X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=ucw%2Fperl%2FUCW%2FCGI.pm;h=c8ec08db22666699ea52207b87372d3561ef8faa;hb=bb8ec9cc7c5020868dce8d9a0ff6b4ba9667fca9;hp=ff06a15ac633e6005f16a2ed50904cb486c9df24;hpb=9f14dd026cffccd83c6087923be2c9760bb7a016;p=libucw.git diff --git a/ucw/perl/UCW/CGI.pm b/ucw/perl/UCW/CGI.pm index ff06a15a..c8ec08db 100644 --- a/ucw/perl/UCW/CGI.pm +++ b/ucw/perl/UCW/CGI.pm @@ -6,10 +6,6 @@ # This software may be freely distributed and used according to the terms # of the GNU Lesser General Public License. -# FIXME: -# - respond with proper HTTP error codes -# - if we get invalid parameters, generate HTTP error or redirect - package UCW::CGI; # First of all, set up error handling, so that even errors during parsing @@ -62,6 +58,12 @@ our @EXPORT_OK = qw(); our $utf8_mode = 0; +sub http_error($;@) { + my $err = shift @_; + print join("\n", "Status: $err", "Content-Type: text/plain", @_, "", $err, ""); + exit; +} + ### Escaping ### sub url_escape($) { @@ -174,20 +176,22 @@ sub init_args() { if (my $qs = $ENV{"QUERY_STRING"}) { parse_raw_args($qs); } - if ($method eq "GET") { + if ($method eq "GET" || $method eq "HEAD") { } elsif ($method eq "POST") { - if ($ENV{"CONTENT_TYPE"} =~ /^application\/x-www-form-urlencoded\b/i) { + my $content_type = $ENV{"CONTENT_TYPE"} // ""; + if ($content_type =~ /^application\/x-www-form-urlencoded\b/i) { while () { chomp; parse_raw_args($_); } - } elsif ($ENV{"CONTENT_TYPE"} =~ /^multipart\/form-data\b/i) { + } elsif ($content_type =~ /^multipart\/form-data\b/i) { parse_multipart_form_data(); } else { - die "Unknown content type for POST data"; + http_error "415 Unsupported Media Type"; + exit; } } else { - die "Unknown request method"; + http_error "405 Method Not Allowed", "Allow: GET, HEAD, PUT"; } } @@ -288,13 +292,13 @@ sub get_mp_line($) { return undef; } } else { - die "Premature end of multipart POST data"; + http_error "400 Bad Request: Premature end of multipart POST data"; } } sub skip_mp_boundary() { if ($mp_buffer_boundary != $mp_buffer_i) { - die "Premature end of multipart POST data"; + http_error "400 Bad Request: Premature end of multipart POST data"; } $mp_buffer_boundary = -1; $mp_buffer_i += 2; @@ -333,8 +337,8 @@ sub parse_mp_header() { sub parse_multipart_form_data() { # First of all, find the boundary string my $ct = rfc822_prepare($ENV{"CONTENT_TYPE"}); - if (!(($boundary) = ($ct =~ /^.*;boundary=([^; ]+)/))) { - die "Multipart content with no boundary string received"; + if (!(($boundary) = ($ct =~ /^.*;\s*boundary=([^; ]+)/))) { + http_error "400 Bad Request: Multipart content with no boundary string received"; } $boundary = rfc822_deescape($boundary); print STDERR "BOUNDARY IS $boundary\n" if $debug; @@ -353,7 +357,7 @@ sub parse_multipart_form_data() { $max_allowed += $a->{"maxsize"} || 65536; } if ($size > $max_allowed) { - die "Maximum form data length exceeded"; + http_error "413 Request Entity Too Large"; } } @@ -378,7 +382,9 @@ sub parse_multipart_form_data() { (($field) = ($cdisp =~ /;name=([^;]+)/)) && ($a = $main_arg_table->{"$field"})) { print STDERR "FIELD $field\n" if $debug; - if (defined $h->{"content-transfer-encoding"}) { die "Unexpected Content-Transfer-Encoding"; } + if (defined $h->{"content-transfer-encoding"}) { + http_error "400 Bad Request: Unexpected Content-Transfer-Encoding"; + } if (defined $a->{"var"}) { while (defined (my $l = get_mp_line(1))) { print STDERR "VALUE $l\n" if $debug; @@ -400,7 +406,7 @@ sub parse_multipart_form_data() { print $fh substr($mp_buffer, $mp_buffer_i, $i); $mp_buffer_i += $i; $total_size += $i; - if ($total_size > $max_size) { die "Uploaded file too long"; } + if ($total_size > $max_size) { http_error "413 Request Entity Too Large"; } } $fh->flush(); # Don't close the handle, the file would disappear otherwise next PART;