Class: ActionController::CgiRequest

Inherits:
AbstractRequest show all
Defined in:
lib/action_controller/cgi_process.rb

Overview

:nodoc:

Defined Under Namespace

Classes: SessionFixationAttempt

Constant Summary collapse

DEFAULT_SESSION_OPTIONS = 
{
  :database_manager => CGI::Session::PStore,
  :prefix           => "ruby_sess.",
  :session_path     => "/",
  :session_key      => "_session_id",
  :cookie_only      => true
}

Instance Attribute Summary collapse

Attributes inherited from AbstractRequest

#env

Instance Method Summary collapse

Methods inherited from AbstractRequest

#accepts, #content_type, #delete?, #domain, #formatted_post?, #get?, #head?, #method, #parameters, #path, #path_parameters, #path_parameters=, #port_string, #post?, #post_format, #protocol, #put?, #raw_post, #relative_url_root, #remote_ip, #request_uri, #server_software, #session=, #ssl?, #standard_port, #subdomains, #symbolized_path_parameters, #xml_http_request?, #xml_post?, #yaml_post?

Constructor Details

#initialize(cgi, session_options = {}) ⇒ CgiRequest

Returns a new instance of CgiRequest.



50
51
52
53
54
55
 
# File 'lib/action_controller/cgi_process.rb', line 50

def initialize(cgi, session_options = {})
  @cgi = cgi
  @session_options = session_options
  @env = @cgi.send(:env_table)
  super()
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method_id, *arguments) ⇒ Object 



152
153
154
 
# File 'lib/action_controller/cgi_process.rb', line 152

def method_missing(method_id, *arguments)
  @cgi.send(method_id, *arguments) rescue super
end

Instance Attribute Details

#cgiObject

Returns the value of attribute cgi.



39
40
41
 
# File 'lib/action_controller/cgi_process.rb', line 39

def cgi
  @cgi
end

#session_optionsObject

Returns the value of attribute session_options.



39
40
41
 
# File 'lib/action_controller/cgi_process.rb', line 39

def session_options
  @session_options
end

Instance Method Details

Returns:

  • (Boolean) 


57
58
59
 
# File 'lib/action_controller/cgi_process.rb', line 57

def cookie_only?
  session_options_with_string_keys['cookie_only']
end

#cookiesObject 



87
88
89
 
# File 'lib/action_controller/cgi_process.rb', line 87

def cookies
  @cgi.cookies.freeze
end

#hostObject 



103
104
105
 
# File 'lib/action_controller/cgi_process.rb', line 103

def host
  host_with_port[/^[^:]+/]
end

#host_with_portObject 



91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/action_controller/cgi_process.rb', line 91

def host_with_port
  if forwarded = env["HTTP_X_FORWARDED_HOST"]
    forwarded.split(/,\s?/).last
  elsif http_host = env['HTTP_HOST']
    http_host
  elsif server_name = env['SERVER_NAME']
    server_name
  else
    "#{env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
  end
end

#portObject 



107
108
109
110
111
112
113
 
# File 'lib/action_controller/cgi_process.rb', line 107

def port
  if host_with_port =~ /:(\d+)$/
    $1.to_i
  else
    standard_port
  end
end

#query_parametersObject 



73
74
75
76
 
# File 'lib/action_controller/cgi_process.rb', line 73

def query_parameters
  @query_parameters ||=
    (qs = self.query_string).empty? ? {} : CGIMethods.parse_query_parameters(qs)
end

#query_stringObject 



61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/action_controller/cgi_process.rb', line 61

def query_string
  if (qs = @cgi.query_string) && !qs.empty?
    qs
  elsif uri = @env['REQUEST_URI']
    parts = uri.split('?')
    parts.shift
    parts.join('?')
  else
    @env['QUERY_STRING'] || ''
  end
end

#request_parametersObject 



78
79
80
81
82
83
84
85
 
# File 'lib/action_controller/cgi_process.rb', line 78

def request_parameters
  @request_parameters ||=
    if ActionController::Base.param_parsers.has_key?(content_type)
      CGIMethods.parse_formatted_request_parameters(content_type, @env['RAW_POST_DATA'])
    else
      CGIMethods.parse_request_parameters(@cgi.params)
    end
end

#reset_sessionObject 



147
148
149
150
 
# File 'lib/action_controller/cgi_process.rb', line 147

def reset_session
  @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
  @session = new_session
end

#sessionObject 



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/action_controller/cgi_process.rb', line 115

def session
  unless defined?(@session)
    if @session_options == false
      @session = Hash.new
    else
      stale_session_check! do
        if cookie_only? && request_parameters[session_options_with_string_keys['session_key']]
          raise SessionFixationAttempt
        end
        case value = session_options_with_string_keys['new_session']
          when true
            @session = new_session
          when false
            begin
              @session = CGI::Session.new(@cgi, session_options_with_string_keys)
            # CGI::Session raises ArgumentError if 'new_session' == false
            # and no session cookie or query param is present.
            rescue ArgumentError
              @session = Hash.new
            end
          when nil
            @session = CGI::Session.new(@cgi, session_options_with_string_keys)
          else
            raise ArgumentError, "Invalid new_session option: #{value}"
        end
        @session['__valid_session']
      end
    end
  end
  @session
end