diff options
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext.rb | 10 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/parameters.rb | 20 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/query_extension.rb | 10 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/stdinput.rb | 23 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_process.rb | 12 | ||||
-rwxr-xr-x | actionpack/lib/action_controller/request.rb | 34 | ||||
-rw-r--r-- | actionpack/lib/action_controller/test_process.rb | 30 |
7 files changed, 92 insertions, 47 deletions
diff --git a/actionpack/lib/action_controller/cgi_ext.rb b/actionpack/lib/action_controller/cgi_ext.rb index f4c8be2f76..1934ee704a 100644 --- a/actionpack/lib/action_controller/cgi_ext.rb +++ b/actionpack/lib/action_controller/cgi_ext.rb @@ -1,8 +1,18 @@ +require 'action_controller/cgi_ext/stdinput' require 'action_controller/cgi_ext/parameters' require 'action_controller/cgi_ext/query_extension' require 'action_controller/cgi_ext/cookie' require 'action_controller/cgi_ext/session' class CGI #:nodoc: + include ActionController::CgiExt::Stdinput include ActionController::CgiExt::Parameters + + class << self + alias :escapeHTML_fail_on_nil :escapeHTML + + def escapeHTML(string) + escapeHTML_fail_on_nil(string) unless string.nil? + end + end end diff --git a/actionpack/lib/action_controller/cgi_ext/parameters.rb b/actionpack/lib/action_controller/cgi_ext/parameters.rb index 639f131e00..a7f5393272 100644 --- a/actionpack/lib/action_controller/cgi_ext/parameters.rb +++ b/actionpack/lib/action_controller/cgi_ext/parameters.rb @@ -1,16 +1,6 @@ require 'cgi' require 'strscan' -class CGI #:nodoc: - class << self - alias :escapeHTML_fail_on_nil :escapeHTML - - def escapeHTML(string) - escapeHTML_fail_on_nil(string) unless string.nil? - end - end -end - module ActionController module CgiExt module Parameters @@ -72,18 +62,18 @@ module ActionController parser.result end - def parse_formatted_request_parameters(mime_type, raw_post_data) + def parse_formatted_request_parameters(mime_type, body) case strategy = ActionController::Base.param_parsers[mime_type] when Proc - strategy.call(raw_post_data) + strategy.call(body) when :xml_simple, :xml_node - raw_post_data.blank? ? {} : Hash.from_xml(raw_post_data).with_indifferent_access + body.blank? ? {} : Hash.from_xml(body).with_indifferent_access when :yaml - YAML.load(raw_post_data) + YAML.load(body) end rescue Exception => e # YAML, XML or Ruby code block errors { "exception" => "#{e.message} (#{e.class})", "backtrace" => e.backtrace, - "raw_post_data" => raw_post_data, "format" => mime_type } + "body" => body, "format" => mime_type } end private diff --git a/actionpack/lib/action_controller/cgi_ext/query_extension.rb b/actionpack/lib/action_controller/cgi_ext/query_extension.rb index 9e836eaaf8..147530b5ce 100644 --- a/actionpack/lib/action_controller/cgi_ext/query_extension.rb +++ b/actionpack/lib/action_controller/cgi_ext/query_extension.rb @@ -31,18 +31,14 @@ class CGI #:nodoc: # Set multipart to false by default. @multipart = false - # POST and PUT may have params in entity body. If content type is - # missing for POST, assume urlencoded. If content type is missing - # for PUT, don't assume anything and don't parse the parameters: - # it's likely binary data. - # - # The other HTTP methods have their params in the query string. + # POST and PUT may have params in entity body. If content type is missing + # or non-urlencoded, don't read the body or parse parameters: assume it's + # binary data. if method == :post || method == :put if boundary = extract_multipart_form_boundary(content_type) @multipart = true @params = read_multipart(boundary, content_length) elsif content_type.blank? || content_type !~ %r{application/x-www-form-urlencoded}i - read_params(method, content_length) @params = {} end end diff --git a/actionpack/lib/action_controller/cgi_ext/stdinput.rb b/actionpack/lib/action_controller/cgi_ext/stdinput.rb new file mode 100644 index 0000000000..b0ca63ef2f --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext/stdinput.rb @@ -0,0 +1,23 @@ +require 'cgi' + +module ActionController + module CgiExt + # Publicize the CGI's internal input stream so we can lazy-read + # request.body. Make it writable so we don't have to play $stdin games. + module Stdinput + def self.included(base) + base.class_eval do + remove_method :stdinput + attr_accessor :stdinput + end + + base.alias_method_chain :initialize, :stdinput + end + + def initialize_with_stdinput(type = nil, stdinput = $stdin) + @stdinput = stdinput + initialize_without_stdinput(type || 'query') + end + end + end +end diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb index 59849c7364..ee6e5ca250 100644 --- a/actionpack/lib/action_controller/cgi_process.rb +++ b/actionpack/lib/action_controller/cgi_process.rb @@ -58,6 +58,16 @@ module ActionController #:nodoc: end end + # The request body is an IO input stream. If the RAW_POST_DATA environment + # variable is already set, wrap it in a StringIO. + def body + if raw_post = env['RAW_POST_DATA'] + StringIO.new(raw_post) + else + @cgi.stdinput + end + end + def query_parameters @query_parameters ||= (qs = self.query_string).empty? ? {} : CGI.parse_query_parameters(qs) @@ -66,7 +76,7 @@ module ActionController #:nodoc: def request_parameters @request_parameters ||= if ActionController::Base.param_parsers.has_key?(content_type) - CGI.parse_formatted_request_parameters(content_type, @env['RAW_POST_DATA']) + CGI.parse_formatted_request_parameters(content_type, body.read) else CGI.parse_request_parameters(@cgi.params) end diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index eed1563aba..2bc104b772 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -1,24 +1,27 @@ module ActionController - # Subclassing AbstractRequest makes these methods available to the request objects used in production and testing, - # CgiRequest and TestRequest + # CgiRequest and TestRequest provide concrete implementations. class AbstractRequest cattr_accessor :relative_url_root remove_method :relative_url_root - # Returns the hash of environment variables for this request, + # The hash of environment variables for this request, # such as { 'RAILS_ENV' => 'production' }. attr_reader :env - attr_accessor :format + # The requested content type, such as :html or :xml. + attr_writer :format - # Returns the HTTP request method as a lowercase symbol (:get, for example). Note, HEAD is returned as :get - # since the two are supposedly to be functionaly equivilent for all purposes except that HEAD won't return a response - # body (which Rails also takes care of elsewhere). + # The HTTP request method as a lowercase symbol, such as :get. + # Note, HEAD is returned as :get since the two are functionally + # equivalent from the application's perspective. def method - @request_method ||= (!parameters[:_method].blank? && @env['REQUEST_METHOD'] == 'POST') ? - parameters[:_method].to_s.downcase.to_sym : - @env['REQUEST_METHOD'].downcase.to_sym - + @request_method ||= + if @env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank? + parameters[:_method].to_s.downcase.to_sym + else + @env['REQUEST_METHOD'].downcase.to_sym + end + @request_method == :head ? :get : @request_method end @@ -42,8 +45,8 @@ module ActionController method == :delete end - # Is this a HEAD request? HEAD is mapped as :get for request.method, so here we ask the - # REQUEST_METHOD header directly. Thus, for head, both get? and head? will return true. + # Is this a HEAD request? request.method sees HEAD as :get, so check the + # HTTP method directly. def head? @env['REQUEST_METHOD'].downcase.to_sym == :head end @@ -269,6 +272,11 @@ module ActionController #-- # Must be implemented in the concrete request #++ + + # The request body is an IO input stream. + def body + end + def query_parameters #:nodoc: end diff --git a/actionpack/lib/action_controller/test_process.rb b/actionpack/lib/action_controller/test_process.rb index b1eb9e38ef..4db8517b42 100644 --- a/actionpack/lib/action_controller/test_process.rb +++ b/actionpack/lib/action_controller/test_process.rb @@ -40,18 +40,15 @@ module ActionController #:nodoc: @session = TestSession.new end + # Wraps raw_post in a StringIO. + def body + StringIO.new(raw_post) + end + + # Either the RAW_POST_DATA environment variable or the URL-encoded request + # parameters. def raw_post - if raw_post = env['RAW_POST_DATA'] - raw_post - else - params = self.request_parameters.dup - %w(controller action only_path).each do |k| - params.delete(k) - params.delete(k.to_sym) - end - - params.map { |k,v| [ CGI.escape(k.to_s), CGI.escape(v.to_s) ].join('=') }.sort.join('&') - end + env['RAW_POST_DATA'] ||= url_encoded_request_parameters end def port=(number) @@ -140,6 +137,17 @@ module ActionController #:nodoc: @env["SERVER_PORT"] = 80 @env['REQUEST_METHOD'] = "GET" end + + def url_encoded_request_parameters + params = self.request_parameters.dup + + %w(controller action only_path).each do |k| + params.delete(k) + params.delete(k.to_sym) + end + + params.to_query + end end # A refactoring of TestResponse to allow the same behavior to be applied |