X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fhttp.lua;h=9cc9857867a430d00c67be669249685fa483daf2;hp=a5329e51d6835a222ce5e8c1f1046b6b6af555ef;hb=11d0129f9661155dd2bd44cce5866726acd53433;hpb=7a3493b1f7d75a3945279115324cf2ff4da26b7b

diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua
index a5329e51d..9cc985786 100644
--- a/modules/luci-base/luasrc/http.lua
+++ b/modules/luci-base/luasrc/http.lua
@@ -11,7 +11,6 @@ local table = require "table"
 local ipairs, pairs, next, type, tostring, error =
 	ipairs, pairs, next, type, tostring, error
 
---- LuCI Web Framework high-level HTTP functions.
 module "luci.http"
 
 context = util.threadlocal()
@@ -90,6 +89,37 @@ end
 
 function Request.setfilehandler(self, callback)
 	self.filehandler = callback
+
+	-- If input has already been parsed then any files are either in temporary files
+	-- or are in self.message.params[key]
+	if self.parsed_input then
+		for param, value in pairs(self.message.params) do
+		repeat
+			-- We're only interested in files
+			if (not value["file"]) then break end
+			-- If we were able to write to temporary file
+			if (value["fd"]) then 
+				fd = value["fd"]
+				local eof = false
+				repeat	
+					filedata = fd:read(1024)
+					if (filedata:len() < 1024) then
+						eof = true
+					end
+					callback({ name=value["name"], file=value["file"] }, filedata, eof)
+				until (eof)
+				fd:close()
+				value["fd"] = nil
+			-- We had to read into memory
+			else
+				-- There should only be one numbered value in table - the data
+				for k, v in ipairs(value) do
+					callback({ name=value["name"], file=value["file"] }, v, true)
+				end
+			end
+		until true
+		end
+	end
 end
 
 function Request._parse_input(self)
@@ -101,7 +131,6 @@ function Request._parse_input(self)
 	self.parsed_input = true
 end
 
---- Close the HTTP-Connection.
 function close()
 	if not context.eoh then
 		context.eoh = true
@@ -114,52 +143,31 @@ function close()
 	end
 end
 
---- Return the request content if the request was of unknown type.
--- @return	HTTP request body
--- @return	HTTP request body length
 function content()
 	return context.request:content()
 end
 
---- Get a certain HTTP input value or a table of all input values.
--- @param name		Name of the GET or POST variable to fetch
--- @param noparse	Don't parse POST data before getting the value
--- @return			HTTP input value or table of all input value
 function formvalue(name, noparse)
 	return context.request:formvalue(name, noparse)
 end
 
---- Get a table of all HTTP input values with a certain prefix.
--- @param prefix	Prefix
--- @return			Table of all HTTP input values with given prefix
 function formvaluetable(prefix)
 	return context.request:formvaluetable(prefix)
 end
 
---- Get the value of a certain HTTP-Cookie.
--- @param name		Cookie Name
--- @return			String containing cookie data
 function getcookie(name)
 	return context.request:getcookie(name)
 end
 
---- Get the value of a certain HTTP environment variable
 -- or the environment table itself.
--- @param name		Environment variable
--- @return			HTTP environment value or environment table
 function getenv(name)
 	return context.request:getenv(name)
 end
 
---- Set a handler function for incoming user file uploads.
--- @param callback	Handler function
 function setfilehandler(callback)
 	return context.request:setfilehandler(callback)
 end
 
---- Send a HTTP-Header.
--- @param key	Header key
--- @param value Header value
 function header(key, value)
 	if not context.headers then
 		context.headers = {}
@@ -168,8 +176,6 @@ function header(key, value)
 	coroutine.yield(2, key, value)
 end
 
---- Set the mime type of following content data.
--- @param mime	Mimetype of following content
 function prepare_content(mime)
 	if not context.headers or not context.headers["content-type"] then
 		if mime == "application/xhtml+xml" then
@@ -183,15 +189,10 @@ function prepare_content(mime)
 	end
 end
 
---- Get the RAW HTTP input source
--- @return	HTTP LTN12 source
 function source()
 	return context.request.input
 end
 
---- Set the HTTP status code and status message.
--- @param code		Status code
--- @param message	Status message
 function status(code, message)
 	code = code or 200
 	message = message or "OK"
@@ -199,12 +200,8 @@ function status(code, message)
 	coroutine.yield(1, code, message)
 end
 
---- Send a chunk of content data to the client.
 -- This function is as a valid LTN12 sink.
 -- If the content chunk is nil this function will automatically invoke close.
--- @param content	Content chunk
--- @param src_err	Error object from source (optional)
--- @see close
 function write(content, src_err)
 	if not content then
 		if src_err then
@@ -227,7 +224,15 @@ function write(content, src_err)
 				header("Cache-Control", "no-cache")
 				header("Expires", "0")
 			end
-
+			if not context.headers["x-frame-options"] then
+				header("X-Frame-Options", "SAMEORIGIN")
+			end
+			if not context.headers["x-xss-protection"] then
+				header("X-XSS-Protection", "1; mode=block")
+			end
+			if not context.headers["x-content-type-options"] then
+				header("X-Content-Type-Options", "nosniff")
+			end
 
 			context.eoh = true
 			coroutine.yield(3)
@@ -237,24 +242,17 @@ function write(content, src_err)
 	end
 end
 
---- Splice data from a filedescriptor to the client.
--- @param fp	File descriptor
--- @param size	Bytes to splice (optional)
 function splice(fd, size)
 	coroutine.yield(6, fd, size)
 end
 
---- Redirects the client to a new URL and closes the connection.
--- @param url	Target URL
 function redirect(url)
+	if url == "" then url = "/" end
 	status(302, "Found")
 	header("Location", url)
 	close()
 end
 
---- Create a querystring out of a table of key - value pairs.
--- @param table		Query string source table
--- @return			Encoded HTTP query string
 function build_querystring(q)
 	local s = { "?" }
 
@@ -269,56 +267,10 @@ function build_querystring(q)
 	return table.concat(s, "")
 end
 
---- Return the URL-decoded equivalent of a string.
--- @param str		URL-encoded string
--- @param no_plus	Don't decode + to " "
--- @return			URL-decoded string
--- @see urlencode
 urldecode = protocol.urldecode
 
---- Return the URL-encoded equivalent of a string.
--- @param str		Source string
--- @return			URL-encoded string
--- @see urldecode
 urlencode = protocol.urlencode
 
---- Send the given data as JSON encoded string.
--- @param data		Data to send
 function write_json(x)
-	if x == nil then
-		write("null")
-	elseif type(x) == "table" then
-		local k, v
-		if type(next(x)) == "number" then
-			write("[ ")
-			for k, v in ipairs(x) do
-				write_json(v)
-				if next(x, k) then
-					write(", ")
-				end
-			end
-			write(" ]")
-		else
-			write("{ ")
-			for k, v in pairs(x) do
-			write("%q: " % k)
-				write_json(v)
-				if next(x, k) then
-					write(", ")
-				end
-			end
-			write(" }")
-		end
-	elseif type(x) == "number" or type(x) == "boolean" then
-		if (x ~= x) then
-			-- NaN is the only value that doesn't equal to itself.
-			write("Number.NaN")
-		else
-			write(tostring(x))
-		end
-	else
-		write('"%s"' % tostring(x):gsub('["%z\1-\31]', function(c)
-			return '\\u%04x' % c:byte(1)
-		end))
-	end
+	util.serialize_json(x, write)
 end