use Scalar::Util;
use HTTP::Body;
use Catalyst::Exception;
+use Catalyst::Request::PartData;
use Moose;
use namespace::clean -except => 'meta';
is => 'rw',
required => 1,
lazy => 1,
+ predicate => 'has_body_parameters',
builder => 'prepare_body_parameters',
);
# Check for definedness as you could read '0'
while ( defined ( my $chunk = $self->read() ) ) {
$self->prepare_body_chunk($chunk);
- $stream_buffer->print($chunk) if $stream_buffer;
+ next unless $stream_buffer;
+
+ $stream_buffer->print($chunk)
+ || die sprintf "Failed to write %d bytes to psgi.input file: $!", length( $chunk );
}
# Ok, we read the body. Lets play nice for any PSGI app down the pipe
sub prepare_body_parameters {
my ( $self, $c ) = @_;
-
+ return $self->body_parameters if $self->has_body_parameters;
$self->prepare_body if ! $self->_has_body;
unless($self->_body) {
- return $self->_use_hash_multivalue ? Hash::MultiValue->new : {};
+ my $return = $self->_use_hash_multivalue ? Hash::MultiValue->new : {};
+ $self->body_parameters($return);
+ return $return;
}
- my $params = $self->_body->param;
+ my $params;
+ my %part_data = %{$self->_body->part_data};
+ if(scalar %part_data && !$c->config->{skip_complex_post_part_handling}) {
+ foreach my $key (keys %part_data) {
+ my $proto_value = $part_data{$key};
+ my ($val, @extra) = (ref($proto_value)||'') eq 'ARRAY' ? @$proto_value : ($proto_value);
+
+ $key = $c->_handle_param_unicode_decoding($key)
+ if ($c and $c->encoding and !$c->config->{skip_body_param_unicode_decoding});
+
+ if(@extra) {
+ $params->{$key} = [map { Catalyst::Request::PartData->build_from_part_data($c, $_) } ($val,@extra)];
+ } else {
+ $params->{$key} = Catalyst::Request::PartData->build_from_part_data($c, $val);
+ }
+ }
+ } else {
+ $params = $self->_body->param;
- # If we have an encoding configured (like UTF-8) in general we expect a client
- # to POST with the encoding we fufilled the request in. Otherwise don't do any
- # encoding (good change wide chars could be in HTML entity style llike the old
- # days -JNAP
+ # If we have an encoding configured (like UTF-8) in general we expect a client
+ # to POST with the encoding we fufilled the request in. Otherwise don't do any
+ # encoding (good change wide chars could be in HTML entity style llike the old
+ # days -JNAP
- # so, now that HTTP::Body prepared the body params, we gotta 'walk' the structure
- # and do any needed decoding.
+ # so, now that HTTP::Body prepared the body params, we gotta 'walk' the structure
+ # and do any needed decoding.
- # This only does something if the encoding is set via the encoding param. Remember
- # this is assuming the client is not bad and responds with what you provided. In
- # general you can just use utf8 and get away with it.
- #
- # I need to see if $c is here since this also doubles as a builder for the object :(
+ # This only does something if the encoding is set via the encoding param. Remember
+ # this is assuming the client is not bad and responds with what you provided. In
+ # general you can just use utf8 and get away with it.
+ #
+ # I need to see if $c is here since this also doubles as a builder for the object :(
- if($c and $c->encoding) {
+ if($c and $c->encoding and !$c->config->{skip_body_param_unicode_decoding}) {
$params = $c->_handle_unicode_decoding($params);
+ }
}
- return $self->_use_hash_multivalue ?
+ my $return = $self->_use_hash_multivalue ?
Hash::MultiValue->from_mixed($params) :
$params;
+
+ $self->body_parameters($return) unless $self->has_body_parameters;
+ return $return;
}
sub prepare_connection {
matches the content-type) we raise a L<Catalyst::Exception> with the error
text as the message.
-If the POSTed content type does not match an availabled data handler, this
+If the POSTed content type does not match an available data handler, this
will also raise an exception.
=head2 $req->body_parameters
These are the parameters from the POST part of the request, if any.
+B<NOTE> If your POST is multipart, but contains non file upload parts (such
+as an line part with an alternative encoding or content type) we do our best to
+try and figure out how the value should be presented. If there's a specified character
+set we will use that to decode rather than the default encoding set by the application.
+However if there are complex headers and we cannot determine
+the correct way to extra a meaningful value from the upload, in this case any
+part like this will be represented as an instance of L<Catalyst::Request::PartData>.
+
+Patches and review of this part of the code welcomed.
+
=head2 $req->body_params
Shortcut for body_parameters.
in scalar context and another thing in list context. This is combined with how Perl
chooses to deal with duplicate keys in a hash definition by overwriting the value of
existing keys with a new value if the same key shows up again. Generally you will be
-vulnerale to this exploit if you are using this method in a direct assignment in a
+vulnerable to this exploit if you are using this method in a direct assignment in a
hash, such as with a L<DBIx::Class> create statement. For example, if you have
parameters like: