Class: ActionController::CgiRequest

Inherits:
AbstractRequest show all
Defined in:
lib/action_controller/cgi_process.rb

Overview

:nodoc:

Defined Under Namespace

Classes: SessionFixationAttempt

Constant Summary collapse

DEFAULT_SESSION_OPTIONS = 
{
  :database_manager => CGI::Session::CookieStore, # store data in cookie
  :prefix           => "ruby_sess.",    # prefix session file names
  :session_path     => "/",             # available to all paths in app
  :session_key      => "_session_id",
  :cookie_only      => true
}

Constants inherited from AbstractRequest

AbstractRequest::TRUSTED_PROXIES

Instance Attribute Summary collapse

Attributes inherited from AbstractRequest

#env

Instance Method Summary collapse

Methods inherited from AbstractRequest

#accepts, clean_up_ajax_request_body!, #content_length, #content_type, #delete?, #domain, extract_content_type_without_parameters, extract_multipart_boundary, #format, #format=, #get?, #head?, #headers, #host_with_port, #method, #parameters, parse_multipart_form_parameters, parse_query_parameters, parse_request_parameters, #path, #path_parameters, #path_parameters=, #port_string, #post?, #protocol, #put?, #raw_post, #relative_url_root, #remote_ip, #request_method, #request_uri, #server_software, #session=, #ssl?, #standard_port, #subdomains, #symbolized_path_parameters, #url, #xml_http_request?

Constructor Details

#initialize(cgi, session_options = {}) ⇒ CgiRequest

Returns a new instance of CgiRequest.



48
49
50
51
52
53
 
# File 'lib/action_controller/cgi_process.rb', line 48

def initialize(cgi, session_options = {})
  @cgi = cgi
  @session_options = session_options
  @env = @cgi.send!(:env_table)
  super()
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method_id, *arguments) ⇒ Object 



148
149
150
 
# File 'lib/action_controller/cgi_process.rb', line 148

def method_missing(method_id, *arguments)
  @cgi.send!(method_id, *arguments) rescue super
end

Instance Attribute Details

#cgiObject

Returns the value of attribute cgi.



36
37
38
 
# File 'lib/action_controller/cgi_process.rb', line 36

def cgi
  @cgi
end

#session_optionsObject

Returns the value of attribute session_options.



36
37
38
 
# File 'lib/action_controller/cgi_process.rb', line 36

def session_options
  @session_options
end

Instance Method Details

#bodyObject

The request body is an IO input stream. If the RAW_POST_DATA environment variable is already set, wrap it in a StringIO.



66
67
68
69
70
71
72
73
 
# File 'lib/action_controller/cgi_process.rb', line 66

def body
  if raw_post = env['RAW_POST_DATA']
    raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding)
    StringIO.new(raw_post)
  else
    @cgi.stdinput
  end
end

#cookiesObject 



83
84
85
 
# File 'lib/action_controller/cgi_process.rb', line 83

def cookies
  @cgi.cookies.freeze
end

#hostObject 



99
100
101
 
# File 'lib/action_controller/cgi_process.rb', line 99

def host
  host_with_port_without_standard_port_handling.sub(/:\d+$/, '')
end

#host_with_port_without_standard_port_handlingObject 



87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/action_controller/cgi_process.rb', line 87

def host_with_port_without_standard_port_handling
  if forwarded = env["HTTP_X_FORWARDED_HOST"]
    forwarded.split(/,\s?/).last
  elsif http_host = env['HTTP_HOST']
    http_host
  elsif server_name = env['SERVER_NAME']
    server_name
  else
    "#{env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
  end
end

#portObject 



103
104
105
106
107
108
109
 
# File 'lib/action_controller/cgi_process.rb', line 103

def port
  if host_with_port_without_standard_port_handling =~ /:(\d+)$/
    $1.to_i
  else
    standard_port
  end
end

#query_parametersObject 



75
76
77
 
# File 'lib/action_controller/cgi_process.rb', line 75

def query_parameters
  @query_parameters ||= self.class.parse_query_parameters(query_string)
end

#query_stringObject 



55
56
57
58
59
60
61
62
 
# File 'lib/action_controller/cgi_process.rb', line 55

def query_string
  qs = @cgi.query_string if @cgi.respond_to?(:query_string)
  if !qs.blank?
    qs
  else
    super
  end
end

#request_parametersObject 



79
80
81
 
# File 'lib/action_controller/cgi_process.rb', line 79

def request_parameters
  @request_parameters ||= parse_formatted_request_parameters
end

#reset_sessionObject 



143
144
145
146
 
# File 'lib/action_controller/cgi_process.rb', line 143

def reset_session
  @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
  @session = new_session
end

#sessionObject 



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/action_controller/cgi_process.rb', line 111

def session
  unless defined?(@session)
    if @session_options == false
      @session = Hash.new
    else
      stale_session_check! do
        if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
          raise SessionFixationAttempt
        end
        case value = session_options_with_string_keys['new_session']
          when true
            @session = new_session
          when false
            begin
              @session = CGI::Session.new(@cgi, session_options_with_string_keys)
            # CGI::Session raises ArgumentError if 'new_session' == false
            # and no session cookie or query param is present.
            rescue ArgumentError
              @session = Hash.new
            end
          when nil
            @session = CGI::Session.new(@cgi, session_options_with_string_keys)
          else
            raise ArgumentError, "Invalid new_session option: #{value}"
        end
        @session['__valid_session']
      end
    end
  end
  @session
end