From: Rafael Kitover Date: Thu, 30 Apr 2009 16:40:30 +0000 (+0000) Subject: C::C::WrapCGI - remove CGI env vars by default X-Git-Tag: 0.030~31 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=16bed4c40e198965df60e6d1fac5eee4e443a2f2;p=catagits%2FCatalyst-Controller-WrapCGI.git C::C::WrapCGI - remove CGI env vars by default --- diff --git a/Changes b/Changes index cb0b089..8ff86fd 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,8 @@ Revision history for Catalyst-Controller-WrapCGI +0.0034 2009-04-30 16:38:00 + - remove all CGI specific env vars by default (caelum) + 0.0033 2009-04-29 03:29:34 - fix for multiple file uploads (hdp) - file uploads support (caelum) diff --git a/lib/Catalyst/Controller/CGIBin.pm b/lib/Catalyst/Controller/CGIBin.pm index d38397b..33ae186 100644 --- a/lib/Catalyst/Controller/CGIBin.pm +++ b/lib/Catalyst/Controller/CGIBin.pm @@ -23,11 +23,11 @@ Catalyst::Controller::CGIBin - Serve CGIs from root/cgi-bin =head1 VERSION -Version 0.012 +Version 0.013 =cut -our $VERSION = '0.012'; +our $VERSION = '0.013'; =head1 SYNOPSIS diff --git a/lib/Catalyst/Controller/WrapCGI.pm b/lib/Catalyst/Controller/WrapCGI.pm index 63f07c9..2cdab0b 100644 --- a/lib/Catalyst/Controller/WrapCGI.pm +++ b/lib/Catalyst/Controller/WrapCGI.pm @@ -20,11 +20,11 @@ Catalyst::Controller::WrapCGI - Run CGIs in Catalyst =head1 VERSION -Version 0.0033 +Version 0.0034 =cut -our $VERSION = '0.0033'; +our $VERSION = '0.0034'; =head1 SYNOPSIS @@ -68,21 +68,27 @@ If you just want to run CGIs from files, see L. =head1 CONFIGURATION +=head2 pass_env + C<< $your_controller->{CGI}{pass_env} >> should be an array of environment variables or regular expressions to pass through to your CGIs. Entries surrounded by C characters are considered regular expressions. +=head2 kill_env + C<< $your_controller->{CGI}{kill_env} >> should be an array of environment variables or regular expressions to remove from the environment before passing it to your CGIs. Entries surrounded by C characters are considered regular expressions. -Default is to pass the whole of C<%ENV>, except for C and -C (that is, the default C is C<[ qw(MOD_PERL -CONTENT_TYPE) ]>. +Default is to pass the whole of C<%ENV>, except for entries listed in +L below. -C<< $your_controller->{CGI}{username_field} >> should be the field for your user's name, which will be -read from C<< $c->user->obj >>. Defaults to 'username'. +=head2 username_field + +C<< $your_controller->{CGI}{username_field} >> should be the field for your +user's name, which will be read from C<< $c->user->obj >>. Defaults to +'username'. See L for an example. @@ -231,6 +237,44 @@ sub wrap_cgi { return $env->response; } +=head1 FILTERED ENVIRONMENT + +If you don't use the L option to restrict which environment variables +are passed in, the default is to pass the whole of C<%ENV> except the variables +listed below. + + MOD_PERL + SERVER_SOFTWARE + SERVER_NAME + GATEWAY_INTERFACE + SERVER_PROTOCOL + SERVER_PORT + REQUEST_METHOD + PATH_INFO + PATH_TRANSLATED + SCRIPT_NAME + QUERY_STRING + REMOTE_HOST + REMOTE_ADDR + AUTH_TYPE + REMOTE_USER + REMOTE_IDENT + CONTENT_TYPE + CONTENT_LENGTH + HTTP_ACCEPT + HTTP_USER_AGENT + +C<%ENV> can be further trimmed using L. + +=cut + +my $DEFAULT_KILL_ENV = [qw/ + MOD_PERL SERVER_SOFTWARE SERVER_NAME GATEWAY_INTERFACE SERVER_PROTOCOL + SERVER_PORT REQUEST_METHOD PATH_INFO PATH_TRANSLATED SCRIPT_NAME QUERY_STRING + REMOTE_HOST REMOTE_ADDR AUTH_TYPE REMOTE_USER REMOTE_IDENT CONTENT_TYPE + CONTENT_LENGTH HTTP_ACCEPT HTTP_USER_AGENT +/]; + sub _filtered_env { my ($self, $env) = @_; my @ok; @@ -240,7 +284,7 @@ sub _filtered_env { $pass_env = [ $pass_env ] unless ref $pass_env; my $kill_env = $self->{CGI}{kill_env}; - $kill_env = [ 'MOD_PERL', 'CONTENT_TYPE' ] unless defined $kill_env; + $kill_env = $DEFAULT_KILL_ENV unless defined $kill_env; $kill_env = [ $kill_env ] unless ref $kill_env; if (@$pass_env) {