mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Split the CGI input module into one module per method and Content-Type. In the process, added support for MIME multipart POST, so in theory we now support file upload too.

This commit is contained in:
ian%hixie.ch 2002-09-05 16:18:38 +00:00
Родитель 600cc07fd8
Коммит fc4d9d8029
4 изменённых файлов: 256 добавлений и 82 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

123
webtools/PLIF/PLIF/Input/CGI.pm
Просмотреть файл

@ -33,17 +33,10 @@ use PLIF::Input::Arguments;
@ISA = qw(PLIF::Input::Arguments);
1;
# Don't forget to put this module ABOVE the "CommandLine" module!
# The CommandLine module can't tell the difference between a keyword
# query and real command line.
# XXX should split this up into one CGI module per request method
sub init {
my $self = shift;
my($app) = @_;
require MIME::Base64; import MIME::Base64; # DEPENDENCY
require MIME::Parser; import MIME::Parser; # DEPENDENCY
$self->SUPER::init(@_);
}
@ -79,81 +72,6 @@ sub splitArguments {
$self->registerPropertyAsMetaData('acceptCharset', 'HTTP_ACCEPT_CHARSET');
$self->registerPropertyAsMetaData('acceptEncoding', 'HTTP_ACCEPT_ENCODING');
$self->registerPropertyAsMetaData('acceptLanguage', 'HTTP_ACCEPT_LANGUAGE');
# decode the arguments
my $method = $ENV{'REQUEST_METHOD'} || '';
if ($method eq 'POST') {
local $/ = undef;
$ENV{'QUERY_STRING'} = <STDIN>;
$method = 'GET';
}
if ($method eq 'GET') {
if (defined($ENV{'QUERY_STRING'})) {
foreach my $argument (split(/&/o, $ENV{'QUERY_STRING'})) {
if ($argument =~ /^(.*?)(?:=(.*))?$/os) {
my $name = $1;
my $value = $2;
# decode the strings
foreach my $string ($name, $value) {
if (defined($string)) {
$string =~ tr/+/ /; # convert + to spaces
$string =~ s/% # a percent symbol
( # followed by
[0-9A-Fa-f]{2} # 2 hexidecimal characters
) # which we shall put in $1
/chr(hex($1)) # and convert back into a character
/egox; # (evaluate, globally, optimised, with comments)
} else {
$string = '';
}
}
$self->addArgument($name, $value);
} else {
$self->warn(2, "argument (|$argument|) did not match regexp (can't happen!)");
}
}
} else {
# XXX no arguments
}
} elsif ($method eq 'POST') {
=wip
# XXX
check CONTENT_TYPE. is it 'application/x-www-form-urlencoded', 'multipart/form-data'?
### Create parser, and set some parsing options:
my $parser = new MIME::Parser;
$parser->output_under("$ENV{HOME}/mimemail");
### Parse input:
my $entity = $parser->parse(\*STDIN);
foreach my $argument (XXX) {
if ($argument =~ /^(.*?)(?:=(.*))?$/os) {
my $name = $1;
my $value = $2;
# decode the strings
foreach my $string ($name, $value) {
if (defined($string)) {
$string =~ tr/+/ /; # convert + to spaces
$string =~ s/% # a percent symbol
( # followed by
[0-9A-Fa-f]{2} # 2 hexidecimal characters
) # which we shall put in $1
/chr(hex($1)) # and convert back into a character
/egox; # (evaluate, globally, optimised, with comments)
} else {
$string = '';
}
}
$self->addArgument($name, $value);
} else {
$self->warn(2, "argument (|$argument|) did not match regexp (can't happen!)");
}
=cut
} else {
# should also deal with HTTP HEAD, PUT, etc, here XXX
}
# decode username and password data
if (defined($ENV{'HTTP_AUTHORIZATION'})) {
if ($self->HTTP_AUTHORIZATION =~ /^Basic +(.*)$/os) {
@ -165,6 +83,47 @@ sub splitArguments {
# Some other authentication scheme
}
}
# decode the arguments
$self->decodeHTTPArguments;
}
sub decodeHTTPArguments {
my $self = shift;
$self->notImplemented();
}
# Takes as input a string encoded as per the
# application/x-www-form-urlencoded
# ...format, and a coderef to a routine expecting a key/value pair.
# Typically, the coderef will be sub { $self->addArgument(@_); }
# This is used by several methods, including GET, HEAD and one POST.
sub splitURLEncodedForm {
my $self = shift;
my($input, $output) = @_;
use re 'taint'; # don't untaint stuff
foreach my $argument (split(/&/o, $input)) {
if ($argument =~ /^(.*?)(?:=(.*))?$/os) {
my $name = $1;
my $value = $2;
# decode the strings
foreach my $string ($name, $value) {
if (defined($string)) {
$string =~ tr/+/ /; # convert + to spaces
$string =~ s/% # a percent symbol
( # followed by
[0-9A-Fa-f]{2} # 2 hexidecimal characters
) # which we shall put in $1
/chr(hex($1)) # and convert back into a character
/egox; # (evaluate, globally, optimised, with comments)
} else {
$string = '';
}
}
&$output($name, $value);
} else {
$self->warn(2, "argument (|$argument|) did not match regexp (can't happen!)");
}
}
}
sub setCommandArgument {

50
webtools/PLIF/PLIF/Input/CGI/Get.pm Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# -*- Mode: perl; tab-width: 4; indent-tabs-mode: nil; -*-
#
# This file is MPL/GPL dual-licensed under the following terms:
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.1 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and
# limitations under the License.
#
# The Original Code is PLIF 1.0.
# The Initial Developer of the Original Code is Ian Hickson.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License Version 2 or later (the "GPL"), in
# which case the provisions of the GPL are applicable instead of those
# above. If you wish to allow use of your version of this file only
# under the terms of the GPL and not to allow others to use your
# version of this file under the MPL, indicate your decision by
# deleting the provisions above and replace them with the notice and
# other provisions required by the GPL. If you do not delete the
# provisions above, a recipient may use your version of this file
# under either the MPL or the GPL.
package PLIF::Input::CGI::Get;
use strict;
use vars qw(@ISA);
use PLIF::Input::CGI;
@ISA = qw(PLIF::Input::CGI);
1;
sub applies {
my $class = shift;
return ($class->SUPER::applies(@_) and
defined($ENV{'REQUEST_METHOD'}) and
$ENV{'REQUEST_METHOD'} eq 'GET');
}
sub decodeHTTPArguments {
my $self = shift;
if (defined($ENV{'QUERY_STRING'})) {
$self->splitURLEncodedForm($ENV{'QUERY_STRING'}, sub { $self->addArgument(@_); })
} else {
# XXX no arguments
}
}

115
webtools/PLIF/PLIF/Input/CGI/PostMultipart.pm Normal file
Просмотреть файл

@ -0,0 +1,115 @@
# -*- Mode: perl; tab-width: 4; indent-tabs-mode: nil; -*-
#
# This file is MPL/GPL dual-licensed under the following terms:
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.1 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and
# limitations under the License.
#
# The Original Code is PLIF 1.0.
# The Initial Developer of the Original Code is Ian Hickson.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License Version 2 or later (the "GPL"), in
# which case the provisions of the GPL are applicable instead of those
# above. If you wish to allow use of your version of this file only
# under the terms of the GPL and not to allow others to use your
# version of this file under the MPL, indicate your decision by
# deleting the provisions above and replace them with the notice and
# other provisions required by the GPL. If you do not delete the
# provisions above, a recipient may use your version of this file
# under either the MPL or the GPL.
package PLIF::Input::CGI::PostMultipart;
use strict;
use vars qw(@ISA);
use PLIF::Input::CGI;
@ISA = qw(PLIF::Input::CGI);
1;
sub init {
my $self = shift;
my($app) = @_;
require MIME::Parser; import MIME::Parser; # DEPENDENCY
$self->SUPER::init(@_);
}
sub applies {
my $class = shift;
return ($class->SUPER::applies(@_) and
defined($ENV{'REQUEST_METHOD'}) and
$ENV{'REQUEST_METHOD'} eq 'POST' and
defined($ENV{'CONTENT_TYPE'}) and
$ENV{'CONTENT_TYPE'} =~ m/^multipart\/form-data *;/os);
}
sub decodeHTTPArguments {
my $self = shift;
# initialise the parser
my $parser = MIME::Parser->new();
$parser->decode_headers(1);
# XXX THIS IS PLATFORM SPECIFIC CODE XXX
if ($^O eq 'linux') {
$parser->output_dir('/tmp');
} else {
$self->error(0, "Platform '$^O' not supported yet.");
}
# XXX END OF PLATFORM SPECIFIC CODE XXX
# parse the MIME body
local $/ = undef;
my $entity = $parser->parse_data('Content-Type: ' . $self->CONTENT_TYPE . "\n" .
'Content-Length: ' . $self->CONTENT_LENGTH . "\n" .
"\n" . <STDIN>);
# handle the parts of the MIME body
# read up to 16KB, no more
# this prevents nasty DOS attacks (XXX in theory)
my $maxLength = 16*1024; # XXX HARDCODED CONSTANT ALERT
my $currentSize = 0;
foreach my $part ($entity->parts) {
my $head = $part->head;
if (lc($head->mime_attr('content-disposition')) eq 'form-data') {
# perform I/O
my $data = '';
my $handle = $part->bodyhandle->open("r");
my $readLength = $handle->read($data, $maxLength+1);
$handle->close();
# check we read the data
$self->assert(defined($readLength), 1,
"Something failed while reading input");
# check we are within the limit
$currentSize += $readLength;
$self->assert($currentSize <= $maxLength, 1,
"More than $maxLength bytes of data sent; aborted");
# ok, add string
$self->addArgument($head->mime_attr('content-disposition.name'), $data);
} else {
# not form-data
# XXX over HTTP this should cause a 4xx error not a 5xx error
$self->error(1, 'malformed submission (an entity was not form-data)');
}
}
# store the entity so that we can purge the files later
$self->entity($entity);
}
sub DESTROY {
my $self = shift;
$self->entity->purge();
$self->SUPER::destroy();
}

50
webtools/PLIF/PLIF/Input/CGI/PostURLEncoded.pm Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# -*- Mode: perl; tab-width: 4; indent-tabs-mode: nil; -*-
#
# This file is MPL/GPL dual-licensed under the following terms:
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.1 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and
# limitations under the License.
#
# The Original Code is PLIF 1.0.
# The Initial Developer of the Original Code is Ian Hickson.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License Version 2 or later (the "GPL"), in
# which case the provisions of the GPL are applicable instead of those
# above. If you wish to allow use of your version of this file only
# under the terms of the GPL and not to allow others to use your
# version of this file under the MPL, indicate your decision by
# deleting the provisions above and replace them with the notice and
# other provisions required by the GPL. If you do not delete the
# provisions above, a recipient may use your version of this file
# under either the MPL or the GPL.
package PLIF::Input::CGI::PostURLEncoded;
use strict;
use vars qw(@ISA);
use PLIF::Input::CGI;
@ISA = qw(PLIF::Input::CGI);
1;
sub applies {
my $class = shift;
return ($class->SUPER::applies(@_) and
defined($ENV{'REQUEST_METHOD'}) and
$ENV{'REQUEST_METHOD'} eq 'POST' and
defined($ENV{'CONTENT_TYPE'}) and
$ENV{'CONTENT_TYPE'} eq 'application/x-www-form-urlencoded');
}
sub decodeHTTPArguments {
my $self = shift;
local $/ = undef;
my $input = <STDIN>;
$self->splitURLEncodedForm($input, sub { $self->addArgument(@_); })
}