[Jifty-commit] jifty branch, master, updated. jifty-1.10228-11-g533dfea

Jifty commits jifty-commit at lists.jifty.org
Fri Apr 22 22:05:56 EDT 2011 

The branch, master has been updated
       via  533dfeaa305af6fe12ca72a2eb0c6c8b069cd3ea (commit)
       via  1520243fbd2a084d9e0016f2a5c30c8c63a2af31 (commit)
       via  b0677f555b0ed6b5c1c4708b4aa12b5d4fc0646b (commit)
      from  bab8aa1f75ed7c1479516fc39d781a00b891835b (commit)

Summary of changes:
 lib/Jifty/Dispatcher.pm |   11 +++++------
 lib/Jifty/Request.pm    |    7 +++++--
 lib/Jifty/Web.pm        |    6 ++++++
 3 files changed, 16 insertions(+), 8 deletions(-)

- Log -----------------------------------------------------------------
commit b0677f555b0ed6b5c1c4708b4aa12b5d4fc0646b
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Fri Apr 22 16:14:21 2011 -0400

    Move directory traversal check to the more centralized ->render_template

diff --git a/lib/Jifty/Dispatcher.pm b/lib/Jifty/Dispatcher.pm
index 618c214..c911401 100644
--- a/lib/Jifty/Dispatcher.pm
+++ b/lib/Jifty/Dispatcher.pm
@@ -816,12 +816,6 @@ sub _do_show {
     # a relative path, prepend the working directory
     $path = "$self->{cwd}/$path" unless $path =~ m{^/};
 
-    # Check for ../../../../../etc/passwd
-    my $abs_template_path = Jifty::Util->absolute_path( Jifty->config->framework('Web')->{'TemplateRoot'} . $path );
-    my $abs_root_path = Jifty::Util->absolute_path( Jifty->config->framework('Web')->{'TemplateRoot'} );
-    Jifty->web->render_template('/errors/500')
-        if $abs_template_path !~ /^\Q$abs_root_path\E/;
-
     Jifty->web->render_template( $path );
 
     last_rule;
diff --git a/lib/Jifty/Web.pm b/lib/Jifty/Web.pm
index c9a65bc..4eec267 100644
--- a/lib/Jifty/Web.pm
+++ b/lib/Jifty/Web.pm
@@ -967,6 +967,12 @@ sub render_template {
     my $content;
         my $void_context = ( defined wantarray ? 0 :1);
 
+    # Check for ../../../../../etc/passwd
+    my $abs_template_path = Jifty::Util->absolute_path( Jifty->config->framework('Web')->{'TemplateRoot'} . $template );
+    my $abs_root_path = Jifty::Util->absolute_path( Jifty->config->framework('Web')->{'TemplateRoot'} );
+    $template = "/errors/500"
+        if $abs_template_path !~ /^\Q$abs_root_path\E/;
+
     # Look for a possible handler, and cache it for future requests.
     # With DevelMode, always look it up.
     if ( not exists $TEMPLATE_CACHE{$template} or Jifty->config->framework('DevelMode')) {

commit 1520243fbd2a084d9e0016f2a5c30c8c63a2af31
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Fri Apr 22 17:51:15 2011 -0400

    Canonicalize all request paths; this catches fragment requests as well
    
    Previously, the path as passed in the fragment request data structure
    was used verbatim in the dispatcher and other locations.  This possibly
    allowed requests to walk around ACLs by requesting
    '/some/safe/place/../../../dangerous' as a fragment.  As a non-fragment,
    this would have been canonicalized to '/dangerous', but fragment paths
    were not being so canonicalized.

diff --git a/lib/Jifty/Request.pm b/lib/Jifty/Request.pm
index bdeaf9b..d060a5b 100644
--- a/lib/Jifty/Request.pm
+++ b/lib/Jifty/Request.pm
@@ -42,7 +42,10 @@ sub body        { $_[0]->env->{'psgi.input'} }
 sub input       { $_[0]->env->{'psgi.input'} }
 
 sub header { shift->headers->header(@_) }
-sub path { shift->uri->path(@_) }
+sub path {
+    return @_ == 1 ? $_[0]->uri->path
+                   : $_[0]->uri->path( Jifty::Util->canonicalize_path( $_[1], 1 ) )
+}
 sub content_length   { shift->headers->content_length(@_) }
 sub content_type     { shift->headers->content_type(@_) }
 sub referer          { shift->headers->referer(@_) }
@@ -290,7 +293,7 @@ sub from_data_structure {
     my $path = $data->{'path'};
     $path ||= $self->path || '/';
 
-    $self->path( Jifty::Util->canonicalize_path( $path, 1 ) );
+    $self->path( $path );
     $self->just_validating( $data->{validating} ) if $data->{validating};
 
     if ( ref $data->{continuation} eq "HASH" ) {

commit 533dfeaa305af6fe12ca72a2eb0c6c8b069cd3ea
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Fri Apr 22 16:28:55 2011 -0400

    Allow a shortcut around the dispatcher for fragments
    
    Re-dispatching through the application's dispatcher can be a significant
    performance hit on pageregion-heavy pages.  Allow dispatchers to declare
    a fragment_handler method which will be used in place of the full
    dispatcher.
    
    Care must be taken to ensure that this does not allow walking around
    ACLs.  Anything which runs on every request (sessions, Jifty->api
    limiting) will have already run once on the original
    /__jifty/webservices/json request; however, since that page is in no way
    ACL protected by the dispatcher, a fragment_handler method which does
    not adequately express the ACL checks of the rest of the dispatcher is a
    security vulnerability.  Whitelisting, rather than blacklisting, is most
    likely the correct course of action.

diff --git a/lib/Jifty/Dispatcher.pm b/lib/Jifty/Dispatcher.pm
index c911401..f4ec962 100644
--- a/lib/Jifty/Dispatcher.pm
+++ b/lib/Jifty/Dispatcher.pm
@@ -498,6 +498,11 @@ sub handle_request {
     local $SIG{__DIE__} = 'DEFAULT';
     local $Request = Jifty->web->request;
 
+    my $handler = $Dispatcher->can("fragment_handler");
+    if ($Request->is_subrequest and $handler) {
+        $handler->();
+        return undef;
+    }
     eval {
          $Dispatcher->_do_dispatch( Jifty->web->request->path);
     };

-----------------------------------------------------------------------

More information about the Jifty-commit mailing list