From f8273e430916f8c7b0d21ad14aab90e427f8c0a6 Mon Sep 17 00:00:00 2001 From: Jeremy Kemper Date: Tue, 15 May 2007 00:08:05 +0000 Subject: Shine some sunlight on the CGI extensions. Remove unused CGI#session. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6733 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/lib/action_controller/cgi_ext.rb | 8 + .../lib/action_controller/cgi_ext/cgi_ext.rb | 36 ---- .../lib/action_controller/cgi_ext/cgi_methods.rb | 207 ------------------ actionpack/lib/action_controller/cgi_ext/cookie.rb | 123 +++++++++++ .../cgi_ext/cookie_performance_fix.rb | 125 ----------- .../lib/action_controller/cgi_ext/parameters.rb | 232 +++++++++++++++++++++ .../cgi_ext/pstore_performance_fix.rb | 30 --- .../action_controller/cgi_ext/query_extension.rb | 100 +++++++++ .../action_controller/cgi_ext/raw_post_data_fix.rb | 98 --------- .../lib/action_controller/cgi_ext/session.rb | 63 ++++++ .../cgi_ext/session_performance_fix.rb | 43 ---- actionpack/lib/action_controller/cgi_process.rb | 12 +- actionpack/test/controller/cgi_test.rb | 69 +++--- actionpack/test/controller/raw_post_test.rb | 3 +- .../test/controller/session/cookie_store_test.rb | 2 +- 15 files changed, 565 insertions(+), 586 deletions(-) create mode 100644 actionpack/lib/action_controller/cgi_ext.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/cgi_ext.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/cgi_methods.rb create mode 100644 actionpack/lib/action_controller/cgi_ext/cookie.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/cookie_performance_fix.rb create mode 100644 actionpack/lib/action_controller/cgi_ext/parameters.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/pstore_performance_fix.rb create mode 100644 actionpack/lib/action_controller/cgi_ext/query_extension.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb create mode 100644 actionpack/lib/action_controller/cgi_ext/session.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb diff --git a/actionpack/lib/action_controller/cgi_ext.rb b/actionpack/lib/action_controller/cgi_ext.rb new file mode 100644 index 0000000000..f4c8be2f76 --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext.rb @@ -0,0 +1,8 @@ +require 'action_controller/cgi_ext/parameters' +require 'action_controller/cgi_ext/query_extension' +require 'action_controller/cgi_ext/cookie' +require 'action_controller/cgi_ext/session' + +class CGI #:nodoc: + include ActionController::CgiExt::Parameters +end diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_ext.rb b/actionpack/lib/action_controller/cgi_ext/cgi_ext.rb deleted file mode 100644 index 06958272ab..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/cgi_ext.rb +++ /dev/null @@ -1,36 +0,0 @@ -require 'cgi' -require 'cgi/session' -require 'cgi/session/pstore' -require 'action_controller/cgi_ext/cgi_methods' - -# Wrapper around the CGIMethods that have been secluded to allow testing without -# an instantiated CGI object -class CGI #:nodoc: - class << self - alias :escapeHTML_fail_on_nil :escapeHTML - - def escapeHTML(string) - escapeHTML_fail_on_nil(string) unless string.nil? - end - end - - # Returns a parameter hash including values from both the request (POST/GET) - # and the query string with the latter taking precedence. - def parameters - request_parameters.update(query_parameters) - end - - def query_parameters - CGIMethods.parse_query_parameters(query_string) - end - - def request_parameters - CGIMethods.parse_request_parameters(params, env_table) - end - - def session(parameters = nil) - parameters = {} if parameters.nil? - parameters['database_manager'] = CGI::Session::PStore - CGI::Session.new(self, parameters) - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb deleted file mode 100644 index 250c3272b9..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb +++ /dev/null @@ -1,207 +0,0 @@ -require 'cgi' -require 'strscan' - -# Static methods for parsing the query and request parameters that can be used in -# a CGI extension class or testing in isolation. -class CGIMethods #:nodoc: - class << self - # DEPRECATED: Use parse_form_encoded_parameters - def parse_query_parameters(query_string) - pairs = query_string.split('&').collect do |chunk| - next if chunk.empty? - key, value = chunk.split('=', 2) - next if key.empty? - value = value.nil? ? nil : CGI.unescape(value) - [ CGI.unescape(key), value ] - end.compact - - FormEncodedPairParser.new(pairs).result - end - - # DEPRECATED: Use parse_form_encoded_parameters - def parse_request_parameters(params) - parser = FormEncodedPairParser.new - - params = params.dup - until params.empty? - for key, value in params - if key.blank? - params.delete key - elsif !key.include?('[') - # much faster to test for the most common case first (GET) - # and avoid the call to build_deep_hash - parser.result[key] = get_typed_value(value[0]) - params.delete key - elsif value.is_a?(Array) - parser.parse(key, get_typed_value(value.shift)) - params.delete key if value.empty? - else - raise TypeError, "Expected array, found #{value.inspect}" - end - end - end - - parser.result - end - - def parse_formatted_request_parameters(mime_type, raw_post_data) - case strategy = ActionController::Base.param_parsers[mime_type] - when Proc - strategy.call(raw_post_data) - when :xml_simple, :xml_node - raw_post_data.blank? ? {} : Hash.from_xml(raw_post_data).with_indifferent_access - when :yaml - YAML.load(raw_post_data) - end - rescue Exception => e # YAML, XML or Ruby code block errors - { "exception" => "#{e.message} (#{e.class})", "backtrace" => e.backtrace, - "raw_post_data" => raw_post_data, "format" => mime_type } - end - - private - def get_typed_value(value) - case value - when String - value - when NilClass - '' - when Array - value.map { |v| get_typed_value(v) } - else - # Uploaded file provides content type and filename. - if value.respond_to?(:content_type) && - !value.content_type.blank? && - !value.original_filename.blank? - unless value.respond_to?(:full_original_filename) - class << value - alias_method :full_original_filename, :original_filename - - # Take the basename of the upload's original filename. - # This handles the full Windows paths given by Internet Explorer - # (and perhaps other broken user agents) without affecting - # those which give the lone filename. - # The Windows regexp is adapted from Perl's File::Basename. - def original_filename - if md = /^(?:.*[:\\\/])?(.*)/m.match(full_original_filename) - md.captures.first - else - File.basename full_original_filename - end - end - end - end - - # Return the same value after overriding original_filename. - value - - # Multipart values may have content type, but no filename. - elsif value.respond_to?(:read) - result = value.read - value.rewind - result - - # Unknown value, neither string nor multipart. - else - raise "Unknown form value: #{value.inspect}" - end - end - end - end - - class FormEncodedPairParser < StringScanner #:nodoc: - attr_reader :top, :parent, :result - - def initialize(pairs = []) - super('') - @result = {} - pairs.each { |key, value| parse(key, value) } - end - - KEY_REGEXP = %r{([^\[\]=&]+)} - BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} - - # Parse the query string - def parse(key, value) - self.string = key - @top, @parent = result, nil - - # First scan the bare key - key = scan(KEY_REGEXP) or return - key = post_key_check(key) - - # Then scan as many nestings as present - until eos? - r = scan(BRACKETED_KEY_REGEXP) or return - key = self[1] - key = post_key_check(key) - end - - bind(key, value) - end - - private - # After we see a key, we must look ahead to determine our next action. Cases: - # - # [] follows the key. Then the value must be an array. - # = follows the key. (A value comes next) - # & or the end of string follows the key. Then the key is a flag. - # otherwise, a hash follows the key. - def post_key_check(key) - if scan(/\[\]/) # a[b][] indicates that b is an array - container(key, Array) - nil - elsif check(/\[[^\]]/) # a[b] indicates that a is a hash - container(key, Hash) - nil - else # End of key? We do nothing. - key - end - end - - # Add a container to the stack. - # - def container(key, klass) - type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) - value = bind(key, klass.new) - type_conflict! klass, value unless value.is_a?(klass) - push(value) - end - - # Push a value onto the 'stack', which is actually only the top 2 items. - def push(value) - @parent, @top = @top, value - end - - # Bind a key (which may be nil for items in an array) to the provided value. - def bind(key, value) - if top.is_a? Array - if key - if top[-1].is_a?(Hash) && ! top[-1].key?(key) - top[-1][key] = value - else - top << {key => value}.with_indifferent_access - push top.last - end - else - top << value - end - elsif top.is_a? Hash - key = CGI.unescape(key) - parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) - return top[key] ||= value - else - raise ArgumentError, "Don't know what to do: top is #{top.inspect}" - end - - return value - end - - def type_conflict!(klass, value) - raise TypeError, - "Conflicting types for parameter containers. " + - "Expected an instance of #{klass}, but found an instance of #{value.class}. " + - "This can be caused by passing Array and Hash based paramters qs[]=value&qs[key]=value. " - end - - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb new file mode 100644 index 0000000000..68ac7062f8 --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -0,0 +1,123 @@ +CGI.module_eval { remove_const "Cookie" } + +# TODO: document how this differs from stdlib CGI::Cookie +class CGI #:nodoc: + class Cookie < DelegateClass(Array) + # Create a new CGI::Cookie object. + # + # The contents of the cookie can be specified as a +name+ and one + # or more +value+ arguments. Alternatively, the contents can + # be specified as a single hash argument. The possible keywords of + # this hash are as follows: + # + # name:: the name of the cookie. Required. + # value:: the cookie's value or list of values. + # path:: the path for which this cookie applies. Defaults to the + # base directory of the CGI script. + # domain:: the domain for which this cookie applies. + # expires:: the time at which this cookie expires, as a +Time+ object. + # secure:: whether this cookie is a secure cookie or not (default to + # false). Secure cookies are only transmitted to HTTPS + # servers. + # + # These keywords correspond to attributes of the cookie object. + def initialize(name = '', *value) + if name.kind_of?(String) + @name = name + @value = Array(value) + @domain = nil + @expires = nil + @secure = false + @path = nil + else + @name = name['name'] + @value = Array(name['value']) + @domain = name['domain'] + @expires = name['expires'] + @secure = name['secure'] || false + @path = name['path'] + end + + unless @name + raise ArgumentError, "`name' required" + end + + # simple support for IE + unless @path + %r|^(.*/)|.match(ENV['SCRIPT_NAME']) + @path = ($1 or '') + end + + super(@value) + end + + def __setobj__(obj) + @_dc_obj = obj + end + + attr_accessor("name", "value", "path", "domain", "expires") + attr_reader("secure") + + # Set whether the Cookie is a secure cookie or not. + # + # +val+ must be a boolean. + def secure=(val) + @secure = val if val == true or val == false + @secure + end + + # Convert the Cookie to its string representation. + def to_s + buf = "" + buf << @name << '=' + + if @value.kind_of?(String) + buf << CGI::escape(@value) + else + buf << @value.collect{|v| CGI::escape(v) }.join("&") + end + + if @domain + buf << '; domain=' << @domain + end + + if @path + buf << '; path=' << @path + end + + if @expires + buf << '; expires=' << CGI::rfc1123_date(@expires) + end + + if @secure == true + buf << '; secure' + end + + buf + end + + # Parse a raw cookie string into a hash of cookie-name=>Cookie + # pairs. + # + # cookies = CGI::Cookie::parse("raw_cookie_string") + # # { "name1" => cookie1, "name2" => cookie2, ... } + # + def self.parse(raw_cookie) + cookies = Hash.new([]) + + if raw_cookie + raw_cookie.split(/; ?/).each do |pairs| + name, values = pairs.split('=',2) + next unless name and values + name = CGI::unescape(name) + values = values.split('&').collect!{|v| CGI::unescape(v) } + unless cookies.has_key?(name) + cookies[name] = new(name, *values) + end + end + end + + cookies + end + end # class Cookie +end diff --git a/actionpack/lib/action_controller/cgi_ext/cookie_performance_fix.rb b/actionpack/lib/action_controller/cgi_ext/cookie_performance_fix.rb deleted file mode 100644 index 59b9dda396..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/cookie_performance_fix.rb +++ /dev/null @@ -1,125 +0,0 @@ -CGI.module_eval { remove_const "Cookie" } - -class CGI #:nodoc: - # This is a cookie class that fixes the performance problems with the default one that ships with 1.8.1 and below. - # It replaces the inheritance on SimpleDelegator with DelegateClass(Array) following the suggestion from Matz on - # http://groups.google.com/groups?th=e3a4e68ba042f842&seekm=c3sioe%241qvm%241%40news.cybercity.dk#link14 - class Cookie < DelegateClass(Array) - # Create a new CGI::Cookie object. - # - # The contents of the cookie can be specified as a +name+ and one - # or more +value+ arguments. Alternatively, the contents can - # be specified as a single hash argument. The possible keywords of - # this hash are as follows: - # - # name:: the name of the cookie. Required. - # value:: the cookie's value or list of values. - # path:: the path for which this cookie applies. Defaults to the - # base directory of the CGI script. - # domain:: the domain for which this cookie applies. - # expires:: the time at which this cookie expires, as a +Time+ object. - # secure:: whether this cookie is a secure cookie or not (default to - # false). Secure cookies are only transmitted to HTTPS - # servers. - # - # These keywords correspond to attributes of the cookie object. - def initialize(name = '', *value) - if name.kind_of?(String) - @name = name - @value = Array(value) - @domain = nil - @expires = nil - @secure = false - @path = nil - else - @name = name['name'] - @value = Array(name['value']) - @domain = name['domain'] - @expires = name['expires'] - @secure = name['secure'] || false - @path = name['path'] - end - - unless @name - raise ArgumentError, "`name' required" - end - - # simple support for IE - unless @path - %r|^(.*/)|.match(ENV['SCRIPT_NAME']) - @path = ($1 or '') - end - - super(@value) - end - - def __setobj__(obj) - @_dc_obj = obj - end - - attr_accessor("name", "value", "path", "domain", "expires") - attr_reader("secure") - - # Set whether the Cookie is a secure cookie or not. - # - # +val+ must be a boolean. - def secure=(val) - @secure = val if val == true or val == false - @secure - end - - # Convert the Cookie to its string representation. - def to_s - buf = "" - buf << @name << '=' - - if @value.kind_of?(String) - buf << CGI::escape(@value) - else - buf << @value.collect{|v| CGI::escape(v) }.join("&") - end - - if @domain - buf << '; domain=' << @domain - end - - if @path - buf << '; path=' << @path - end - - if @expires - buf << '; expires=' << CGI::rfc1123_date(@expires) - end - - if @secure == true - buf << '; secure' - end - - buf - end - - # Parse a raw cookie string into a hash of cookie-name=>Cookie - # pairs. - # - # cookies = CGI::Cookie::parse("raw_cookie_string") - # # { "name1" => cookie1, "name2" => cookie2, ... } - # - def self.parse(raw_cookie) - cookies = Hash.new([]) - - if raw_cookie - raw_cookie.split(/; ?/).each do |pairs| - name, values = pairs.split('=',2) - next unless name and values - name = CGI::unescape(name) - values = values.split('&').collect!{|v| CGI::unescape(v) } - unless cookies.has_key?(name) - cookies[name] = new(name, *values) - end - end - end - - cookies - end - end # class Cookie -end diff --git a/actionpack/lib/action_controller/cgi_ext/parameters.rb b/actionpack/lib/action_controller/cgi_ext/parameters.rb new file mode 100644 index 0000000000..639f131e00 --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext/parameters.rb @@ -0,0 +1,232 @@ +require 'cgi' +require 'strscan' + +class CGI #:nodoc: + class << self + alias :escapeHTML_fail_on_nil :escapeHTML + + def escapeHTML(string) + escapeHTML_fail_on_nil(string) unless string.nil? + end + end +end + +module ActionController + module CgiExt + module Parameters + def self.included(base) + base.extend ClassMethods + end + + # Merge POST and GET parameters from the request body and query string, + # with GET parameters taking precedence. + def parameters + request_parameters.update(query_parameters) + end + + def query_parameters + self.class.parse_query_parameters(query_string) + end + + def request_parameters + self.class.parse_request_parameters(params, env_table) + end + + module ClassMethods + # DEPRECATED: Use parse_form_encoded_parameters + def parse_query_parameters(query_string) + pairs = query_string.split('&').collect do |chunk| + next if chunk.empty? + key, value = chunk.split('=', 2) + next if key.empty? + value = value.nil? ? nil : CGI.unescape(value) + [ CGI.unescape(key), value ] + end.compact + + FormEncodedPairParser.new(pairs).result + end + + # DEPRECATED: Use parse_form_encoded_parameters + def parse_request_parameters(params) + parser = FormEncodedPairParser.new + + params = params.dup + until params.empty? + for key, value in params + if key.blank? + params.delete key + elsif !key.include?('[') + # much faster to test for the most common case first (GET) + # and avoid the call to build_deep_hash + parser.result[key] = get_typed_value(value[0]) + params.delete key + elsif value.is_a?(Array) + parser.parse(key, get_typed_value(value.shift)) + params.delete key if value.empty? + else + raise TypeError, "Expected array, found #{value.inspect}" + end + end + end + + parser.result + end + + def parse_formatted_request_parameters(mime_type, raw_post_data) + case strategy = ActionController::Base.param_parsers[mime_type] + when Proc + strategy.call(raw_post_data) + when :xml_simple, :xml_node + raw_post_data.blank? ? {} : Hash.from_xml(raw_post_data).with_indifferent_access + when :yaml + YAML.load(raw_post_data) + end + rescue Exception => e # YAML, XML or Ruby code block errors + { "exception" => "#{e.message} (#{e.class})", "backtrace" => e.backtrace, + "raw_post_data" => raw_post_data, "format" => mime_type } + end + + private + def get_typed_value(value) + case value + when String + value + when NilClass + '' + when Array + value.map { |v| get_typed_value(v) } + else + # Uploaded file provides content type and filename. + if value.respond_to?(:content_type) && + !value.content_type.blank? && + !value.original_filename.blank? + unless value.respond_to?(:full_original_filename) + class << value + alias_method :full_original_filename, :original_filename + + # Take the basename of the upload's original filename. + # This handles the full Windows paths given by Internet Explorer + # (and perhaps other broken user agents) without affecting + # those which give the lone filename. + # The Windows regexp is adapted from Perl's File::Basename. + def original_filename + if md = /^(?:.*[:\\\/])?(.*)/m.match(full_original_filename) + md.captures.first + else + File.basename full_original_filename + end + end + end + end + + # Return the same value after overriding original_filename. + value + + # Multipart values may have content type, but no filename. + elsif value.respond_to?(:read) + result = value.read + value.rewind + result + + # Unknown value, neither string nor multipart. + else + raise "Unknown form value: #{value.inspect}" + end + end + end + end + + class FormEncodedPairParser < StringScanner #:nodoc: + attr_reader :top, :parent, :result + + def initialize(pairs = []) + super('') + @result = {} + pairs.each { |key, value| parse(key, value) } + end + + KEY_REGEXP = %r{([^\[\]=&]+)} + BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} + + # Parse the query string + def parse(key, value) + self.string = key + @top, @parent = result, nil + + # First scan the bare key + key = scan(KEY_REGEXP) or return + key = post_key_check(key) + + # Then scan as many nestings as present + until eos? + r = scan(BRACKETED_KEY_REGEXP) or return + key = self[1] + key = post_key_check(key) + end + + bind(key, value) + end + + private + # After we see a key, we must look ahead to determine our next action. Cases: + # + # [] follows the key. Then the value must be an array. + # = follows the key. (A value comes next) + # & or the end of string follows the key. Then the key is a flag. + # otherwise, a hash follows the key. + def post_key_check(key) + if scan(/\[\]/) # a[b][] indicates that b is an array + container(key, Array) + nil + elsif check(/\[[^\]]/) # a[b] indicates that a is a hash + container(key, Hash) + nil + else # End of key? We do nothing. + key + end + end + + # Add a container to the stack. + def container(key, klass) + type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) + value = bind(key, klass.new) + type_conflict! klass, value unless value.is_a?(klass) + push(value) + end + + # Push a value onto the 'stack', which is actually only the top 2 items. + def push(value) + @parent, @top = @top, value + end + + # Bind a key (which may be nil for items in an array) to the provided value. + def bind(key, value) + if top.is_a? Array + if key + if top[-1].is_a?(Hash) && ! top[-1].key?(key) + top[-1][key] = value + else + top << {key => value}.with_indifferent_access + push top.last + end + else + top << value + end + elsif top.is_a? Hash + key = CGI.unescape(key) + parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) + return top[key] ||= value + else + raise ArgumentError, "Don't know what to do: top is #{top.inspect}" + end + + return value + end + + def type_conflict!(klass, value) + raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value." + end + end + end + end +end diff --git a/actionpack/lib/action_controller/cgi_ext/pstore_performance_fix.rb b/actionpack/lib/action_controller/cgi_ext/pstore_performance_fix.rb deleted file mode 100644 index 79e427a350..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/pstore_performance_fix.rb +++ /dev/null @@ -1,30 +0,0 @@ -# CGI::Session::PStore.initialize requires 'digest/md5' on every call. -# This makes sense when spawning processes per request, but is -# unnecessarily expensive when serving requests from a long-lived -# process. -require 'cgi/session' -require 'cgi/session/pstore' -require 'digest/md5' - -class CGI::Session::PStore #:nodoc: - def initialize(session, option={}) - dir = option['tmpdir'] || Dir::tmpdir - prefix = option['prefix'] || '' - id = session.session_id - md5 = Digest::MD5.hexdigest(id)[0,16] - path = dir+"/"+prefix+md5 - path.untaint - if File::exist?(path) - @hash = nil - else - unless session.new_session - raise CGI::Session::NoSession, "uninitialized session" - end - @hash = {} - end - @p = ::PStore.new(path) - @p.transaction do |p| - File.chmod(0600, p.path) - end - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/query_extension.rb b/actionpack/lib/action_controller/cgi_ext/query_extension.rb new file mode 100644 index 0000000000..9e836eaaf8 --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext/query_extension.rb @@ -0,0 +1,100 @@ +require 'cgi' + +class CGI #:nodoc: + module QueryExtension + # Remove the old initialize_query method before redefining it. + remove_method :initialize_query + + # Initialize the data from the query. + # + # Handles multipart forms (in particular, forms that involve file uploads). + # Reads query parameters in the @params field, and cookies into @cookies. + def initialize_query + @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) + + # Fix some strange request environments. + if method = env_table['REQUEST_METHOD'] + method = method.to_s.downcase.intern + else + method = :get + end + + # POST assumes missing Content-Type is application/x-www-form-urlencoded. + content_type = env_table['CONTENT_TYPE'] + if content_type.blank? && method == :post + content_type = 'application/x-www-form-urlencoded' + end + + # Force content length to zero if missing. + content_length = env_table['CONTENT_LENGTH'].to_i + + # Set multipart to false by default. + @multipart = false + + # POST and PUT may have params in entity body. If content type is + # missing for POST, assume urlencoded. If content type is missing + # for PUT, don't assume anything and don't parse the parameters: + # it's likely binary data. + # + # The other HTTP methods have their params in the query string. + if method == :post || method == :put + if boundary = extract_multipart_form_boundary(content_type) + @multipart = true + @params = read_multipart(boundary, content_length) + elsif content_type.blank? || content_type !~ %r{application/x-www-form-urlencoded}i + read_params(method, content_length) + @params = {} + end + end + + @params ||= CGI.parse(read_params(method, content_length)) + end + + private + unless defined?(MULTIPART_FORM_BOUNDARY_RE) + MULTIPART_FORM_BOUNDARY_RE = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n #" + end + + def extract_multipart_form_boundary(content_type) + MULTIPART_FORM_BOUNDARY_RE.match(content_type).to_a.pop + end + + if defined? MOD_RUBY + def read_query + Apache::request.args || '' + end + else + def read_query + # fixes CGI querystring parsing for lighttpd + env_qs = env_table['QUERY_STRING'] + if env_qs.blank? && !(uri = env_table['REQUEST_URI']).blank? + uri.split('?', 2)[1] || '' + else + env_qs || '' + end + end + end + + def read_body(content_length) + stdinput.binmode if stdinput.respond_to?(:binmode) + content = stdinput.read(content_length) || '' + # Fix for Safari Ajax postings that always append \000 + content.chop! if content[-1] == 0 + content.gsub!(/&_=$/, '') + env_table['RAW_POST_DATA'] = content.freeze + end + + def read_params(method, content_length) + case method + when :get + read_query + when :post, :put + read_body(content_length) + when :cmd + read_from_cmdline + else # :head, :delete, :options, :trace, :connect + read_query + end + end + end # module QueryExtension +end diff --git a/actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb b/actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb deleted file mode 100644 index 13e4586afa..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb +++ /dev/null @@ -1,98 +0,0 @@ -class CGI #:nodoc: - module QueryExtension - # Remove the old initialize_query method before redefining it. - remove_method :initialize_query - - # Initialize the data from the query. - # - # Handles multipart forms (in particular, forms that involve file uploads). - # Reads query parameters in the @params field, and cookies into @cookies. - def initialize_query - @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) - - # Fix some strange request environments. - if method = env_table['REQUEST_METHOD'] - method = method.to_s.downcase.intern - else - method = :get - end - - # POST assumes missing Content-Type is application/x-www-form-urlencoded. - content_type = env_table['CONTENT_TYPE'] - if content_type.blank? && method == :post - content_type = 'application/x-www-form-urlencoded' - end - - # Force content length to zero if missing. - content_length = env_table['CONTENT_LENGTH'].to_i - - # Set multipart to false by default. - @multipart = false - - # POST and PUT may have params in entity body. If content type is - # missing for POST, assume urlencoded. If content type is missing - # for PUT, don't assume anything and don't parse the parameters: - # it's likely binary data. - # - # The other HTTP methods have their params in the query string. - if method == :post || method == :put - if boundary = extract_multipart_form_boundary(content_type) - @multipart = true - @params = read_multipart(boundary, content_length) - elsif content_type.blank? || content_type !~ %r{application/x-www-form-urlencoded}i - read_params(method, content_length) - @params = {} - end - end - - @params ||= CGI.parse(read_params(method, content_length)) - end - - private - unless defined?(MULTIPART_FORM_BOUNDARY_RE) - MULTIPART_FORM_BOUNDARY_RE = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n #" - end - - def extract_multipart_form_boundary(content_type) - MULTIPART_FORM_BOUNDARY_RE.match(content_type).to_a.pop - end - - if defined? MOD_RUBY - def read_query - Apache::request.args || '' - end - else - def read_query - # fixes CGI querystring parsing for lighttpd - env_qs = env_table['QUERY_STRING'] - if env_qs.blank? && !(uri = env_table['REQUEST_URI']).blank? - uri.split('?', 2)[1] || '' - else - env_qs || '' - end - end - end - - def read_body(content_length) - stdinput.binmode if stdinput.respond_to?(:binmode) - content = stdinput.read(content_length) || '' - # Fix for Safari Ajax postings that always append \000 - content.chop! if content[-1] == 0 - content.gsub!(/&_=$/, '') - env_table['RAW_POST_DATA'] = content.freeze - end - - def read_params(method, content_length) - case method - when :get - read_query - when :post, :put - read_body(content_length) - when :cmd - read_from_cmdline - else # :head, :delete, :options, :trace, :connect - read_query - end - end - end # module QueryExtension -end diff --git a/actionpack/lib/action_controller/cgi_ext/session.rb b/actionpack/lib/action_controller/cgi_ext/session.rb new file mode 100644 index 0000000000..0213ce91bd --- /dev/null +++ b/actionpack/lib/action_controller/cgi_ext/session.rb @@ -0,0 +1,63 @@ +require 'digest/md5' +require 'cgi/session' +require 'cgi/session/pstore' + +class CGI #:nodoc: + # * Expose the CGI instance to session stores. + # * Don't require 'digest/md5' whenever a new session id is generated. + class Session #:nodoc: + # Generate an MD5 hash including the time, a random number, the process id, + # and a constant string. This is used to generate session ids but may be + # reused elsewhere. + def self.generate_unique_id(constant = 'foobar') + md5 = Digest::MD5.new + now = Time.now + md5 << now.to_s + md5 << String(now.usec) + md5 << String(rand(0)) + md5 << String($$) + md5 << constant + md5.hexdigest + end + + # Make the CGI instance available to session stores. + attr_reader :cgi + attr_reader :dbman + alias_method :initialize_without_cgi_reader, :initialize + def initialize(cgi, options = {}) + @cgi = cgi + initialize_without_cgi_reader(cgi, options) + end + + private + # Create a new session id. + def create_new_id + @new_session = true + self.class.generate_unique_id + end + + # * Don't require 'digest/md5' whenever a new session is started. + class PStore #:nodoc: + def initialize(session, option={}) + dir = option['tmpdir'] || Dir::tmpdir + prefix = option['prefix'] || '' + id = session.session_id + md5 = Digest::MD5.hexdigest(id)[0,16] + path = dir+"/"+prefix+md5 + path.untaint + if File::exist?(path) + @hash = nil + else + unless session.new_session + raise CGI::Session::NoSession, "uninitialized session" + end + @hash = {} + end + @p = ::PStore.new(path) + @p.transaction do |p| + File.chmod(0600, p.path) + end + end + end + end +end diff --git a/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb b/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb deleted file mode 100644 index d3dc643d3f..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb +++ /dev/null @@ -1,43 +0,0 @@ -# CGI::Session#create_new_id requires 'digest/md5' on every call. This makes -# sense when spawning processes per request, but is unnecessarily expensive -# when serving requests from a long-lived process. -# -# http://railsexpress.de/blog/articles/2005/11/22/speeding-up-the-creation-of-new-sessions -# -# Also expose the CGI instance to session stores. -require 'cgi/session' -require 'digest/md5' - -class CGI - class Session #:nodoc: - # Generate an MD5 hash including the time, a random number, the process id, - # and a constant string. This is used to generate session ids but may be - # reused elsewhere. - def self.generate_unique_id(constant = 'foobar') - md5 = Digest::MD5.new - now = Time.now - md5 << now.to_s - md5 << String(now.usec) - md5 << String(rand(0)) - md5 << String($$) - md5 << constant - md5.hexdigest - end - - # Make the CGI instance available to session stores. - attr_reader :cgi - attr_reader :dbman - alias_method :initialize_without_cgi_reader, :initialize - def initialize(cgi, options = {}) - @cgi = cgi - initialize_without_cgi_reader(cgi, options) - end - - private - # Create a new session id. - def create_new_id - @new_session = true - self.class.generate_unique_id - end - end -end diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb index ddcc6003d0..59849c7364 100644 --- a/actionpack/lib/action_controller/cgi_process.rb +++ b/actionpack/lib/action_controller/cgi_process.rb @@ -1,8 +1,4 @@ -require 'action_controller/cgi_ext/cgi_ext' -require 'action_controller/cgi_ext/cookie_performance_fix' -require 'action_controller/cgi_ext/raw_post_data_fix' -require 'action_controller/cgi_ext/session_performance_fix' -require 'action_controller/cgi_ext/pstore_performance_fix' +require 'action_controller/cgi_ext' require 'action_controller/session/cookie_store' module ActionController #:nodoc: @@ -64,15 +60,15 @@ module ActionController #:nodoc: def query_parameters @query_parameters ||= - (qs = self.query_string).empty? ? {} : CGIMethods.parse_query_parameters(qs) + (qs = self.query_string).empty? ? {} : CGI.parse_query_parameters(qs) end def request_parameters @request_parameters ||= if ActionController::Base.param_parsers.has_key?(content_type) - CGIMethods.parse_formatted_request_parameters(content_type, @env['RAW_POST_DATA']) + CGI.parse_formatted_request_parameters(content_type, @env['RAW_POST_DATA']) else - CGIMethods.parse_request_parameters(@cgi.params) + CGI.parse_request_parameters(@cgi.params) end end diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb index 5be6cd2ea2..877423a0d1 100755 --- a/actionpack/test/controller/cgi_test.rb +++ b/actionpack/test/controller/cgi_test.rb @@ -1,8 +1,5 @@ require File.dirname(__FILE__) + '/../abstract_unit' require 'action_controller/cgi_process' -require 'action_controller/cgi_ext/cgi_ext' - -require 'stringio' class CGITest < Test::Unit::TestCase def setup @@ -22,29 +19,29 @@ class CGITest < Test::Unit::TestCase def test_query_string assert_equal( { "action" => "create_customer", "full_name" => "David Heinemeier Hansson", "customerId" => "1"}, - CGIMethods.parse_query_parameters(@query_string) + CGI.parse_query_parameters(@query_string) ) end def test_deep_query_string expected = {'x' => {'y' => {'z' => '10'}}} - assert_equal(expected, CGIMethods.parse_query_parameters('x[y][z]=10')) + assert_equal(expected, CGI.parse_query_parameters('x[y][z]=10')) end def test_deep_query_string_with_array - assert_equal({'x' => {'y' => {'z' => ['10']}}}, CGIMethods.parse_query_parameters('x[y][z][]=10')) - assert_equal({'x' => {'y' => {'z' => ['10', '5']}}}, CGIMethods.parse_query_parameters('x[y][z][]=10&x[y][z][]=5')) + assert_equal({'x' => {'y' => {'z' => ['10']}}}, CGI.parse_query_parameters('x[y][z][]=10')) + assert_equal({'x' => {'y' => {'z' => ['10', '5']}}}, CGI.parse_query_parameters('x[y][z][]=10&x[y][z][]=5')) end def test_deep_query_string_with_array_of_hash - assert_equal({'x' => {'y' => [{'z' => '10'}]}}, CGIMethods.parse_query_parameters('x[y][][z]=10')) - assert_equal({'x' => {'y' => [{'z' => '10', 'w' => '10'}]}}, CGIMethods.parse_query_parameters('x[y][][z]=10&x[y][][w]=10')) + assert_equal({'x' => {'y' => [{'z' => '10'}]}}, CGI.parse_query_parameters('x[y][][z]=10')) + assert_equal({'x' => {'y' => [{'z' => '10', 'w' => '10'}]}}, CGI.parse_query_parameters('x[y][][z]=10&x[y][][w]=10')) end def test_deep_query_string_with_array_of_hashes_with_one_pair - assert_equal({'x' => {'y' => [{'z' => '10'}, {'z' => '20'}]}}, CGIMethods.parse_query_parameters('x[y][][z]=10&x[y][][z]=20')) - assert_equal("10", CGIMethods.parse_query_parameters('x[y][][z]=10&x[y][][z]=20')["x"]["y"].first["z"]) - assert_equal("10", CGIMethods.parse_query_parameters('x[y][][z]=10&x[y][][z]=20').with_indifferent_access[:x][:y].first[:z]) + assert_equal({'x' => {'y' => [{'z' => '10'}, {'z' => '20'}]}}, CGI.parse_query_parameters('x[y][][z]=10&x[y][][z]=20')) + assert_equal("10", CGI.parse_query_parameters('x[y][][z]=10&x[y][][z]=20')["x"]["y"].first["z"]) + assert_equal("10", CGI.parse_query_parameters('x[y][][z]=10&x[y][][z]=20').with_indifferent_access[:x][:y].first[:z]) end def test_request_hash_parsing @@ -55,62 +52,62 @@ class CGITest < Test::Unit::TestCase expected = { "note" => { "viewers"=>{"viewer"=>[{ "id"=>"1", "type"=>"User"}, {"type"=>"Group", "id"=>"2"} ]} } } - assert_equal(expected, CGIMethods.parse_request_parameters(query)) + assert_equal(expected, CGI.parse_request_parameters(query)) end def test_deep_query_string_with_array_of_hashes_with_multiple_pairs assert_equal( {'x' => {'y' => [{'z' => '10', 'w' => 'a'}, {'z' => '20', 'w' => 'b'}]}}, - CGIMethods.parse_query_parameters('x[y][][z]=10&x[y][][w]=a&x[y][][z]=20&x[y][][w]=b') + CGI.parse_query_parameters('x[y][][z]=10&x[y][][w]=a&x[y][][z]=20&x[y][][w]=b') ) end def test_query_string_with_nil assert_equal( { "action" => "create_customer", "full_name" => ''}, - CGIMethods.parse_query_parameters(@query_string_with_empty) + CGI.parse_query_parameters(@query_string_with_empty) ) end def test_query_string_with_array assert_equal( { "action" => "create_customer", "selected" => ["1", "2", "3"]}, - CGIMethods.parse_query_parameters(@query_string_with_array) + CGI.parse_query_parameters(@query_string_with_array) ) end def test_query_string_with_amps assert_equal( { "action" => "create_customer", "name" => "Don't & Does"}, - CGIMethods.parse_query_parameters(@query_string_with_amps) + CGI.parse_query_parameters(@query_string_with_amps) ) end def test_query_string_with_many_equal assert_equal( { "action" => "create_customer", "full_name" => "abc=def=ghi"}, - CGIMethods.parse_query_parameters(@query_string_with_many_equal) + CGI.parse_query_parameters(@query_string_with_many_equal) ) end def test_query_string_without_equal assert_equal( { "action" => nil }, - CGIMethods.parse_query_parameters(@query_string_without_equal) + CGI.parse_query_parameters(@query_string_without_equal) ) end def test_query_string_with_empty_key assert_equal( { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" }, - CGIMethods.parse_query_parameters(@query_string_with_empty_key) + CGI.parse_query_parameters(@query_string_with_empty_key) ) end def test_query_string_with_many_ampersands assert_equal( { "action" => "create_customer", "full_name" => "David Heinemeier Hansson"}, - CGIMethods.parse_query_parameters(@query_string_with_many_ampersands) + CGI.parse_query_parameters(@query_string_with_many_ampersands) ) end @@ -150,7 +147,7 @@ class CGITest < Test::Unit::TestCase } } - assert_equal expected_output, CGIMethods.parse_request_parameters(input) + assert_equal expected_output, CGI.parse_request_parameters(input) end def test_parse_params_from_multipart_upload @@ -197,7 +194,7 @@ class CGITest < Test::Unit::TestCase "text_part" => "abc" } - params = CGIMethods.parse_request_parameters(input) + params = CGI.parse_request_parameters(input) assert_equal expected_output, params # Lone filenames are preserved. @@ -228,7 +225,7 @@ class CGITest < Test::Unit::TestCase "logo" => File.new(File.dirname(__FILE__) + "/cgi_test.rb").path, } - assert_equal expected_output, CGIMethods.parse_request_parameters(input) + assert_equal expected_output, CGI.parse_request_parameters(input) end def test_parse_params_with_array @@ -236,43 +233,43 @@ class CGITest < Test::Unit::TestCase expected_output = { "selected" => [ "1", "2", "3" ] } - assert_equal expected_output, CGIMethods.parse_request_parameters(input) + assert_equal expected_output, CGI.parse_request_parameters(input) end def test_parse_params_with_non_alphanumeric_name input = { "a/b[c]" => %w(d) } expected = { "a/b" => { "c" => "d" }} - assert_equal expected, CGIMethods.parse_request_parameters(input) + assert_equal expected, CGI.parse_request_parameters(input) end def test_parse_params_with_single_brackets_in_middle input = { "a/b[c]d" => %w(e) } expected = { "a/b" => {} } - assert_equal expected, CGIMethods.parse_request_parameters(input) + assert_equal expected, CGI.parse_request_parameters(input) end def test_parse_params_with_separated_brackets input = { "a/b@[c]d[e]" => %w(f) } expected = { "a/b@" => { }} - assert_equal expected, CGIMethods.parse_request_parameters(input) + assert_equal expected, CGI.parse_request_parameters(input) end def test_parse_params_with_separated_brackets_and_array input = { "a/b@[c]d[e][]" => %w(f) } expected = { "a/b@" => { }} - assert_equal expected , CGIMethods.parse_request_parameters(input) + assert_equal expected , CGI.parse_request_parameters(input) end def test_parse_params_with_unmatched_brackets_and_array input = { "a/b@[c][d[e][]" => %w(f) } expected = { "a/b@" => { "c" => { }}} - assert_equal expected, CGIMethods.parse_request_parameters(input) + assert_equal expected, CGI.parse_request_parameters(input) end def test_parse_params_with_nil_key input = { nil => nil, "test2" => %w(value1) } expected = { "test2" => "value1" } - assert_equal expected, CGIMethods.parse_request_parameters(input) + assert_equal expected, CGI.parse_request_parameters(input) end end @@ -281,7 +278,7 @@ class XmlCGITest < Test::Unit::TestCase def test_single_file raw_post_data = "David#{Base64.encode64('ABC')}" - person = CGIMethods.parse_formatted_request_parameters(Mime::XML, raw_post_data) + person = CGI.parse_formatted_request_parameters(Mime::XML, raw_post_data) assert_equal "image/jpg", person['person']['avatar'].content_type assert_equal "me.jpg", person['person']['avatar'].original_filename assert_equal "ABC", person['person']['avatar'].read @@ -293,7 +290,7 @@ class XmlCGITest < Test::Unit::TestCase "#{Base64.encode64('ABC')}" + "#{Base64.encode64('DEF')}" + "" - person = CGIMethods.parse_formatted_request_parameters(Mime::XML, raw_post_data) + person = CGI.parse_formatted_request_parameters(Mime::XML, raw_post_data) assert_equal "image/jpg", person['person']['avatars']['avatar'].first.content_type assert_equal "me.jpg", person['person']['avatars']['avatar'].first.original_filename @@ -387,7 +384,7 @@ class MultipartCGITest < Test::Unit::TestCase ENV['CONTENT_LENGTH'] = file.stat.size.to_s $stdin = file @cgi = CGI.new - CGIMethods.parse_request_parameters @cgi.params + CGI.parse_request_parameters @cgi.params end ensure $stdin = old_stdin @@ -457,11 +454,11 @@ class CGIRequestTest < Test::Unit::TestCase def test_unbalanced_query_string_with_array assert_equal( {'location' => ["1", "2"], 'age_group' => ["2"]}, - CGIMethods.parse_query_parameters("location[]=1&location[]=2&age_group[]=2") + CGI.parse_query_parameters("location[]=1&location[]=2&age_group[]=2") ) assert_equal( {'location' => ["1", "2"], 'age_group' => ["2"]}, - CGIMethods.parse_request_parameters({'location[]' => ["1", "2"], + CGI.parse_request_parameters({'location[]' => ["1", "2"], 'age_group[]' => ["2"]}) ) end diff --git a/actionpack/test/controller/raw_post_test.rb b/actionpack/test/controller/raw_post_test.rb index 6fdeafb8f1..1f8a93d149 100644 --- a/actionpack/test/controller/raw_post_test.rb +++ b/actionpack/test/controller/raw_post_test.rb @@ -1,7 +1,6 @@ require "#{File.dirname(__FILE__)}/../abstract_unit" -require 'cgi' require 'stringio' -require 'action_controller/cgi_ext/raw_post_data_fix' +require 'action_controller/cgi_ext/query_extension' class RawPostDataTest < Test::Unit::TestCase def setup diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 7d254e4f84..28efcb8a50 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -1,6 +1,6 @@ require "#{File.dirname(__FILE__)}/../../abstract_unit" require 'action_controller/cgi_process' -require 'action_controller/cgi_ext/cgi_ext' +require 'action_controller/cgi_ext' require 'stringio' -- cgit v1.2.3