Changeset 4388

Timestamp:

06/01/06 00:01:48 (2 years ago)

Author:

bitsweat

Message:

Cope with missing content type and length headers. Parse parameters from multipart and urlencoded request bodies only. Accept multipart PUT parameters. Closes #5235.

Files:

• trunk/actionpack/CHANGELOG (modified) (1 diff)
• trunk/actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb (modified) (6 diffs)
• trunk/actionpack/test/controller/cgi_test.rb (modified) (2 diffs)
• trunk/actionpack/test/controller/raw_post_test.rb (modified) (1 diff)

trunk/actionpack/CHANGELOG

@@ -1 +1 @@
-*SVN*
+
+* Cope with missing content type and length headers. Parse parameters from multipart and urlencoded request bodies only. [Jeremy Kemper]
+
+* Accept multipart PUT parameters. #5235 [guy.naor@famundo.com]
-
-* Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [DHH]. Example:

trunk/actionpack/lib/action_controller/cgi_ext/raw_post_data_fix.rb

@@ -1 +1 @@
-class CGI #:nodoc:
-  # Add @request.env['RAW_POST_DATA'] for the vegans.
-  module QueryExtension
-    # Initialize the data from the query.
@@ -6 +5 @@
-    # Handles multipart forms (in particular, forms that involve file uploads).
-    # Reads query parameters in the @params field, and cookies into @cookies.
-()
+
-      @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE'])
-
-fix some strange request environments
+ Fix some strange request environments.
-      if method = env_table['REQUEST_METHOD']
-        method = method.to_s.downcase.intern
@@ -16 +15 @@
-      end
-
-
-
-
-
-
-
+
+
+
+
-      end
+
+      # Force content length to zero if missing.
+      content_length = env_table['CONTENT_LENGTH'].to_i
+
+      # Set multipart to false by default.
+      @multipart = false
+
+      # POST and PUT may have params in entity body. If content type is
+      # missing for POST, assume urlencoded. If content type is missing
+      # for PUT, don't assume anything and don't parse the parameters:
+      # it's likely binary data.
+      #
+      # The other HTTP methods have their params in the query string.
+      if method == :post || method == :put
+        if boundary = extract_multipart_form_boundary(content_type)
+          @multipart = true
+          @params = read_multipart(boundary, content_length)
+        elsif content_type.downcase != 'application/x-www-form-urlencoded'
+          read_params(method, content_length)
+          @params = {}
+        end
+      end
+
+      @params ||= CGI.parse(read_params(method, content_length))
-    end
-
@@ -30 +51 @@
-      end
-
-multipart_form_boundary
-env_table['CONTENT_TYPE']
+extract_multipart_form_boundary(content_type)
+content_type
-      end
-
-      if defined? MOD_RUBY
-params_from_
+
-          Apache::request.args || ''
-        end
-      else
-params_from_
+
-          # fixes CGI querystring parsing for lighttpd
-          env_qs = env_table['QUERY_STRING']
@@ -50 +71 @@
-      end
-
-params_from_post
+body(content_length)
-        stdinput.binmode if stdinput.respond_to?(:binmode)
-Integer(env_table['CONTENT_LENGTH'])
-f
+content_length
+F
-        content.chop! if content[-1] == 0
-        content.gsub! /&_=$/, ''
@@ -59 +80 @@
-      end
-
-query_params(method
+params(method, content_length
-        case method
-          when :get
-params_from_
+
-          when :post, :put
-params_from_post
+body(content_length)
-          when :cmd
-            read_from_cmdline
-when :head, :delete, :options
-params_from_
+:head, :delete, :options, :trace, :connect
+
-        end
-      end

trunk/actionpack/test/controller/cgi_test.rb

@@ -236 +236 @@
-end
-
+
-class MultipartCGITest < Test::Unit::TestCase
-  FIXTURE_PATH = File.dirname(__FILE__) + '/../fixtures/multipart'
@@ -316 +317 @@
-end
-
+# Ensures that PUT works with multipart as well as POST.
+class PutMultipartCGITest < MultipartCGITest
+  def setup
+    super
+    ENV['REQUEST_METHOD'] = 'PUT'
+  end
+end
+
-
-class CGIRequestTest < Test::Unit::TestCase

trunk/actionpack/test/controller/raw_post_test.rb

@@ -6 +6 @@
-class RawPostDataTest < Test::Unit::TestCase
-  def setup
+    ENV.delete('RAW_POST_DATA')
+    @request_body = 'a=1'
+  end
+
+  def test_post_with_urlencoded_body
+    ENV['REQUEST_METHOD'] = 'POST'
+    ENV['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
+    assert_equal ['1'], cgi_params['a']
+    assert_has_raw_post_data
+  end
+
+  def test_post_with_empty_content_type_treated_as_urlencoded
-    ENV['REQUEST_METHOD'] = 'POST'
-    ENV['CONTENT_TYPE'] = ''
-
+
+
-  end
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-  end
-
-  private
-process_raw(query_string)
- = $stdin
-begin
-  $stdin = StringIO.new(query_string.dup)
-    ENV['CONTENT_LENGTH'] = $stdin.size.to_s
-  CGI.new
-    assert_not_nil ENV['RAW_POST_DATA']
-
-    assert_equal query_string, ENV['RAW_POST_DATA']
-ensure
-  $stdin = old_stdin
-end
+cgi_params
+, $stdin = $stdin, StringIO.new(@request_body.dup)
+ENV['CONTENT_LENGTH'] = $stdin.size.to_s
+CGI.new.params
+ensure
+$stdin = old_stdin
+end
+
+def assert_has_raw_post_data(expected_body = @request_body)
+assert_not_nil ENV['RAW_POST_DATA']
+assert ENV['RAW_POST_DATA'].frozen?
+assert_equal expected_body, ENV['RAW_POST_DATA']
-    end
-end