X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fhttp.lua;h=1b03f792b0e6107e2cdc5fa52a8b5d4e76021f0f;hp=4b357317272eec507110f8b674be85ec84d9541b;hb=f52c8d0b7f0eeec4259992182103d859f454639b;hpb=c123fa86b02f7e9ecd7d474a03359628b444bd1d

diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua
index 4b3573172..1b03f792b 100644
--- a/modules/luci-base/luasrc/http.lua
+++ b/modules/luci-base/luasrc/http.lua
@@ -89,6 +89,37 @@ end
 
 function Request.setfilehandler(self, callback)
 	self.filehandler = callback
+
+	-- If input has already been parsed then any files are either in temporary files
+	-- or are in self.message.params[key]
+	if self.parsed_input then
+		for param, value in pairs(self.message.params) do
+		repeat
+			-- We're only interested in files
+			if (not value["file"]) then break end
+			-- If we were able to write to temporary file
+			if (value["fd"]) then 
+				fd = value["fd"]
+				local eof = false
+				repeat	
+					filedata = fd:read(1024)
+					if (filedata:len() < 1024) then
+						eof = true
+					end
+					callback({ name=value["name"], file=value["file"] }, filedata, eof)
+				until (eof)
+				fd:close()
+				value["fd"] = nil
+			-- We had to read into memory
+			else
+				-- There should only be one numbered value in table - the data
+				for k, v in ipairs(value) do
+					callback({ name=value["name"], file=value["file"] }, v, true)
+				end
+			end
+		until true
+		end
+	end
 end
 
 function Request._parse_input(self)
@@ -193,7 +224,15 @@ function write(content, src_err)
 				header("Cache-Control", "no-cache")
 				header("Expires", "0")
 			end
-
+			if not context.headers["x-frame-options"] then
+				header("X-Frame-Options", "SAMEORIGIN")
+			end
+			if not context.headers["x-xss-protection"] then
+				header("X-XSS-Protection", "1; mode=block")
+			end
+			if not context.headers["x-content-type-options"] then
+				header("X-Content-Type-Options", "nosniff")
+			end
 
 			context.eoh = true
 			coroutine.yield(3)
@@ -228,9 +267,9 @@ function build_querystring(q)
 	return table.concat(s, "")
 end
 
-urldecode = protocol.urldecode
+urldecode = util.urldecode
 
-urlencode = protocol.urlencode
+urlencode = util.urlencode
 
 function write_json(x)
 	util.serialize_json(x, write)