libs/web: Prevent luci.http to prematurely parse the POST data

[project/luci.git] / libs / web / luasrc / http.lua

diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua
index 37050e4..6838220 100644 (file)
--- a/libs/web/luasrc/http.lua
+++ b/libs/web/luasrc/http.lua
@@ -25,7 +25,7 @@ limitations under the License.
 ]]--
 
 module("luci.http", package.seeall)
-require("ltn12")
+local ltn12 = require("luci.ltn12")
 require("luci.http.protocol")
 require("luci.util")
 
@@ -51,13 +51,13 @@ function Request.__init__(self, env, sourcein, sinkerr)
        self.parsed_input = false
 end
 
-function Request.formvalue(self, name, default)
-       if not self.parsed_input then
+function Request.formvalue(self, name, noparse)
+       if not noparse and not self.parsed_input then
                self:_parse_input()
        end
        
        if name then
-               return self.message.params[name] and tostring(self.message.params[name]) or default
+               return self.message.params[name]
        else
                return self.message.params
        end
@@ -84,7 +84,7 @@ end
 function Request.getcookie(self, name)
   local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";")
   local p = ";" .. name .. "=(.-);"
-  local i, j, value = cookies:find(p)
+  local i, j, value = c:find(p)
   return value and urldecode(value)
 end
 
@@ -130,6 +130,10 @@ function formvaluetable(...)
        return context.request:formvaluetable(...)
 end
 
+function getcookie(...)
+       return context.request:getcookie(...)
+end
+
 function getvalue(...)
        return context.request:getvalue(...)
 end
@@ -147,9 +151,6 @@ function setfilehandler(...)
 end
 
 function header(key, value)
-       if not context.status then
-               status()
-       end
        if not context.headers then
                context.headers = {}
        end
@@ -168,26 +169,35 @@ function status(code, message)
        coroutine.yield(1, code, message)
 end
 
-function write(content)
-       if not content or #content == 0 then
-               return
-       end
-       if not context.eoh then
-               if not context.status then
-                       status()
+function write(content, src_err)
+       if not content then
+               if src_err then
+                       error(src_err)
+               else
+                       close()
                end
-               if not context.headers or not context.headers["content-type"] then
-                       header("Content-Type", "text/html; charset=utf-8")
+               return true
+       elseif #content == 0 then
+               return true
+       else
+               if not context.eoh then
+                       if not context.status then
+                               status()
+                       end
+                       if not context.headers or not context.headers["content-type"] then
+                               header("Content-Type", "text/html; charset=utf-8")
+                       end
+                       
+                       context.eoh = true
+                       coroutine.yield(3)
                end
-               
-               context.eoh = true
-               coroutine.yield(3)
+               coroutine.yield(4, content)
+               return true
        end
-       coroutine.yield(4, content)
 end
 
 function redirect(url)
-       header("Status", "302 Found")
+       status(302, "Found")
        header("Location", url)
        close()
 end