luci-base: refactor luci.http

[project/luci.git] / modules / luci-base / luasrc / http.lua
diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua

index a92d8af..f1d7d6a 100644 (file)
--- a/modules/luci-base/luasrc/http.lua
+++ b/modules/luci-base/luasrc/http.lua
@@ -7,6 +7,7 @@ local util  = require "luci.util"
  local string = require "string"
  local coroutine = require "coroutine"
  local table = require "table"
+local lhttp = require "lucihttp"
  
  local ipairs, pairs, next, type, tostring, error =
         ipairs, pairs, next, type, tostring, error
@@ -73,10 +74,7 @@ function Request.content(self)
  end
  
  function Request.getcookie(self, name)
-  local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";")
-  local p = ";" .. name .. "=(.-);"
-  local i, j, value = c:find(p)
-  return value and urldecode(value)
+       return lhttp.header_attribute("cookie; " .. (self:getenv("HTTP_COOKIE") or ""), name)
  end
  
  function Request.getenv(self, name)
@@ -89,6 +87,31 @@ end
  
  function Request.setfilehandler(self, callback)
         self.filehandler = callback
+
+       if not self.parsed_input then
+               return
+       end
+
+       -- If input has already been parsed then uploads are stored as unlinked
+       -- temporary files pointed to by open file handles in the parameter
+       -- value table. Loop all params, and invoke the file callback for any
+       -- param with an open file handle.
+       local name, value
+       for name, value in pairs(self.message.params) do
+               if type(value) == "table" then
+                       while value.fd do
+                               local data = value.fd:read(1024)
+                               local eof = (not data or data == "")
+
+                               callback(value, data, eof)
+
+                               if eof then
+                                       value.fd:close()
+                                       value.fd = nil
+                               end
+                       end
+               end
+       end
  end
  
  function Request._parse_input(self)
@@ -193,7 +216,15 @@ function write(content, src_err)
                                 header("Cache-Control", "no-cache")
                                 header("Expires", "0")
                         end
-
+                       if not context.headers["x-frame-options"] then
+                               header("X-Frame-Options", "SAMEORIGIN")
+                       end
+                       if not context.headers["x-xss-protection"] then
+                               header("X-XSS-Protection", "1; mode=block")
+                       end
+                       if not context.headers["x-content-type-options"] then
+                               header("X-Content-Type-Options", "nosniff")
+                       end
  
                         context.eoh = true
                         coroutine.yield(3)
@@ -208,28 +239,29 @@ function splice(fd, size)
  end
  
  function redirect(url)
+       if url == "" then url = "/" end
         status(302, "Found")
         header("Location", url)
         close()
  end
  
  function build_querystring(q)
-       local s = { "?" }
+       local s, n, k, v = {}, 1, nil, nil
  
         for k, v in pairs(q) do
-               if #s > 1 then s[#s+1] = "&" end
-
-               s[#s+1] = urldecode(k)
-               s[#s+1] = "="
-               s[#s+1] = urldecode(v)
+               s[n+0] = (n == 1) and "?" or "&"
+               s[n+1] = util.urlencode(k)
+               s[n+2] = "="
+               s[n+3] = util.urlencode(v)
+               n = n + 4
         end
  
         return table.concat(s, "")
  end
  
-urldecode = protocol.urldecode
+urldecode = util.urldecode
  
-urlencode = protocol.urlencode
+urlencode = util.urlencode
  
  function write_json(x)
         util.serialize_json(x, write)