete

end

[82] Fix | Delete

string.encode!(origenc) if origenc

[83] Fix | Delete

return string

[84] Fix | Delete

end

[85] Fix | Delete

return string unless string.include? '&'

[86] Fix | Delete

charlimit = case enc

[87] Fix | Delete

when Encoding::UTF_8; 0x10ffff

[88] Fix | Delete

when Encoding::ISO_8859_1; 256

[89] Fix | Delete

else 128

[90] Fix | Delete

end

[91] Fix | Delete

string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do

[92] Fix | Delete

match = $1.dup

[93] Fix | Delete

case match

[94] Fix | Delete

when 'apos' then "'"

[95] Fix | Delete

when 'amp' then '&'

[96] Fix | Delete

when 'quot' then '"'

[97] Fix | Delete

when 'gt' then '>'

[98] Fix | Delete

when 'lt' then '<'

[99] Fix | Delete

when /\A#0*(\d+)\z/

[100] Fix | Delete

n = $1.to_i

[101] Fix | Delete

if n < charlimit

[102] Fix | Delete

n.chr(enc)

[103] Fix | Delete

else

[104] Fix | Delete

"&##{$1};"

[105] Fix | Delete

end

[106] Fix | Delete

when /\A#x([0-9a-f]+)\z/i

[107] Fix | Delete

n = $1.hex

[108] Fix | Delete

if n < charlimit

[109] Fix | Delete

n.chr(enc)

[110] Fix | Delete

else

[111] Fix | Delete

"&#x#{$1};"

[112] Fix | Delete

end

[113] Fix | Delete

else

[114] Fix | Delete

"&#{match};"

[115] Fix | Delete

end

[116] Fix | Delete

end

[117] Fix | Delete

end

[118] Fix | Delete

[119] Fix | Delete

# Synonym for CGI.escapeHTML(str)

[120] Fix | Delete

alias escape_html escapeHTML

[121] Fix | Delete

[122] Fix | Delete

# Synonym for CGI.unescapeHTML(str)

[123] Fix | Delete

alias unescape_html unescapeHTML

[124] Fix | Delete

[125] Fix | Delete

# Escape only the tags of certain HTML elements in +string+.

[126] Fix | Delete

[127] Fix | Delete

# Takes an element or elements or array of elements. Each element

[128] Fix | Delete

# is specified by the name of the element, without angle brackets.

[129] Fix | Delete

# This matches both the start and the end tag of that element.

[130] Fix | Delete

# The attribute list of the open tag will also be escaped (for

[131] Fix | Delete

# instance, the double-quotes surrounding attribute values).

[132] Fix | Delete

[133] Fix | Delete

# print CGI.escapeElement(' <A HREF="url"></A>', "A", "IMG")

[134] Fix | Delete

# # " <A HREF="url"></A&gt"

[135] Fix | Delete

[136] Fix | Delete

# print CGI.escapeElement(' <A HREF="url"></A>', ["A", "IMG"])

[137] Fix | Delete

# # " <A HREF="url"></A&gt"

[138] Fix | Delete

def escapeElement(string, *elements)

[139] Fix | Delete

elements = elements[0] if elements[0].kind_of?(Array)

[140] Fix | Delete

unless elements.empty?

[141] Fix | Delete

string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do

[142] Fix | Delete

CGI.escapeHTML($&)

[143] Fix | Delete

end

[144] Fix | Delete

else

[145] Fix | Delete

string

[146] Fix | Delete

end

[147] Fix | Delete

end

[148] Fix | Delete

[149] Fix | Delete

# Undo escaping such as that done by CGI.escapeElement()

[150] Fix | Delete

[151] Fix | Delete

# print CGI.unescapeElement(

[152] Fix | Delete

# CGI.escapeHTML(' <A HREF="url"></A>'), "A", "IMG")

[153] Fix | Delete

# # " <A HREF="url"></A>"

[154] Fix | Delete

[155] Fix | Delete

# print CGI.unescapeElement(

[156] Fix | Delete

# CGI.escapeHTML(' <A HREF="url"></A>'), ["A", "IMG"])

[157] Fix | Delete

# # " <A HREF="url"></A>"

[158] Fix | Delete

def unescapeElement(string, *elements)

[159] Fix | Delete

elements = elements[0] if elements[0].kind_of?(Array)

[160] Fix | Delete

unless elements.empty?

[161] Fix | Delete

string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do

[162] Fix | Delete

unescapeHTML($&)

[163] Fix | Delete

end

[164] Fix | Delete

else

[165] Fix | Delete

string

[166] Fix | Delete

end

[167] Fix | Delete

end

[168] Fix | Delete

[169] Fix | Delete

# Synonym for CGI.escapeElement(str)

[170] Fix | Delete

alias escape_element escapeElement

[171] Fix | Delete

[172] Fix | Delete

# Synonym for CGI.unescapeElement(str)

[173] Fix | Delete

alias unescape_element unescapeElement

[174] Fix | Delete

[175] Fix | Delete

# Abbreviated day-of-week names specified by RFC 822

[176] Fix | Delete

RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]

[177] Fix | Delete

[178] Fix | Delete

# Abbreviated month names specified by RFC 822

[179] Fix | Delete

RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]

[180] Fix | Delete

[181] Fix | Delete

# Format a +Time+ object as a String using the format specified by RFC 1123.

[182] Fix | Delete

[183] Fix | Delete

# CGI.rfc1123_date(Time.now)

[184] Fix | Delete

# # Sat, 01 Jan 2000 00:00:00 GMT

[185] Fix | Delete

def rfc1123_date(time)

[186] Fix | Delete

t = time.clone.gmtime

[187] Fix | Delete

return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",

[188] Fix | Delete

RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,

[189] Fix | Delete

t.hour, t.min, t.sec)

[190] Fix | Delete

end

[191] Fix | Delete

[192] Fix | Delete

# Prettify (indent) an HTML string.

[193] Fix | Delete

[194] Fix | Delete

# +string+ is the HTML string to indent. +shift+ is the indentation

[195] Fix | Delete

# unit to use; it defaults to two spaces.

[196] Fix | Delete

[197] Fix | Delete

# print CGI.pretty("<HTML><BODY></BODY></HTML>")

[198] Fix | Delete

# # <HTML>

[199] Fix | Delete

# # <BODY>

[200] Fix | Delete

# # </BODY>

[201] Fix | Delete

# # </HTML>

[202] Fix | Delete

[203] Fix | Delete

# print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")

[204] Fix | Delete

# # <HTML>

[205] Fix | Delete

# # <BODY>

[206] Fix | Delete

# # </BODY>

[207] Fix | Delete

# # </HTML>

[208] Fix | Delete

[209] Fix | Delete

def pretty(string, shift = " ")

[210] Fix | Delete

lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n")

[211] Fix | Delete

end_pos = 0

[212] Fix | Delete

while end_pos = lines.index(/^<\/(\w+)/, end_pos)

[213] Fix | Delete

element = $1.dup

[214] Fix | Delete

start_pos = lines.rindex(/^\s*<#{element}/i, end_pos)

[215] Fix | Delete

lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__"

[216] Fix | Delete

end

[217] Fix | Delete

lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')

[218] Fix | Delete

end

[219] Fix | Delete

[220] Fix | Delete

alias h escapeHTML

[221] Fix | Delete

end

[222] Fix | Delete

[223] Fix | Delete