Revision history for Perl extension Catalyst::Plugin::Static::Simple
0.09
- - Added support for squishing logs, depends on Cat 5.50.
- (Marcus Ramberg)
+ - Added new configuration options to improve security:
+ ignore_extensions - keep certain extensions from being static
+ - This option defaults to tt, html, and xhtml to prevent
+ template files from being accessible.
+ ignore_dirs - keep certain dirs from being static
- include_path is no longer experimental.
+ - Added support for hiding log output, depends on Cat 5.50.
+ (Marcus Ramberg)
0.08 2005-09-07 18:50:00
- Added tests for everything except Apache support.
t/05dirs.t
t/06include_path.t
t/07mime_types.t
+t/08subreq.t
+t/09ignore_ext.t
+t/10ignore_dirs.t
t/lib/TestApp.pm
t/lib/TestApp/root/always-static/test
t/lib/TestApp/root/css/static.css
t/lib/TestApp/root/files/bad.gif
t/lib/TestApp/root/files/err.omg
t/lib/TestApp/root/files/static.css
+t/lib/TestApp/root/ignored/bad.gif
+t/lib/TestApp/root/ignored/index.html
+t/lib/TestApp/root/ignored/static.css
+t/lib/TestApp/root/ignored/tmpl.tt
t/lib/TestApp/root/images/bad.gif
t/lib/TestApp/root/images/catalyst.png
t/lib/TestApp/root/incpath/incpath.css
+t/lib/TestApp/root/overlay/o-ignored/bad.gif
+t/lib/TestApp/root/overlay/o-ignored/index.html
+t/lib/TestApp/root/overlay/o-ignored/static.css
+t/lib/TestApp/root/overlay/o-ignored/tmpl.tt
t/lib/TestApp/root/overlay/overlay.jpg
MyApp->config->{static}. If you use any of these options, the module
will probably feel less "simple" to you!
+ Aborting request logging
+ Since Catalyst 5.50, there has been added support for dropping logging
+ for a request. This is enabled by default for static files, as static
+ requests tend to clutter the log output. However, if you want logging of
+ static requests, you can enable it by setting
+ MyApp->config->{static}->{no_logs} to 0.
+
Forcing directories into static mode
Define a list of top-level directories beneath your 'root' directory
that should always be served in static mode. Regular expressions may be
qr/^(images|css)/,
];
- Including additional directories (experimental!)
+ Including additional directories
You may specify a list of directories in which to search for your static
files. The directories will be searched in order and will return the
first file found. Note that your root directory is not automatically
die "No customer dir defined.";
}
}
+
+ Ignoring certain types of files
+ There are some file types you may not wish to serve as static files.
+ Most important in this category are your raw template files. By default,
+ files with the extensions tt, html, and xhtml will be ignored by
+ Static::Simple in the interest of security. If you wish to define your
+ own extensions to ignore, use the ignore_extensions option:
+
+ MyApp->config->{static}->{ignore_extensions} = [ qw/tt html xhtml/ ];
+
+ Ignoring entire directories
+ To prevent an entire directory from being served statically, you can use
+ the ignore_dirs option. This option contains a list of relative
+ directory paths to ignore. If using include_path, the path will be
+ checked against every included path.
+
+ MyApp->config->{static}->{ignore_dirs} = [ qw/tmpl css/ ];
+
+ For example, if combined with the above include_path setting, this
+ ignore_dirs value will ignore the following directories if they exist:
+
+ /path/to/overlay/tmpl
+ /path/to/overlay/css
+ /dynamic/path/tmpl
+ /dynamic/path/css
+ /your/app/home/root/tmpl
+ /your/app/home/root/css
Custom MIME types
To override or add to the default MIME types set by the MIME::Types
AUTHOR
Andy Grundman, <andy@hybridized.org>
+CONTRIBUTORS
+ Marcus Ramberg, <mramberg@cpan.org>
+
THANKS
The authors of Catalyst::Plugin::Static:
# display all log messages
if ( $c->config->{static}->{debug} && scalar @{$c->_debug_msg} ) {
- $c->log->debug( "Static::Simple: Serving " .
+ $c->log->debug( "Static::Simple: " .
join( " ", @{$c->_debug_msg} ) );
}
$c->config->{static}->{dirs} ||= [];
$c->config->{static}->{include_path} ||= [ $c->config->{root} ];
$c->config->{static}->{mime_types} ||= {};
- $c->config->{static}->{use_apache} ||= 0;
+ $c->config->{static}->{ignore_extensions} ||= [ qw/tt html xhtml/ ];
+ $c->config->{static}->{ignore_dirs} ||= [];
+ $c->config->{static}->{use_apache} ||= 0;
$c->config->{static}->{debug} ||= $c->debug;
if ( ! defined $c->config->{static}->{no_logs} ) {
$c->config->{static}->{no_logs} = 1;
my $dpaths;
my $count = 64; # maximum number of directories to search
+ DIR_CHECK:
while ( @ipaths && --$count) {
- my $dir = shift @ipaths || next;
+ my $dir = shift @ipaths || next DIR_CHECK;
if ( ref $dir eq 'CODE' ) {
eval { $dpaths = &$dir( $c ) };
$c->log->error( "Static::Simple: include_path error: " . $@ );
} else {
unshift( @ipaths, @$dpaths );
- next;
+ next DIR_CHECK;
}
} else {
$dir =~ s/\/$//xms;
if ( -d $dir && -f $dir . '/' . $path ) {
- $c->_debug_msg( $dir . "/" . $path )
+
+ # do we need to ignore the file?
+ for my $ignore ( @{ $c->config->{static}->{ignore_dirs} } ) {
+ $ignore =~ s{/$}{};
+ if ( $path =~ /^$ignore\// ) {
+ $c->_debug_msg( "Ignoring directory `$ignore`" )
+ if ( $c->config->{static}->{debug} );
+ next DIR_CHECK;
+ }
+ }
+
+ # do we need to ignore based on extension?
+ for my $ignore_ext
+ ( @{ $c->config->{static}->{ignore_extensions} } ) {
+ if ( $path =~ /.*\.${ignore_ext}$/ixms ) {
+ $c->_debug_msg( "Ignoring extension `$ignore_ext`" )
+ if ( $c->config->{static}->{debug} );
+ next DIR_CHECK;
+ }
+ }
+
+ $c->_debug_msg( 'Serving ' . $dir . '/' . $path )
if ( $c->config->{static}->{debug} );
return $c->_static_file( $dir . '/' . $path );
}
# check that Apache will serve the correct file
if ( $c->apache->document_root ne $c->config->{root} ) {
- $c->log->warn( "Static::Simple: Your Apache DocumentRoot"
- . " must be set to " . $c->config->{root}
- . " to use the Apache feature. Yours is"
- . " currently " . $c->apache->document_root
+ $c->log->warn( 'Static::Simple: Your Apache DocumentRoot'
+ . ' must be set to ' . $c->config->{root}
+ . ' to use the Apache feature. Yours is'
+ . ' currently ' . $c->apache->document_root
);
}
else {
- $c->_debug_msg( "DECLINED to Apache" )
+ $c->_debug_msg( 'DECLINED to Apache' )
if ( $c->config->{static}->{debug} );
$c->_static_apache_mode( $engine );
return;
die "No customer dir defined.";
}
}
+
+=head2 Ignoring certain types of files
+
+There are some file types you may not wish to serve as static files. Most
+important in this category are your raw template files. By default, files
+with the extensions tt, html, and xhtml will be ignored by Static::Simple in
+the interest of security. If you wish to define your own extensions to
+ignore, use the ignore_extensions option:
+
+ MyApp->config->{static}->{ignore_extensions} = [ qw/tt html xhtml/ ];
+
+=head2 Ignoring entire directories
+
+To prevent an entire directory from being served statically, you can use the
+ignore_dirs option. This option contains a list of relative directory paths
+to ignore. If using include_path, the path will be checked against every
+included path.
+
+ MyApp->config->{static}->{ignore_dirs} = [ qw/tmpl css/ ];
+
+For example, if combined with the above include_path setting, this
+ignore_dirs value will ignore the following directories if they exist:
+
+ /path/to/overlay/tmpl
+ /path/to/overlay/css
+ /dynamic/path/tmpl
+ /dynamic/path/css
+ /your/app/home/root/tmpl
+ /your/app/home/root/css
=head2 Custom MIME types
\r
SKIP:\r
{\r
- if ( ! TestApp->isa('Catalyst::Plugin::SubRequest') ) {\r
- skip "Install the SubRequest plugin for these tests", 2;\r
- }\r
+ #unless ( TestApp->isa('Catalyst::Plugin::SubRequest') ) {\r
+ #skip "Install the SubRequest plugin for these tests", 2;\r
+ #}\r
+ \r
+ # skip this for now, until patched SubRequest is released\r
+ skip "Awaiting patched SubRequest release", 2;\r
\r
ok( my $res = request('http://localhost/subtest'), 'Request' );\r
is( $res->content, 'subtest2 ok', 'SubRequest ok' );\r
--- /dev/null
+#!perl
+
+use strict;
+use warnings;
+
+use FindBin;
+use lib "$FindBin::Bin/lib";
+
+use Test::More tests => 4;
+use Catalyst::Test 'TestApp';
+
+# test ignoring extensions
+# default is tt/html/xhtml
+
+ok( my $res = request('http://localhost/ignored/tmpl.tt'), 'request ok' );
+is( $res->content, 'default', 'ignored extension tt ok' );
+
+ok( $res = request('http://localhost/ignored/index.html'), 'request ok' );
+is( $res->content, 'default', 'ignored extension html ok' );
--- /dev/null
+#!perl
+
+use strict;
+use warnings;
+
+use FindBin;
+use lib "$FindBin::Bin/lib";
+
+use Test::More tests => 6;
+use Catalyst::Test 'TestApp';
+
+# test ignoring directories
+TestApp->config->{static}->{ignore_dirs} = [ qw/ignored o-ignored files/ ];
+
+# test altenate root dirs
+TestApp->config->{static}->{include_path} = [
+ TestApp->config->{root} . '/overlay',
+ TestApp->config->{root},
+];
+
+ok( my $res = request('http://localhost/ignored/bad.gif'), 'request ok' );
+is( $res->content, 'default', 'ignored directory `ignored` ok' );
+
+ok( $res = request('http://localhost/files/static.css'), 'request ok' );
+is( $res->content, 'default', 'ignored directory `files` ok' );
+
+ok( $res = request('http://localhost/o-ignored/bad.gif'), 'request ok' );
+is( $res->content, 'default', 'ignored overlay directory ok' );
name => 'TestApp',\r
);\r
\r
-my @plugins = qw/-Debug Static::Simple/;\r
+my @plugins = qw/Static::Simple/;\r
\r
# load the SubRequest plugin if available\r
eval { require Catalyst::Plugin::SubRequest; };\r
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}
--- /dev/null
+body {
+ background: #fff;
+}