diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-05-18 06:24:50 +0000 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-05-18 06:24:50 +0000 |
| commit | d2ed32d5929f9d837280e2354e9a7e5c99fc445f (patch) | |
| tree | 7ac2c4e932b825d2874b0bedc6e2a7766ac3d71a /actionpack/lib/action_controller/cgi_ext | |
| parent | b6541b8dcc6df9c92d946e1f76ec03f448d7fba4 (diff) | |
| download | rails-d2ed32d5929f9d837280e2354e9a7e5c99fc445f.tar.gz rails-d2ed32d5929f9d837280e2354e9a7e5c99fc445f.tar.bz2 rails-d2ed32d5929f9d837280e2354e9a7e5c99fc445f.zip | |
Parse url-encoded and multipart requests ourselves instead of delegating to CGI.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6764 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib/action_controller/cgi_ext')
| -rw-r--r-- | actionpack/lib/action_controller/cgi_ext/parameters.rb | 208 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/cgi_ext/query_extension.rb | 88 |
2 files changed, 7 insertions, 289 deletions
diff --git a/actionpack/lib/action_controller/cgi_ext/parameters.rb b/actionpack/lib/action_controller/cgi_ext/parameters.rb deleted file mode 100644 index 5eff896d18..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/parameters.rb +++ /dev/null @@ -1,208 +0,0 @@ -require 'cgi' -require 'strscan' - -module ActionController - module CgiExt - module Parameters - def self.included(base) - base.extend ClassMethods - end - - # Merge POST and GET parameters from the request body and query string, - # with GET parameters taking precedence. - def parameters - request_parameters.update(query_parameters) - end - - def query_parameters - self.class.parse_query_parameters(query_string) - end - - def request_parameters - self.class.parse_request_parameters(params, env_table) - end - - module ClassMethods - def parse_query_parameters(query_string) - return {} if query_string.blank? - - pairs = query_string.split('&').collect do |chunk| - next if chunk.empty? - key, value = chunk.split('=', 2) - next if key.empty? - value = value.nil? ? nil : CGI.unescape(value) - [ CGI.unescape(key), value ] - end.compact - - UrlEncodedPairParser.new(pairs).result - end - - def parse_request_parameters(params) - parser = UrlEncodedPairParser.new - - params = params.dup - until params.empty? - for key, value in params - if key.blank? - params.delete key - elsif !key.include?('[') - # much faster to test for the most common case first (GET) - # and avoid the call to build_deep_hash - parser.result[key] = get_typed_value(value[0]) - params.delete key - elsif value.is_a?(Array) - parser.parse(key, get_typed_value(value.shift)) - params.delete key if value.empty? - else - raise TypeError, "Expected array, found #{value.inspect}" - end - end - end - - parser.result - end - - private - def get_typed_value(value) - case value - when String - value - when NilClass - '' - when Array - value.map { |v| get_typed_value(v) } - else - # Uploaded file provides content type and filename. - if value.respond_to?(:content_type) && - !value.content_type.blank? && - !value.original_filename.blank? - unless value.respond_to?(:full_original_filename) - class << value - alias_method :full_original_filename, :original_filename - - # Take the basename of the upload's original filename. - # This handles the full Windows paths given by Internet Explorer - # (and perhaps other broken user agents) without affecting - # those which give the lone filename. - # The Windows regexp is adapted from Perl's File::Basename. - def original_filename - if md = /^(?:.*[:\\\/])?(.*)/m.match(full_original_filename) - md.captures.first - else - File.basename full_original_filename - end - end - end - end - - # Return the same value after overriding original_filename. - value - - # Multipart values may have content type, but no filename. - elsif value.respond_to?(:read) - result = value.read - value.rewind - result - - # Unknown value, neither string nor multipart. - else - raise "Unknown form value: #{value.inspect}" - end - end - end - end - - class UrlEncodedPairParser < StringScanner #:nodoc: - attr_reader :top, :parent, :result - - def initialize(pairs = []) - super('') - @result = {} - pairs.each { |key, value| parse(key, value) } - end - - KEY_REGEXP = %r{([^\[\]=&]+)} - BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} - - # Parse the query string - def parse(key, value) - self.string = key - @top, @parent = result, nil - - # First scan the bare key - key = scan(KEY_REGEXP) or return - key = post_key_check(key) - - # Then scan as many nestings as present - until eos? - r = scan(BRACKETED_KEY_REGEXP) or return - key = self[1] - key = post_key_check(key) - end - - bind(key, value) - end - - private - # After we see a key, we must look ahead to determine our next action. Cases: - # - # [] follows the key. Then the value must be an array. - # = follows the key. (A value comes next) - # & or the end of string follows the key. Then the key is a flag. - # otherwise, a hash follows the key. - def post_key_check(key) - if scan(/\[\]/) # a[b][] indicates that b is an array - container(key, Array) - nil - elsif check(/\[[^\]]/) # a[b] indicates that a is a hash - container(key, Hash) - nil - else # End of key? We do nothing. - key - end - end - - # Add a container to the stack. - def container(key, klass) - type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) - value = bind(key, klass.new) - type_conflict! klass, value unless value.is_a?(klass) - push(value) - end - - # Push a value onto the 'stack', which is actually only the top 2 items. - def push(value) - @parent, @top = @top, value - end - - # Bind a key (which may be nil for items in an array) to the provided value. - def bind(key, value) - if top.is_a? Array - if key - if top[-1].is_a?(Hash) && ! top[-1].key?(key) - top[-1][key] = value - else - top << {key => value}.with_indifferent_access - push top.last - end - else - top << value - end - elsif top.is_a? Hash - key = CGI.unescape(key) - parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) - return top[key] ||= value - else - raise ArgumentError, "Don't know what to do: top is #{top.inspect}" - end - - return value - end - - def type_conflict!(klass, value) - raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value." - end - end - end - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/query_extension.rb b/actionpack/lib/action_controller/cgi_ext/query_extension.rb index 147530b5ce..9620fd2873 100644 --- a/actionpack/lib/action_controller/cgi_ext/query_extension.rb +++ b/actionpack/lib/action_controller/cgi_ext/query_extension.rb @@ -5,92 +5,18 @@ class CGI #:nodoc: # Remove the old initialize_query method before redefining it. remove_method :initialize_query - # Initialize the data from the query. - # - # Handles multipart forms (in particular, forms that involve file uploads). - # Reads query parameters in the @params field, and cookies into @cookies. + # Neuter CGI parameter parsing. def initialize_query - @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) - # Fix some strange request environments. - if method = env_table['REQUEST_METHOD'] - method = method.to_s.downcase.intern - else - method = :get - end + env_table['REQUEST_METHOD'] ||= 'GET' # POST assumes missing Content-Type is application/x-www-form-urlencoded. - content_type = env_table['CONTENT_TYPE'] - if content_type.blank? && method == :post - content_type = 'application/x-www-form-urlencoded' + if env_table['CONTENT_TYPE'].blank? && env_table['REQUEST_METHOD'] == 'POST' + env_table['CONTENT_TYPE'] = 'application/x-www-form-urlencoded' end - # Force content length to zero if missing. - content_length = env_table['CONTENT_LENGTH'].to_i - - # Set multipart to false by default. - @multipart = false - - # POST and PUT may have params in entity body. If content type is missing - # or non-urlencoded, don't read the body or parse parameters: assume it's - # binary data. - if method == :post || method == :put - if boundary = extract_multipart_form_boundary(content_type) - @multipart = true - @params = read_multipart(boundary, content_length) - elsif content_type.blank? || content_type !~ %r{application/x-www-form-urlencoded}i - @params = {} - end - end - - @params ||= CGI.parse(read_params(method, content_length)) + @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) + @params = {} end - - private - unless defined?(MULTIPART_FORM_BOUNDARY_RE) - MULTIPART_FORM_BOUNDARY_RE = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n #" - end - - def extract_multipart_form_boundary(content_type) - MULTIPART_FORM_BOUNDARY_RE.match(content_type).to_a.pop - end - - if defined? MOD_RUBY - def read_query - Apache::request.args || '' - end - else - def read_query - # fixes CGI querystring parsing for lighttpd - env_qs = env_table['QUERY_STRING'] - if env_qs.blank? && !(uri = env_table['REQUEST_URI']).blank? - uri.split('?', 2)[1] || '' - else - env_qs || '' - end - end - end - - def read_body(content_length) - stdinput.binmode if stdinput.respond_to?(:binmode) - content = stdinput.read(content_length) || '' - # Fix for Safari Ajax postings that always append \000 - content.chop! if content[-1] == 0 - content.gsub!(/&_=$/, '') - env_table['RAW_POST_DATA'] = content.freeze - end - - def read_params(method, content_length) - case method - when :get - read_query - when :post, :put - read_body(content_length) - when :cmd - read_from_cmdline - else # :head, :delete, :options, :trace, :connect - read_query - end - end - end # module QueryExtension + end end |