X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FEngine%2FCGI.pm;h=c57c8a5ba25bfb230b57577cbc49bac2d9a9a8f9;hb=ca78941c9da0a5d9ff5a400f5a8e5ef7f9308cd8;hp=dbdfbbdc2a007e1ed8ce696c9c0c2153c54f6aaa;hpb=4e939e53ffc8aee7c2fb179a65b7dfe08dda7f86;p=catagits%2FCatalyst-Runtime.git

diff --git a/lib/Catalyst/Engine/CGI.pm b/lib/Catalyst/Engine/CGI.pm
index dbdfbbd..c57c8a5 100644
--- a/lib/Catalyst/Engine/CGI.pm
+++ b/lib/Catalyst/Engine/CGI.pm
@@ -1,11 +1,9 @@
 package Catalyst::Engine::CGI;
 
-use strict;
-use base 'Catalyst::Engine';
-use NEXT;
-use URI;
+use Moose;
+extends 'Catalyst::Engine';
 
-__PACKAGE__->mk_accessors('env');
+has _header_buf => (is => 'rw', clearer => '_clear_header_buf', predicate => '_has_header_buf');
 
 =head1 NAME
 
@@ -42,11 +40,8 @@ sub finalize_headers {
     my ( $self, $c ) = @_;
 
     $c->response->header( Status => $c->response->status );
-    
-    return unless *STDOUT->opened();
 
-    print $c->response->headers->as_string("\015\012");
-    print "\015\012";
+    $self->_header_buf($c->response->headers->as_string("\015\012") . "\015\012");
 }
 
 =head2 $self->prepare_connection($c)
@@ -57,34 +52,40 @@ sub prepare_connection {
     my ( $self, $c ) = @_;
     local (*ENV) = $self->env || \%ENV;
 
-    $c->request->address( $ENV{REMOTE_ADDR} );
+    my $request = $c->request;
+    $request->address( $ENV{REMOTE_ADDR} );
 
   PROXY_CHECK:
     {
-        unless ( $c->config->{using_frontend_proxy} ) {
+        unless ( ref($c)->config->{using_frontend_proxy} ) {
             last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1';
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
+            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
         }
         last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR};
 
         # If we are running as a backend server, the user will always appear
         # as 127.0.0.1. Select the most recent upstream IP (last in the list)
         my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/;
-        $c->request->address($ip);
+        $request->address($ip);
+        if ( defined $ENV{HTTP_X_FORWARDED_PORT} ) {
+            $ENV{SERVER_PORT} = $ENV{HTTP_X_FORWARDED_PORT};
+        }
     }
 
-    $c->request->hostname( $ENV{REMOTE_HOST} );
-    $c->request->protocol( $ENV{SERVER_PROTOCOL} );
-    $c->request->user( $ENV{REMOTE_USER} );
-    $c->request->method( $ENV{REQUEST_METHOD} );
+    $request->hostname( $ENV{REMOTE_HOST} ) if exists $ENV{REMOTE_HOST};
+    $request->protocol( $ENV{SERVER_PROTOCOL} );
+    $request->user( $ENV{REMOTE_USER} );  # XXX: Deprecated. See Catalyst::Request for removal information
+    $request->remote_user( $ENV{REMOTE_USER} );
+    $request->method( $ENV{REQUEST_METHOD} );
 
     if ( $ENV{HTTPS} && uc( $ENV{HTTPS} ) eq 'ON' ) {
-        $c->request->secure(1);
+        $request->secure(1);
     }
 
     if ( $ENV{SERVER_PORT} == 443 ) {
-        $c->request->secure(1);
+        $request->secure(1);
     }
+    binmode(STDOUT); # Ensure we are sending bytes.
 }
 
 =head2 $self->prepare_headers($c)
@@ -94,12 +95,12 @@ sub prepare_connection {
 sub prepare_headers {
     my ( $self, $c ) = @_;
     local (*ENV) = $self->env || \%ENV;
-
+    my $headers = $c->request->headers;
     # Read headers from %ENV
     foreach my $header ( keys %ENV ) {
         next unless $header =~ /^(?:HTTP|CONTENT|COOKIE)/i;
         ( my $field = $header ) =~ s/^HTTPS?_//;
-        $c->req->headers->header( $field => $ENV{$header} );
+        $headers->header( $field => $ENV{$header} );
     }
 }
 
@@ -107,6 +108,8 @@ sub prepare_headers {
 
 =cut
 
+# Please don't touch this method without adding tests in
+# t/aggregate/unit_core_engine_cgi-prepare_path.t
 sub prepare_path {
     my ( $self, $c ) = @_;
     local (*ENV) = $self->env || \%ENV;
@@ -114,21 +117,24 @@ sub prepare_path {
     my $scheme = $c->request->secure ? 'https' : 'http';
     my $host      = $ENV{HTTP_HOST}   || $ENV{SERVER_NAME};
     my $port      = $ENV{SERVER_PORT} || 80;
+    my $script_name = $ENV{SCRIPT_NAME};
+    $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
+
     my $base_path;
     if ( exists $ENV{REDIRECT_URL} ) {
         $base_path = $ENV{REDIRECT_URL};
         $base_path =~ s/$ENV{PATH_INFO}$//;
     }
     else {
-        $base_path = $ENV{SCRIPT_NAME} || '/';
+        $base_path = $script_name || '/';
     }
 
     # If we are running as a backend proxy, get the true hostname
   PROXY_CHECK:
     {
-        unless ( $c->config->{using_frontend_proxy} ) {
+        unless ( ref($c)->config->{using_frontend_proxy} ) {
             last PROXY_CHECK if $host !~ /localhost|127.0.0.1/;
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
+            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
         }
         last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST};
 
@@ -137,42 +143,82 @@ sub prepare_path {
         # backend could be on any port, so
         # assume frontend is on the default port
         $port = $c->request->secure ? 443 : 80;
+        if ( $ENV{HTTP_X_FORWARDED_PORT} ) {
+            $port = $ENV{HTTP_X_FORWARDED_PORT};
+        }
+    }
+
+    # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
+    # and cannot contain path-segment parameters." This means PATH_INFO
+    # is always decoded, and the script can't distinguish / vs %2F.
+    # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
+    # Here we try to resurrect the original encoded URI from REQUEST_URI.
+    my $path_info   = $ENV{PATH_INFO};
+    if (my $req_uri = $ENV{REQUEST_URI}) {
+        $req_uri =~ s/^\Q$base_path\E//;
+        $req_uri =~ s/\?.*$//;
+        if ($req_uri) {
+            # Note that if REQUEST_URI doesn't start with a /, then the user
+            # is probably using mod_rewrite or something to rewrite requests
+            # into a sub-path of their application..
+            # This means that REQUEST_URI needs information from PATH_INFO
+            # prepending to it to be useful, otherwise the sub path which is
+            # being redirected to becomes the app base address which is
+            # incorrect.
+            if (substr($req_uri, 0, 1) ne '/') {
+                my ($match) = $req_uri =~ m|^([^/]+)|;
+                my ($path_info_part) = $path_info =~ m|^(.*?\Q$match\E)|;
+                substr($req_uri, 0, length($match), $path_info_part);
+            }
+            $path_info = $req_uri;
+        }
     }
 
-    my $path = $base_path . ( $ENV{PATH_INFO} || '' );
+    # set the request URI
+    my $path = $base_path . ( $path_info || '' );
     $path =~ s{^/+}{};
 
-    my $uri = URI->new;
-    $uri->scheme($scheme);
-    $uri->host($host);
-    $uri->port($port);
-    $uri->path($path);
-    $uri->query( $ENV{QUERY_STRING} ) if $ENV{QUERY_STRING};
+    # Using URI directly is way too slow, so we construct the URLs manually
+    my $uri_class = "URI::$scheme";
 
-    # sanitize the URI
-    $uri = $uri->canonical;
-    $c->request->uri($uri);
+    # HTTP_HOST will include the port even if it's 80/443
+    $host =~ s/:(?:80|443)$//;
+
+    if ( $port !~ /^(?:80|443)$/ && $host !~ /:/ ) {
+        $host .= ":$port";
+    }
+
+    # Escape the path
+    $path =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go;
+    $path =~ s/\?/%3F/g; # STUPID STUPID SPECIAL CASE
+
+    my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
+    my $uri   = $scheme . '://' . $host . '/' . $path . $query;
+
+    $c->request->uri( bless(\$uri, $uri_class)->canonical );
 
     # set the base URI
     # base must end in a slash
-    $base_path .= '/' unless ( $base_path =~ /\/$/ );
-    my $base = $uri->clone;
-    $base->path_query($base_path);
-    $c->request->base($base);
+    $base_path .= '/' unless $base_path =~ m{/$};
+
+    my $base_uri = $scheme . '://' . $host . $base_path;
+
+    $c->request->base( bless(\$base_uri, $uri_class)->canonical );
 }
 
 =head2 $self->prepare_query_parameters($c)
 
 =cut
 
-sub prepare_query_parameters {
+around prepare_query_parameters => sub {
+    my $orig = shift;
     my ( $self, $c ) = @_;
     local (*ENV) = $self->env || \%ENV;
 
     if ( $ENV{QUERY_STRING} ) {
-        $self->SUPER::prepare_query_parameters( $c, $ENV{QUERY_STRING} );
+        $self->$orig( $c, $ENV{QUERY_STRING} );
     }
-}
+};
 
 =head2 $self->prepare_request($c, (env => \%env))
 
@@ -192,14 +238,28 @@ Enable autoflush on the output handle for CGI-based engines.
 
 =cut
 
-sub prepare_write {
-    my ( $self, $c ) = @_;
-
-    # Set the output handle to autoflush
+around prepare_write => sub {
     *STDOUT->autoflush(1);
+    return shift->(@_);
+};
 
-    $self->NEXT::prepare_write($c);
-}
+=head2 $self->write($c, $buffer)
+
+Writes the buffer to the client.
+
+=cut
+
+around write => sub {
+    my $orig = shift;
+    my ( $self, $c, $buffer ) = @_;
+
+    # Prepend the headers if they have not yet been sent
+    if ( $self->_has_header_buf ) {
+        $buffer = $self->_clear_header_buf . $buffer;
+    }
+
+    return $self->$orig( $c, $buffer );
+};
 
 =head2 $self->read_chunk($c, $buffer, $length)
 
@@ -211,25 +271,22 @@ sub read_chunk { shift; shift; *STDIN->sysread(@_); }
 
 =cut
 
-sub run { shift; shift->handle_request(@_) }
+sub run { shift; shift->handle_request( env => \%ENV ) }
 
 =head1 SEE ALSO
 
-L<Catalyst> L<Catalyst::Engine>.
+L<Catalyst>, L<Catalyst::Engine>
 
 =head1 AUTHORS
 
-Sebastian Riedel, <sri@cpan.org>
-
-Christian Hansen, <ch@ngmedia.com>
-
-Andy Grundman, <andy@hybridized.org>
+Catalyst Contributors, see Catalyst.pm
 
 =head1 COPYRIGHT
 
-This program is free software, you can redistribute it and/or modify it under
+This library is free software. You can redistribute it and/or modify it under
 the same terms as Perl itself.
 
 =cut
+no Moose;
 
 1;