require 'cgi' require 'strscan' module ActionController module CgiExt module Parameters def self.included(base) base.extend ClassMethods end # Merge POST and GET parameters from the request body and query string, # with GET parameters taking precedence. def parameters request_parameters.update(query_parameters) end def query_parameters self.class.parse_query_parameters(query_string) end def request_parameters self.class.parse_request_parameters(params, env_table) end module ClassMethods # DEPRECATED: Use parse_form_encoded_parameters def parse_query_parameters(query_string) pairs = query_string.split('&').collect do |chunk| next if chunk.empty? key, value = chunk.split('=', 2) next if key.empty? value = value.nil? ? nil : CGI.unescape(value) [ CGI.unescape(key), value ] end.compact FormEncodedPairParser.new(pairs).result end # DEPRECATED: Use parse_form_encoded_parameters def parse_request_parameters(params) parser = FormEncodedPairParser.new params = params.dup until params.empty? for key, value in params if key.blank? params.delete key elsif !key.include?('[') # much faster to test for the most common case first (GET) # and avoid the call to build_deep_hash parser.result[key] = get_typed_value(value[0]) params.delete key elsif value.is_a?(Array) parser.parse(key, get_typed_value(value.shift)) params.delete key if value.empty? else raise TypeError, "Expected array, found #{value.inspect}" end end end parser.result end def parse_formatted_request_parameters(mime_type, body) case strategy = ActionController::Base.param_parsers[mime_type] when Proc strategy.call(body) when :xml_simple, :xml_node body.blank? ? {} : Hash.from_xml(body).with_indifferent_access when :yaml YAML.load(body) end rescue Exception => e # YAML, XML or Ruby code block errors { "exception" => "#{e.message} (#{e.class})", "backtrace" => e.backtrace, "body" => body, "format" => mime_type } end private def get_typed_value(value) case value when String value when NilClass '' when Array value.map { |v| get_typed_value(v) } else # Uploaded file provides content type and filename. if value.respond_to?(:content_type) && !value.content_type.blank? && !value.original_filename.blank? unless value.respond_to?(:full_original_filename) class << value alias_method :full_original_filename, :original_filename # Take the basename of the upload's original filename. # This handles the full Windows paths given by Internet Explorer # (and perhaps other broken user agents) without affecting # those which give the lone filename. # The Windows regexp is adapted from Perl's File::Basename. def original_filename if md = /^(?:.*[:\\\/])?(.*)/m.match(full_original_filename) md.captures.first else File.basename full_original_filename end end end end # Return the same value after overriding original_filename. value # Multipart values may have content type, but no filename. elsif value.respond_to?(:read) result = value.read value.rewind result # Unknown value, neither string nor multipart. else raise "Unknown form value: #{value.inspect}" end end end end class FormEncodedPairParser < StringScanner #:nodoc: attr_reader :top, :parent, :result def initialize(pairs = []) super('') @result = {} pairs.each { |key, value| parse(key, value) } end KEY_REGEXP = %r{([^\[\]=&]+)} BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} # Parse the query string def parse(key, value) self.string = key @top, @parent = result, nil # First scan the bare key key = scan(KEY_REGEXP) or return key = post_key_check(key) # Then scan as many nestings as present until eos? r = scan(BRACKETED_KEY_REGEXP) or return key = self[1] key = post_key_check(key) end bind(key, value) end private # After we see a key, we must look ahead to determine our next action. Cases: # # [] follows the key. Then the value must be an array. # = follows the key. (A value comes next) # & or the end of string follows the key. Then the key is a flag. # otherwise, a hash follows the key. def post_key_check(key) if scan(/\[\]/) # a[b][] indicates that b is an array container(key, Array) nil elsif check(/\[[^\]]/) # a[b] indicates that a is a hash container(key, Hash) nil else # End of key? We do nothing. key end end # Add a container to the stack. def container(key, klass) type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) value = bind(key, klass.new) type_conflict! klass, value unless value.is_a?(klass) push(value) end # Push a value onto the 'stack', which is actually only the top 2 items. def push(value) @parent, @top = @top, value end # Bind a key (which may be nil for items in an array) to the provided value. def bind(key, value) if top.is_a? Array if key if top[-1].is_a?(Hash) && ! top[-1].key?(key) top[-1][key] = value else top << {key => value}.with_indifferent_access push top.last end else top << value end elsif top.is_a? Hash key = CGI.unescape(key) parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) return top[key] ||= value else raise ArgumentError, "Don't know what to do: top is #{top.inspect}" end return value end def type_conflict!(klass, value) raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value." end end end end end