[Jifty-commit] r6214 - in jifty/trunk: lib/Jifty lib/Jifty/Plugin/REST
Jifty commits
jifty-commit at lists.jifty.org
Thu Jan 8 18:18:34 EST 2009
Author: alexmv
Date: Thu Jan 8 18:18:33 2009
New Revision: 6214
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Dispatcher.pm
jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
jifty/trunk/lib/Jifty/Request.pm
Log:
r40369 at kohr-ah: chmrr | 2009-01-08 18:17:42 -0500
* Record request method on the request object. This is so a POST
request with an action, which is redirected to a new URL in a
before {} block, doesn't show the user an obscure 'Action denied'
message. Since the original request with the action was a POST
request, it is _not_ a cross-site scripting vulnerability.
Modified: jifty/trunk/lib/Jifty/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Dispatcher.pm Thu Jan 8 18:18:33 2009
@@ -962,8 +962,8 @@
sub _match_method {
my ( $self, $method ) = @_;
- #$self->log->debug("Matching URL $ENV{REQUEST_METHOD} against ".$method);
- lc( $ENV{REQUEST_METHOD} ) eq lc($method);
+ #$self->log->debug("Matching method ".request->request_method." against ".$method);
+ lc( request->request_method ) eq lc($method);
}
=head2 _match_https
Modified: jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm Thu Jan 8 18:18:33 2009
@@ -20,7 +20,7 @@
};
before POST qr{^ (/=/ .*) ! (DELETE|PUT|GET|POST|OPTIONS|HEAD|TRACE|CONNECT) $}x => run {
- $ENV{REQUEST_METHOD} = $2;
+ request->request_method($2);
$ENV{REST_REWROTE_METHOD} = 1;
dispatch $1;
};
@@ -744,7 +744,7 @@
# CGI.pm doesn't handle form encoded data in PUT requests, so we have
# to read the request body from PUTDATA and have CGI.pm parse it
- if ( $ENV{'REQUEST_METHOD'} eq 'PUT'
+ if ( Jifty->web->request->request_method eq 'PUT'
and ( $ENV{'CONTENT_TYPE'} =~ m|^application/x-www-form-urlencoded$|
or $ENV{'CONTENT_TYPE'} =~ m|^multipart/form-data$| ) )
{
@@ -766,7 +766,7 @@
}
}
- $ENV{REQUEST_METHOD} = 'POST';
+ Jifty->web->request->request_method('POST');
dispatch '/=/action/' . action( $prefix . $class );
}
Modified: jifty/trunk/lib/Jifty/Request.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Request.pm (original)
+++ jifty/trunk/lib/Jifty/Request.pm Thu Jan 8 18:18:33 2009
@@ -4,7 +4,7 @@
package Jifty::Request;
use base qw/Jifty::Object Class::Accessor::Fast/;
-__PACKAGE__->mk_accessors(qw(_top_request arguments template_arguments just_validating path continuation_id future_continuation_id continuation_type continuation_path));
+__PACKAGE__->mk_accessors(qw(_top_request arguments template_arguments just_validating path continuation_id future_continuation_id continuation_type continuation_path request_method));
use Jifty::JSON;
use Jifty::YAML;
@@ -117,6 +117,9 @@
my $self = shift;
my ($cgi) = @_;
+ # Store away request method
+ $self->request_method( $cgi->request_method );
+
# Grab content type and posted data, if any
my $ct = $ENV{"CONTENT_TYPE"};
my $data = $cgi->param('POSTDATA');
More information about the Jifty-commit
mailing list