Class: ActionController::CgiRequest

Inherits:
AbstractRequest show all
Defined in:
lib/action_controller/cgi_process.rb

Overview

:nodoc:

Defined Under Namespace

Classes: SessionFixationAttempt

Constant Summary collapse

DEFAULT_SESSION_OPTIONS = 
{
  :database_manager => CGI::Session::CookieStore, # store data in cookie
  :prefix           => "ruby_sess.",    # prefix session file names
  :session_path     => "/",             # available to all paths in app
  :session_key      => "_session_id",
  :cookie_only      => true
}

Instance Attribute Summary collapse

Attributes inherited from AbstractRequest

#env

Instance Method Summary collapse

Methods inherited from AbstractRequest

#accepts, clean_up_ajax_request_body!, #content_length, #content_type, #delete?, #domain, extract_content_type_without_parameters, extract_multipart_boundary, #format, #format=, #get?, #head?, #headers, #host_with_port, #method, #parameters, parse_multipart_form_parameters, parse_query_parameters, parse_request_parameters, #path, #path_parameters, #path_parameters=, #port_string, #post?, #protocol, #put?, #raw_post, #relative_url_root, #remote_ip, #request_method, #request_uri, #server_software, #session=, #ssl?, #standard_port, #subdomains, #symbolized_path_parameters, #url, #xml_http_request?

Constructor Details

#initialize(cgi, session_options = {}) ⇒ CgiRequest

Returns a new instance of CgiRequest.



47
48
49
50
51
52
 
# File 'lib/action_controller/cgi_process.rb', line 47

def initialize(cgi, session_options = {})
  @cgi = cgi
  @session_options = session_options
  @env = @cgi.send!(:env_table)
  super()
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method_id, *arguments) ⇒ Object 



146
147
148
 
# File 'lib/action_controller/cgi_process.rb', line 146

def method_missing(method_id, *arguments)
  @cgi.send!(method_id, *arguments) rescue super
end

Instance Attribute Details

#cgiObject

Returns the value of attribute cgi.



36
37
38
 
# File 'lib/action_controller/cgi_process.rb', line 36

def cgi
  @cgi
end

#session_optionsObject

Returns the value of attribute session_options.



36
37
38
 
# File 'lib/action_controller/cgi_process.rb', line 36

def session_options
  @session_options
end

Instance Method Details

#bodyObject

The request body is an IO input stream. If the RAW_POST_DATA environment variable is already set, wrap it in a StringIO.



65
66
67
68
69
70
71
 
# File 'lib/action_controller/cgi_process.rb', line 65

def body
  if raw_post = env['RAW_POST_DATA']
    StringIO.new(raw_post)
  else
    @cgi.stdinput
  end
end

#cookiesObject 



81
82
83
 
# File 'lib/action_controller/cgi_process.rb', line 81

def cookies
  @cgi.cookies.freeze
end

#hostObject 



97
98
99
 
# File 'lib/action_controller/cgi_process.rb', line 97

def host
  host_with_port_without_standard_port_handling.sub(/:\d+$/, '')
end

#host_with_port_without_standard_port_handlingObject 



85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/action_controller/cgi_process.rb', line 85

def host_with_port_without_standard_port_handling
  if forwarded = env["HTTP_X_FORWARDED_HOST"]
    forwarded.split(/,\s?/).last
  elsif http_host = env['HTTP_HOST']
    http_host
  elsif server_name = env['SERVER_NAME']
    server_name
  else
    "#{env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
  end
end

#portObject 



101
102
103
104
105
106
107
 
# File 'lib/action_controller/cgi_process.rb', line 101

def port
  if host_with_port_without_standard_port_handling =~ /:(\d+)$/
    $1.to_i
  else
    standard_port
  end
end

#query_parametersObject 



73
74
75
 
# File 'lib/action_controller/cgi_process.rb', line 73

def query_parameters
  @query_parameters ||= self.class.parse_query_parameters(query_string)
end

#query_stringObject 



54
55
56
57
58
59
60
61
 
# File 'lib/action_controller/cgi_process.rb', line 54

def query_string
  qs = @cgi.query_string if @cgi.respond_to?(:query_string)
  if !qs.blank?
    qs
  else
    super
  end
end

#request_parametersObject 



77
78
79
 
# File 'lib/action_controller/cgi_process.rb', line 77

def request_parameters
  @request_parameters ||= parse_formatted_request_parameters
end

#reset_sessionObject 



141
142
143
144
 
# File 'lib/action_controller/cgi_process.rb', line 141

def reset_session
  @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
  @session = new_session
end

#sessionObject 



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'lib/action_controller/cgi_process.rb', line 109

def session
  unless defined?(@session)
    if @session_options == false
      @session = Hash.new
    else
      stale_session_check! do
        if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
          raise SessionFixationAttempt
        end
        case value = session_options_with_string_keys['new_session']
          when true
            @session = new_session
          when false
            begin
              @session = CGI::Session.new(@cgi, session_options_with_string_keys)
            # CGI::Session raises ArgumentError if 'new_session' == false
            # and no session cookie or query param is present.
            rescue ArgumentError
              @session = Hash.new
            end
          when nil
            @session = CGI::Session.new(@cgi, session_options_with_string_keys)
          else
            raise ArgumentError, "Invalid new_session option: #{value}"
        end
        @session['__valid_session']
      end
    end
  end
  @session
end