X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FEngine%2FCGI.pm;h=f9f9fa8114a589d6a956c711754acf291aba09ae;hb=4dfe7bde3aca93267c77e8537eff7535a31a7159;hp=fa2e23ed244eae0b773c15e50ec13d0aa7a4b10f;hpb=ae29b412955743885e80350085167b54b69672da;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Engine/CGI.pm b/lib/Catalyst/Engine/CGI.pm index fa2e23e..f9f9fa8 100644 --- a/lib/Catalyst/Engine/CGI.pm +++ b/lib/Catalyst/Engine/CGI.pm @@ -3,7 +3,6 @@ package Catalyst::Engine::CGI; use Moose; extends 'Catalyst::Engine'; -has env => (is => 'rw'); has _header_buf => (is => 'rw', clearer => '_clear_header_buf', predicate => '_has_header_buf'); =head1 NAME @@ -58,9 +57,9 @@ sub prepare_connection { PROXY_CHECK: { - unless ( $c->config->{using_frontend_proxy} ) { + unless ( ref($c)->config->{using_frontend_proxy} ) { last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1'; - last PROXY_CHECK if $c->config->{ignore_frontend_proxy}; + last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy}; } last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR}; @@ -68,11 +67,15 @@ sub prepare_connection { # as 127.0.0.1. Select the most recent upstream IP (last in the list) my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/; $request->address($ip); + if ( defined $ENV{HTTP_X_FORWARDED_PORT} ) { + $ENV{SERVER_PORT} = $ENV{HTTP_X_FORWARDED_PORT}; + } } $request->hostname( $ENV{REMOTE_HOST} ) if exists $ENV{REMOTE_HOST}; $request->protocol( $ENV{SERVER_PROTOCOL} ); - $request->user( $ENV{REMOTE_USER} ); + $request->user( $ENV{REMOTE_USER} ); # XXX: Deprecated. See Catalyst::Request for removal information + $request->remote_user( $ENV{REMOTE_USER} ); $request->method( $ENV{REQUEST_METHOD} ); if ( $ENV{HTTPS} && uc( $ENV{HTTPS} ) eq 'ON' ) { @@ -82,6 +85,7 @@ sub prepare_connection { if ( $ENV{SERVER_PORT} == 443 ) { $request->secure(1); } + binmode(STDOUT); # Ensure we are sending bytes. } =head2 $self->prepare_headers($c) @@ -104,6 +108,8 @@ sub prepare_headers { =cut +# Please don't touch this method without adding tests in +# t/aggregate/unit_core_engine_cgi-prepare_path.t sub prepare_path { my ( $self, $c ) = @_; local (*ENV) = $self->env || \%ENV; @@ -111,21 +117,25 @@ sub prepare_path { my $scheme = $c->request->secure ? 'https' : 'http'; my $host = $ENV{HTTP_HOST} || $ENV{SERVER_NAME}; my $port = $ENV{SERVER_PORT} || 80; + my $script_name = $ENV{SCRIPT_NAME}; + $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name; + my $base_path; if ( exists $ENV{REDIRECT_URL} ) { $base_path = $ENV{REDIRECT_URL}; - $base_path =~ s/$ENV{PATH_INFO}$//; + $base_path =~ s/\Q$ENV{PATH_INFO}\E$//; } else { - $base_path = $ENV{SCRIPT_NAME} || '/'; + $base_path = $script_name || '/'; } +# $base_path .= '/' unless $base_path =~ m{/$}; # If we are running as a backend proxy, get the true hostname PROXY_CHECK: { - unless ( $c->config->{using_frontend_proxy} ) { + unless ( ref($c)->config->{using_frontend_proxy} ) { last PROXY_CHECK if $host !~ /localhost|127.0.0.1/; - last PROXY_CHECK if $c->config->{ignore_frontend_proxy}; + last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy}; } last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST}; @@ -134,35 +144,60 @@ sub prepare_path { # backend could be on any port, so # assume frontend is on the default port $port = $c->request->secure ? 443 : 80; + if ( $ENV{HTTP_X_FORWARDED_PORT} ) { + $port = $ENV{HTTP_X_FORWARDED_PORT}; + } + } + + # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded, + # and cannot contain path-segment parameters." This means PATH_INFO + # is always decoded, and the script can't distinguish / vs %2F. + # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256 + # Here we try to resurrect the original encoded URI from REQUEST_URI. + my $path_info = $ENV{PATH_INFO}; + if (my $req_uri = $ENV{REQUEST_URI}) { + $req_uri =~ s/^\Q$base_path\E//; + $req_uri =~ s/\?.*$//; + if ($req_uri && $req_uri ne '/') { + # This means that REQUEST_URI needs information from PATH_INFO + # prepending to it to be useful, otherwise the sub path which is + # being redirected to becomes the app base address which is + # incorrect. + my ($match) = $req_uri =~ m{^(/?[^/]+)}; + my ($path_info_part) = $path_info =~ m|^(.*?\Q$match\E)|; + substr($req_uri, 0, length($match), $path_info_part) + if $path_info_part; + $path_info = $req_uri; + } } # set the request URI - my $path = $base_path . ( $ENV{PATH_INFO} || '' ); + my $path = $base_path . ( $path_info || '' ); $path =~ s{^/+}{}; - + # Using URI directly is way too slow, so we construct the URLs manually my $uri_class = "URI::$scheme"; - + # HTTP_HOST will include the port even if it's 80/443 $host =~ s/:(?:80|443)$//; - + if ( $port !~ /^(?:80|443)$/ && $host !~ /:/ ) { $host .= ":$port"; } - + # Escape the path $path =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go; $path =~ s/\?/%3F/g; # STUPID STUPID SPECIAL CASE - + my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : ''; my $uri = $scheme . '://' . $host . '/' . $path . $query; - $c->request->uri( bless \$uri, $uri_class ); + $c->request->uri( bless(\$uri, $uri_class)->canonical ); # set the base URI # base must end in a slash $base_path .= '/' unless $base_path =~ m{/$}; - + my $base_uri = $scheme . '://' . $host . $base_path; $c->request->base( bless \$base_uri, $uri_class ); @@ -233,7 +268,7 @@ sub read_chunk { shift; shift; *STDIN->sysread(@_); } =cut -sub run { shift; shift->handle_request(@_) } +sub run { shift; shift->handle_request( env => \%ENV ) } =head1 SEE ALSO @@ -245,7 +280,7 @@ Catalyst Contributors, see Catalyst.pm =head1 COPYRIGHT -This program is free software, you can redistribute it and/or modify it under +This library is free software. You can redistribute it and/or modify it under the same terms as Perl itself. =cut