Fix incorrent content type lookup in request parsing. Closes #8407.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6786 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
f52021ddd2
commit
055ff9f418
@ -63,32 +63,14 @@ def content_length
|
|||||||
@content_length ||= env['CONTENT_LENGTH'].to_i
|
@content_length ||= env['CONTENT_LENGTH'].to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
def content_type_with_parameters
|
# The MIME type of the HTTP request, such as Mime::XML.
|
||||||
@content_type_with_parameters ||= env['CONTENT_TYPE'].to_s
|
|
||||||
end
|
|
||||||
|
|
||||||
# Determine whether the body of a HTTP call is URL-encoded (default)
|
|
||||||
# or matches one of the registered param_parsers.
|
|
||||||
#
|
#
|
||||||
# For backward compatibility, the post format is extracted from the
|
# For backward compatibility, the post format is extracted from the
|
||||||
# X-Post-Data-Format HTTP header if present.
|
# X-Post-Data-Format HTTP header if present.
|
||||||
def content_type
|
def content_type
|
||||||
@content_type ||=
|
@content_type ||=
|
||||||
begin
|
content_type_from_legacy_post_data_format_header ||
|
||||||
# Receive header sans any charset information.
|
Mime::Type.lookup(content_type_without_parameters)
|
||||||
content_type = content_type_with_parameters.sub(/\s*\;.*$/, '').strip.downcase
|
|
||||||
|
|
||||||
if x_post_format = @env['HTTP_X_POST_DATA_FORMAT']
|
|
||||||
case x_post_format.to_s.downcase
|
|
||||||
when 'yaml'
|
|
||||||
content_type = Mime::YAML.to_s
|
|
||||||
when 'xml'
|
|
||||||
content_type = Mime::XML.to_s
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
Mime::Type.lookup(content_type)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns the accepted MIME type for the request
|
# Returns the accepted MIME type for the request
|
||||||
@ -308,13 +290,39 @@ def session=(session) #:nodoc:
|
|||||||
def reset_session #:nodoc:
|
def reset_session #:nodoc:
|
||||||
end
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
# The raw content type string. Use when you need parameters such as
|
||||||
|
# charset or boundary which aren't included in the content_type MIME type.
|
||||||
|
def content_type_with_parameters
|
||||||
|
env['CONTENT_TYPE'].to_s
|
||||||
|
end
|
||||||
|
|
||||||
|
# The raw content type string with its parameters stripped off.
|
||||||
|
def content_type_without_parameters
|
||||||
|
@content_type_without_parameters ||= self.class.extract_content_type_without_parameters(content_type_with_parameters)
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
def content_type_from_legacy_post_data_format_header
|
||||||
|
if x_post_format = @env['HTTP_X_POST_DATA_FORMAT']
|
||||||
|
case x_post_format.to_s.downcase
|
||||||
|
when 'yaml'; Mime::YAML
|
||||||
|
when 'xml'; Mime::XML
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
class << self
|
class << self
|
||||||
def parse_formatted_request_parameters(body, content_type, content_length, env = {})
|
def extract_content_type_without_parameters(content_type_with_parameters)
|
||||||
|
$1.strip.downcase if content_type_with_parameters =~ /^([^,\;]*)/
|
||||||
|
end
|
||||||
|
|
||||||
|
def parse_formatted_request_parameters(body, content_type_with_parameters, content_length, env = {})
|
||||||
content_length = content_length.to_i
|
content_length = content_length.to_i
|
||||||
return {} if content_length.zero?
|
return {} if content_length.zero?
|
||||||
|
|
||||||
content_type, boundary = extract_multipart_boundary(content_type.to_s)
|
content_type, boundary = extract_multipart_boundary(content_type_with_parameters.to_s)
|
||||||
return {} if content_type.blank?
|
return {} if content_type.blank?
|
||||||
|
|
||||||
mime_type = Mime::Type.lookup(content_type)
|
mime_type = Mime::Type.lookup(content_type)
|
||||||
@ -343,7 +351,7 @@ def parse_formatted_request_parameters(body, content_type, content_length, env =
|
|||||||
rescue Exception => e # YAML, XML or Ruby code block errors
|
rescue Exception => e # YAML, XML or Ruby code block errors
|
||||||
raise
|
raise
|
||||||
{ "body" => body,
|
{ "body" => body,
|
||||||
"content_type" => content_type,
|
"content_type" => content_type_with_parameters,
|
||||||
"content_length" => content_length,
|
"content_length" => content_length,
|
||||||
"exception" => "#{e.message} (#{e.class})",
|
"exception" => "#{e.message} (#{e.class})",
|
||||||
"backtrace" => e.backtrace }
|
"backtrace" => e.backtrace }
|
||||||
@ -444,11 +452,11 @@ def original_filename
|
|||||||
|
|
||||||
MULTIPART_BOUNDARY = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n
|
MULTIPART_BOUNDARY = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n
|
||||||
|
|
||||||
def extract_multipart_boundary(content_type)
|
def extract_multipart_boundary(content_type_with_parameters)
|
||||||
if content_type =~ MULTIPART_BOUNDARY
|
if content_type_with_parameters =~ MULTIPART_BOUNDARY
|
||||||
['multipart/form-data', $1.dup]
|
['multipart/form-data', $1.dup]
|
||||||
else
|
else
|
||||||
content_type
|
extract_content_type_without_parameters(content_type_with_parameters)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
require File.dirname(__FILE__) + '/../abstract_unit'
|
require File.dirname(__FILE__) + '/../abstract_unit'
|
||||||
require 'action_controller/cgi_process'
|
require 'action_controller/cgi_process'
|
||||||
|
|
||||||
class CgiRequestTest < Test::Unit::TestCase
|
class BaseCgiTest < Test::Unit::TestCase
|
||||||
def setup
|
def setup
|
||||||
@request_hash = {"HTTP_MAX_FORWARDS"=>"10", "SERVER_NAME"=>"glu.ttono.us:8007", "FCGI_ROLE"=>"RESPONDER", "HTTP_X_FORWARDED_HOST"=>"glu.ttono.us", "HTTP_ACCEPT_ENCODING"=>"gzip, deflate", "HTTP_USER_AGENT"=>"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1", "PATH_INFO"=>"", "HTTP_ACCEPT_LANGUAGE"=>"en", "HTTP_HOST"=>"glu.ttono.us:8007", "SERVER_PROTOCOL"=>"HTTP/1.1", "REDIRECT_URI"=>"/dispatch.fcgi", "SCRIPT_NAME"=>"/dispatch.fcgi", "SERVER_ADDR"=>"207.7.108.53", "REMOTE_ADDR"=>"207.7.108.53", "SERVER_SOFTWARE"=>"lighttpd/1.4.5", "HTTP_COOKIE"=>"_session_id=c84ace84796670c052c6ceb2451fb0f2; is_admin=yes", "HTTP_X_FORWARDED_SERVER"=>"glu.ttono.us", "REQUEST_URI"=>"/admin", "DOCUMENT_ROOT"=>"/home/kevinc/sites/typo/public", "SERVER_PORT"=>"8007", "QUERY_STRING"=>"", "REMOTE_PORT"=>"63137", "GATEWAY_INTERFACE"=>"CGI/1.1", "HTTP_X_FORWARDED_FOR"=>"65.88.180.234", "HTTP_ACCEPT"=>"*/*", "SCRIPT_FILENAME"=>"/home/kevinc/sites/typo/public/dispatch.fcgi", "REDIRECT_STATUS"=>"200", "REQUEST_METHOD"=>"GET"}
|
@request_hash = {"HTTP_MAX_FORWARDS"=>"10", "SERVER_NAME"=>"glu.ttono.us:8007", "FCGI_ROLE"=>"RESPONDER", "HTTP_X_FORWARDED_HOST"=>"glu.ttono.us", "HTTP_ACCEPT_ENCODING"=>"gzip, deflate", "HTTP_USER_AGENT"=>"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1", "PATH_INFO"=>"", "HTTP_ACCEPT_LANGUAGE"=>"en", "HTTP_HOST"=>"glu.ttono.us:8007", "SERVER_PROTOCOL"=>"HTTP/1.1", "REDIRECT_URI"=>"/dispatch.fcgi", "SCRIPT_NAME"=>"/dispatch.fcgi", "SERVER_ADDR"=>"207.7.108.53", "REMOTE_ADDR"=>"207.7.108.53", "SERVER_SOFTWARE"=>"lighttpd/1.4.5", "HTTP_COOKIE"=>"_session_id=c84ace84796670c052c6ceb2451fb0f2; is_admin=yes", "HTTP_X_FORWARDED_SERVER"=>"glu.ttono.us", "REQUEST_URI"=>"/admin", "DOCUMENT_ROOT"=>"/home/kevinc/sites/typo/public", "SERVER_PORT"=>"8007", "QUERY_STRING"=>"", "REMOTE_PORT"=>"63137", "GATEWAY_INTERFACE"=>"CGI/1.1", "HTTP_X_FORWARDED_FOR"=>"65.88.180.234", "HTTP_ACCEPT"=>"*/*", "SCRIPT_FILENAME"=>"/home/kevinc/sites/typo/public/dispatch.fcgi", "REDIRECT_STATUS"=>"200", "REQUEST_METHOD"=>"GET"}
|
||||||
# cookie as returned by some Nokia phone browsers (no space after semicolon separator)
|
# cookie as returned by some Nokia phone browsers (no space after semicolon separator)
|
||||||
@ -10,6 +10,11 @@ def setup
|
|||||||
@request = ActionController::CgiRequest.new(@fake_cgi)
|
@request = ActionController::CgiRequest.new(@fake_cgi)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def default_test; end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
class CgiRequestTest < BaseCgiTest
|
||||||
def test_proxy_request
|
def test_proxy_request
|
||||||
assert_equal 'glu.ttono.us', @request.host_with_port
|
assert_equal 'glu.ttono.us', @request.host_with_port
|
||||||
end
|
end
|
||||||
@ -52,3 +57,14 @@ def test_cookie_syntax_resilience
|
|||||||
assert_equal ["yes"], alt_cookies["is_admin"]
|
assert_equal ["yes"], alt_cookies["is_admin"]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
class CgiRequestParamsParsingTest < BaseCgiTest
|
||||||
|
def test_doesnt_break_when_content_type_has_charset
|
||||||
|
data = 'flamenco=love'
|
||||||
|
@request.env['CONTENT_LENGTH'] = data.length
|
||||||
|
@request.env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=utf-8'
|
||||||
|
@request.env['RAW_POST_DATA'] = data
|
||||||
|
assert_equal({"flamenco"=> "love"}, @request.request_parameters)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user