libs/web: Prevent luci.http to prematurely parse the POST data

[project/luci.git] / libs / web / luasrc / http.lua
diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua

index 8ee864a..6838220 100644 (file)
--- a/libs/web/luasrc/http.lua
+++ b/libs/web/luasrc/http.lua
@@ -7,9 +7,6 @@ HTTP-Header manipulator and form variable preprocessor
  FileId:
  $Id$
  
-ToDo:
-- Cookie handling
-
  License:
  Copyright 2008 Steven Barth <steven@midlink.org>
  
@@ -28,46 +25,88 @@ limitations under the License.
  ]]--
  
  module("luci.http", package.seeall)
+local ltn12 = require("luci.ltn12")
+require("luci.http.protocol")
  require("luci.util")
+
  context = luci.util.threadlocal()
  
  
  Request = luci.util.class()
-function Request.__init__(self)
-       self.headers = {}
-       self.request = {}
-       self.uploads = {}
-       self.env = {}
-       self.data = ""
-end
+function Request.__init__(self, env, sourcein, sinkerr)
+       self.input = sourcein
+       self.error = sinkerr
  
-function Request.formvalue(self, name, default)
-       return self.request[name] or default
+
+       -- File handler
+       self.filehandler = function() end
+       
+       -- HTTP-Message table
+       self.message = {
+               env = env,
+               headers = {},
+               params = luci.http.protocol.urldecode_params(env.QUERY_STRING or ""),
+       }
+       
+       self.parsed_input = false
  end
  
-function Request.formvalues(self)
-       return self.request
+function Request.formvalue(self, name, noparse)
+       if not noparse and not self.parsed_input then
+               self:_parse_input()
+       end
+       
+       if name then
+               return self.message.params[name]
+       else
+               return self.message.params
+       end
  end
  
  function Request.formvaluetable(self, prefix)
         local vals = {}
         prefix = prefix and prefix .. "." or "."
         
-       for k, v in pairs(self.request) do
+       if not self.parsed_input then
+               self:_parse_input()
+       end
+       
+       local void = self.message.params[nil]
+       for k, v in pairs(self.message.params) do
                 if k:find(prefix, 1, true) == 1 then
-                       vals[k:sub(#prefix + 1)] = v
+                       vals[k:sub(#prefix + 1)] = tostring(v)
                 end
         end
         
         return vals
  end
  
+function Request.getcookie(self, name)
+  local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";")
+  local p = ";" .. name .. "=(.-);"
+  local i, j, value = c:find(p)
+  return value and urldecode(value)
+end
+
  function Request.getenv(self, name)
-       return self.env[name]
+       if name then
+               return self.message.env[name]
+       else
+               return self.message.env
+       end
  end
  
-function Request.upload(self, name)
-       return self.uploads[name]
+function Request.setfilehandler(self, callback)
+       self.filehandler = callback
+end
+
+function Request._parse_input(self)
+       luci.http.protocol.parse_message_body(
+                self.input,
+                self.message,
+                self.filehandler
+       )
+       self.parsed_input = true
  end
  
  
@@ -87,22 +126,31 @@ function formvalue(...)
         return context.request:formvalue(...)
  end
  
-function formvalues(...)
-       return context.request:formvalues(...)
-end
-
  function formvaluetable(...)
         return context.request:formvaluetable(...)
  end
  
+function getcookie(...)
+       return context.request:getcookie(...)
+end
+
+function getvalue(...)
+       return context.request:getvalue(...)
+end
+
+function postvalue(...)
+       return context.request:postvalue(...)
+end
+
  function getenv(...)
         return context.request:getenv(...)
  end
  
+function setfilehandler(...)
+       return context.request:setfilehandler(...)
+end
+
  function header(key, value)
-       if not context.status then
-               status()
-       end
         if not context.headers then
                 context.headers = {}
         end
@@ -121,70 +169,48 @@ function status(code, message)
         coroutine.yield(1, code, message)
  end
  
-function write(content)
-       if not content or #content == 0 then
-               return
-       end
-       if not context.eoh then
-               if not context.status then
-                       status()
+function write(content, src_err)
+       if not content then
+               if src_err then
+                       error(src_err)
+               else
+                       close()
                 end
-               if not context.headers or not context.headers["content-type"] then
-                       header("Content-Type", "text/html; charset=utf-8")
+               return true
+       elseif #content == 0 then
+               return true
+       else
+               if not context.eoh then
+                       if not context.status then
+                               status()
+                       end
+                       if not context.headers or not context.headers["content-type"] then
+                               header("Content-Type", "text/html; charset=utf-8")
+                       end
+                       
+                       context.eoh = true
+                       coroutine.yield(3)
                 end
-               
-               context.eoh = true
-               coroutine.yield(3)
-       end
-       coroutine.yield(4, content)
-end
-
-
-function basic_auth(realm, errorpage)
-       header("Status", "401 Unauthorized")
-       header("WWW-Authenticate", string.format('Basic realm="%s"', realm or ""))
-       
-       if errorpage then
-               errorpage()
+               coroutine.yield(4, content)
+               return true
         end
-       
-       close()
  end
  
  function redirect(url)
-       header("Status", "302 Found")
+       status(302, "Found")
         header("Location", url)
         close()
  end
  
-function upload(...)
-       return context.request:upload(...)
-end
-
-
-
  function build_querystring(table)
         local s="?"
         
         for k, v in pairs(table) do
-               s = s .. k .. "=" .. v .. "&"
+               s = s .. urlencode(k) .. "=" .. urlencode(v) .. "&"
         end
         
         return s
  end
  
-function urldecode(str)
-       str = str:gsub("+", " ")
-       str = str:gsub("%%(%x%x)",
-               function(h) return string.char(tonumber(h,16)) end)
-       str = str:gsub("\r\n", "\n")
-       return str      
-end
-
-function urlencode(str)
-       str = str:gsub("\n", "\r\n")
-       str = str:gsub("([^%w ])",
-               function (c) return string.format ("%%%02X", string.byte(c)) end)
-       str = str:gsub(" ", "+")
-       return str      
-end
-\ No newline at end of file
+urldecode = luci.http.protocol.urldecode
+urlencode = luci.http.protocol.urlencode