青山です。

NIFTY で ZnZ <VFC04155 / nifty.ne.jp> さんより報告があり、cgi-lib.rb の
フォームデータの split と、cookie の expires の生成に問題がある事がわ
かりました。cgi.rb は問題ありません。


--- cgi-lib.rb.org	Mon Oct  4 16:29:35 1999
+++ cgi-lib.rb	Mon Oct  4 16:37:48 1999
@@ -117,6 +117,17 @@
   LF  = "\012"
   EOL = CR + LF
 
+  RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
+  RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
+
+  # make rfc1123 date string
+  def rfc1123_date(time)
+    t = time.clone.gmtime
+    return format("%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
+                RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
+                t.hour, t.min, t.sec)
+  end
+
   # escape url encode
   def escape(str)
     str.gsub(/[^a-zA-Z0-9_\-.]/n){ sprintf("%%%02X", $&.unpack("C")[0]) }
@@ -132,7 +143,7 @@
     str.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
   end
 
-  module_function :escape, :unescape, :escapeHTML
+  module_function :escape, :unescape, :escapeHTML, :rfc1123_date
 
   # offline mode. read name=value pairs on standard input.
   def read_from_cmdline
@@ -160,7 +171,7 @@
       input.read(Integer(ENV['CONTENT_LENGTH'])) or ""
     else
       read_from_cmdline
-    end.split(/&/).each do |x|
+    end.split(/[&;]/).each do |x|
       key, val = x.split(/=/,2).collect{|x|unescape(x)}
       if @inputs.include?(key)
         @inputs[key] += "\0" + (val or "")
@@ -201,7 +212,7 @@
     "Set-Cookie: " + options['name'] + '=' + escape(options['value']) +
     (options['domain']  ? '; domain='  + options['domain'] : '') +
     (options['path']    ? '; path='    + options['path']   : '') +
-    (options['expires'] ? '; expires=' + options['expires'].strftime("%a, %d %b %Y %X %Z") : '') +
+    (options['expires'] ? '; expires=' + rfc1123_date(options['expires']) : '') +
     (options['secure']  ? '; secure' : '')
   end
 
@@ -218,7 +229,7 @@
     else
       if options.delete("nph") or (ENV['SERVER_SOFTWARE'] =~ /IIS/)
         [(ENV['SERVER_PROTOCOL'] or "HTTP/1.0") + " 200 OK",
-         "Date: " + Time.now.gmtime.strftime("%a, %d %b %Y %X %Z"),
+         "Date: " + rfc1123_date(Time.now),
          "Server: " + (ENV['SERVER_SOFTWARE'] or ""),
          "Connection: close"] +
         (options.empty? ? ["Content-Type: text/html"] : options)


-- 
青山 和光 Wakou Aoyama <wakou / fsinet.or.jp>