[Jifty-commit] r6214 - in jifty/trunk: lib/Jifty lib/Jifty/Plugin/REST

Jifty commits jifty-commit at lists.jifty.org
Thu Jan 8 18:18:34 EST 2009


Author: alexmv
Date: Thu Jan  8 18:18:33 2009
New Revision: 6214

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/lib/Jifty/Dispatcher.pm
   jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
   jifty/trunk/lib/Jifty/Request.pm

Log:
 r40369 at kohr-ah:  chmrr | 2009-01-08 18:17:42 -0500
  * Record request method on the request object.  This is so a POST
    request with an action, which is redirected to a new URL in a
    before {} block, doesn't show the user an obscure 'Action denied'
    message.  Since the original request with the action was a POST
    request, it is _not_ a cross-site scripting vulnerability.


Modified: jifty/trunk/lib/Jifty/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Dispatcher.pm	(original)
+++ jifty/trunk/lib/Jifty/Dispatcher.pm	Thu Jan  8 18:18:33 2009
@@ -962,8 +962,8 @@
 
 sub _match_method {
     my ( $self, $method ) = @_;
-    #$self->log->debug("Matching URL $ENV{REQUEST_METHOD} against ".$method);
-    lc( $ENV{REQUEST_METHOD} ) eq lc($method);
+    #$self->log->debug("Matching method ".request->request_method." against ".$method);
+    lc( request->request_method ) eq lc($method);
 }
 
 =head2 _match_https

Modified: jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	Thu Jan  8 18:18:33 2009
@@ -20,7 +20,7 @@
 };
 
 before POST qr{^ (/=/ .*) ! (DELETE|PUT|GET|POST|OPTIONS|HEAD|TRACE|CONNECT) $}x => run {
-    $ENV{REQUEST_METHOD} = $2;
+    request->request_method($2);
     $ENV{REST_REWROTE_METHOD} = 1;
     dispatch $1;
 };
@@ -744,7 +744,7 @@
     
     # CGI.pm doesn't handle form encoded data in PUT requests, so we have
     # to read the request body from PUTDATA and have CGI.pm parse it
-    if (    $ENV{'REQUEST_METHOD'} eq 'PUT'
+    if ( Jifty->web->request->request_method eq 'PUT'
         and (   $ENV{'CONTENT_TYPE'} =~ m|^application/x-www-form-urlencoded$|
               or $ENV{'CONTENT_TYPE'} =~ m|^multipart/form-data$| ) )
     {
@@ -766,7 +766,7 @@
         }
     }
 
-    $ENV{REQUEST_METHOD} = 'POST';
+    Jifty->web->request->request_method('POST');
     dispatch '/=/action/' . action( $prefix . $class );
 }
 

Modified: jifty/trunk/lib/Jifty/Request.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Request.pm	(original)
+++ jifty/trunk/lib/Jifty/Request.pm	Thu Jan  8 18:18:33 2009
@@ -4,7 +4,7 @@
 package Jifty::Request;
 
 use base qw/Jifty::Object Class::Accessor::Fast/;
-__PACKAGE__->mk_accessors(qw(_top_request arguments template_arguments just_validating path continuation_id future_continuation_id continuation_type continuation_path));
+__PACKAGE__->mk_accessors(qw(_top_request arguments template_arguments just_validating path continuation_id future_continuation_id continuation_type continuation_path request_method));
 
 use Jifty::JSON;
 use Jifty::YAML;
@@ -117,6 +117,9 @@
     my $self = shift;
     my ($cgi) = @_;
 
+    # Store away request method
+    $self->request_method( $cgi->request_method );
+
     # Grab content type and posted data, if any
     my $ct   = $ENV{"CONTENT_TYPE"};
     my $data = $cgi->param('POSTDATA');


More information about the Jifty-commit mailing list