projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
libs/web: Prevent luci.http to prematurely parse the POST data
[project/luci.git]
/
libs
/
web
/
luasrc
/
http.lua
diff --git
a/libs/web/luasrc/http.lua
b/libs/web/luasrc/http.lua
index
5263bfa
..
6838220
100644
(file)
--- a/
libs/web/luasrc/http.lua
+++ b/
libs/web/luasrc/http.lua
@@
-7,9
+7,6
@@
HTTP-Header manipulator and form variable preprocessor
FileId:
$Id$
FileId:
$Id$
-ToDo:
-- Cookie handling
-
License:
Copyright 2008 Steven Barth <steven@midlink.org>
License:
Copyright 2008 Steven Barth <steven@midlink.org>
@@
-28,7
+25,7
@@
limitations under the License.
]]--
module("luci.http", package.seeall)
]]--
module("luci.http", package.seeall)
-
require("
ltn12")
+
local ltn12 = require("luci.
ltn12")
require("luci.http.protocol")
require("luci.util")
require("luci.http.protocol")
require("luci.util")
@@
-51,24
+48,16
@@
function Request.__init__(self, env, sourcein, sinkerr)
params = luci.http.protocol.urldecode_params(env.QUERY_STRING or ""),
}
params = luci.http.protocol.urldecode_params(env.QUERY_STRING or ""),
}
- setmetatable(self.message.params, {__index =
- function(tbl, key)
- setmetatable(tbl, nil)
-
- luci.http.protocol.parse_message_body(
- self.input,
- self.message,
- self.filehandler
- )
-
- return rawget(tbl, key)
- end
- })
+ self.parsed_input = false
end
end
-function Request.formvalue(self, name, default)
+function Request.formvalue(self, name, noparse)
+ if not noparse and not self.parsed_input then
+ self:_parse_input()
+ end
+
if name then
if name then
- return self.message.params[name]
and tostring(self.message.params[name]) or default
+ return self.message.params[name]
else
return self.message.params
end
else
return self.message.params
end
@@
-78,6
+67,10
@@
function Request.formvaluetable(self, prefix)
local vals = {}
prefix = prefix and prefix .. "." or "."
local vals = {}
prefix = prefix and prefix .. "." or "."
+ if not self.parsed_input then
+ self:_parse_input()
+ end
+
local void = self.message.params[nil]
for k, v in pairs(self.message.params) do
if k:find(prefix, 1, true) == 1 then
local void = self.message.params[nil]
for k, v in pairs(self.message.params) do
if k:find(prefix, 1, true) == 1 then
@@
-88,14
+81,34
@@
function Request.formvaluetable(self, prefix)
return vals
end
return vals
end
+function Request.getcookie(self, name)
+ local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";")
+ local p = ";" .. name .. "=(.-);"
+ local i, j, value = c:find(p)
+ return value and urldecode(value)
+end
+
function Request.getenv(self, name)
function Request.getenv(self, name)
- return name and self.message.env[name] or self.message.env
+ if name then
+ return self.message.env[name]
+ else
+ return self.message.env
+ end
end
function Request.setfilehandler(self, callback)
self.filehandler = callback
end
end
function Request.setfilehandler(self, callback)
self.filehandler = callback
end
+function Request._parse_input(self)
+ luci.http.protocol.parse_message_body(
+ self.input,
+ self.message,
+ self.filehandler
+ )
+ self.parsed_input = true
+end
+
function close()
if not context.eoh then
function close()
if not context.eoh then
@@
-117,6
+130,10
@@
function formvaluetable(...)
return context.request:formvaluetable(...)
end
return context.request:formvaluetable(...)
end
+function getcookie(...)
+ return context.request:getcookie(...)
+end
+
function getvalue(...)
return context.request:getvalue(...)
end
function getvalue(...)
return context.request:getvalue(...)
end
@@
-134,9
+151,6
@@
function setfilehandler(...)
end
function header(key, value)
end
function header(key, value)
- if not context.status then
- status()
- end
if not context.headers then
context.headers = {}
end
if not context.headers then
context.headers = {}
end
@@
-155,38
+169,35
@@
function status(code, message)
coroutine.yield(1, code, message)
end
coroutine.yield(1, code, message)
end
-function write(content)
- if not content or #content == 0 then
- return
- end
- if not context.eoh then
- if not context.status then
- status()
+function write(content, src_err)
+ if not content then
+ if src_err then
+ error(src_err)
+ else
+ close()
end
end
- if not context.headers or not context.headers["content-type"] then
- header("Content-Type", "text/html; charset=utf-8")
+ return true
+ elseif #content == 0 then
+ return true
+ else
+ if not context.eoh then
+ if not context.status then
+ status()
+ end
+ if not context.headers or not context.headers["content-type"] then
+ header("Content-Type", "text/html; charset=utf-8")
+ end
+
+ context.eoh = true
+ coroutine.yield(3)
end
end
-
- context.eoh = true
- coroutine.yield(3)
+ coroutine.yield(4, content)
+ return true
end
end
- coroutine.yield(4, content)
-end
-
-
-function basic_auth(realm, errorpage)
- header("Status", "401 Unauthorized")
- header("WWW-Authenticate", string.format('Basic realm="%s"', realm or ""))
-
- if errorpage then
- errorpage()
- end
-
- close()
end
function redirect(url)
end
function redirect(url)
-
header("Status", "302
Found")
+
status(302, "
Found")
header("Location", url)
close()
end
header("Location", url)
close()
end