---[[
-LuCI - HTTP-Interaction
-
-Description:
-HTTP-Header manipulator and form variable preprocessor
-
-License:
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-]]--
+-- Copyright 2008 Steven Barth <steven@midlink.org>
+-- Licensed to the public under the Apache License 2.0.
local ltn12 = require "luci.ltn12"
local protocol = require "luci.http.protocol"
local ipairs, pairs, next, type, tostring, error =
ipairs, pairs, next, type, tostring, error
---- LuCI Web Framework high-level HTTP functions.
module "luci.http"
context = util.threadlocal()
function Request.setfilehandler(self, callback)
self.filehandler = callback
+
+ -- If input has already been parsed then any files are either in temporary files
+ -- or are in self.message.params[key]
+ if self.parsed_input then
+ for param, value in pairs(self.message.params) do
+ repeat
+ -- We're only interested in files
+ if (not value["file"]) then break end
+ -- If we were able to write to temporary file
+ if (value["fd"]) then
+ fd = value["fd"]
+ local eof = false
+ repeat
+ filedata = fd:read(1024)
+ if (filedata:len() < 1024) then
+ eof = true
+ end
+ callback({ name=value["name"], file=value["file"] }, filedata, eof)
+ until (eof)
+ fd:close()
+ value["fd"] = nil
+ -- We had to read into memory
+ else
+ -- There should only be one numbered value in table - the data
+ for k, v in ipairs(value) do
+ callback({ name=value["name"], file=value["file"] }, v, true)
+ end
+ end
+ until true
+ end
+ end
end
function Request._parse_input(self)
self.parsed_input = true
end
---- Close the HTTP-Connection.
function close()
if not context.eoh then
context.eoh = true
end
end
---- Return the request content if the request was of unknown type.
--- @return HTTP request body
--- @return HTTP request body length
function content()
return context.request:content()
end
---- Get a certain HTTP input value or a table of all input values.
--- @param name Name of the GET or POST variable to fetch
--- @param noparse Don't parse POST data before getting the value
--- @return HTTP input value or table of all input value
function formvalue(name, noparse)
return context.request:formvalue(name, noparse)
end
---- Get a table of all HTTP input values with a certain prefix.
--- @param prefix Prefix
--- @return Table of all HTTP input values with given prefix
function formvaluetable(prefix)
return context.request:formvaluetable(prefix)
end
---- Get the value of a certain HTTP-Cookie.
--- @param name Cookie Name
--- @return String containing cookie data
function getcookie(name)
return context.request:getcookie(name)
end
---- Get the value of a certain HTTP environment variable
-- or the environment table itself.
--- @param name Environment variable
--- @return HTTP environment value or environment table
function getenv(name)
return context.request:getenv(name)
end
---- Set a handler function for incoming user file uploads.
--- @param callback Handler function
function setfilehandler(callback)
return context.request:setfilehandler(callback)
end
---- Send a HTTP-Header.
--- @param key Header key
--- @param value Header value
function header(key, value)
if not context.headers then
context.headers = {}
coroutine.yield(2, key, value)
end
---- Set the mime type of following content data.
--- @param mime Mimetype of following content
function prepare_content(mime)
if not context.headers or not context.headers["content-type"] then
if mime == "application/xhtml+xml" then
end
end
---- Get the RAW HTTP input source
--- @return HTTP LTN12 source
function source()
return context.request.input
end
---- Set the HTTP status code and status message.
--- @param code Status code
--- @param message Status message
function status(code, message)
code = code or 200
message = message or "OK"
coroutine.yield(1, code, message)
end
---- Send a chunk of content data to the client.
-- This function is as a valid LTN12 sink.
-- If the content chunk is nil this function will automatically invoke close.
--- @param content Content chunk
--- @param src_err Error object from source (optional)
--- @see close
function write(content, src_err)
if not content then
if src_err then
header("Cache-Control", "no-cache")
header("Expires", "0")
end
-
+ if not context.headers["x-frame-options"] then
+ header("X-Frame-Options", "SAMEORIGIN")
+ end
+ if not context.headers["x-xss-protection"] then
+ header("X-XSS-Protection", "1; mode=block")
+ end
+ if not context.headers["x-content-type-options"] then
+ header("X-Content-Type-Options", "nosniff")
+ end
context.eoh = true
coroutine.yield(3)
end
end
---- Splice data from a filedescriptor to the client.
--- @param fp File descriptor
--- @param size Bytes to splice (optional)
function splice(fd, size)
coroutine.yield(6, fd, size)
end
---- Redirects the client to a new URL and closes the connection.
--- @param url Target URL
function redirect(url)
+ if url == "" then url = "/" end
status(302, "Found")
header("Location", url)
close()
end
---- Create a querystring out of a table of key - value pairs.
--- @param table Query string source table
--- @return Encoded HTTP query string
function build_querystring(q)
local s = { "?" }
return table.concat(s, "")
end
---- Return the URL-decoded equivalent of a string.
--- @param str URL-encoded string
--- @param no_plus Don't decode + to " "
--- @return URL-decoded string
--- @see urlencode
-urldecode = protocol.urldecode
-
---- Return the URL-encoded equivalent of a string.
--- @param str Source string
--- @return URL-encoded string
--- @see urldecode
-urlencode = protocol.urlencode
-
---- Send the given data as JSON encoded string.
--- @param data Data to send
+urldecode = util.urldecode
+
+urlencode = util.urlencode
+
function write_json(x)
- if x == nil then
- write("null")
- elseif type(x) == "table" then
- local k, v
- if type(next(x)) == "number" then
- write("[ ")
- for k, v in ipairs(x) do
- write_json(v)
- if next(x, k) then
- write(", ")
- end
- end
- write(" ]")
- else
- write("{ ")
- for k, v in pairs(x) do
- write("%q: " % k)
- write_json(v)
- if next(x, k) then
- write(", ")
- end
- end
- write(" }")
- end
- elseif type(x) == "number" or type(x) == "boolean" then
- if (x ~= x) then
- -- NaN is the only value that doesn't equal to itself.
- write("Number.NaN")
- else
- write(tostring(x))
- end
- else
- write('"%s"' % tostring(x):gsub('["%z\1-\31]', function(c)
- return '\\u%04x' % c:byte(1)
- end))
- end
+ util.serialize_json(x, write)
end