Changeset 27234 in project


Ignore:
Timestamp:
08/12/12 15:05:49 (9 years ago)
Author:
sjamaan
Message:

intarweb: Add convenience procedure for reading urlencoded (POST) data, with a limiting factor

Location:
release/4/intarweb/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • release/4/intarweb/trunk/intarweb.scm

    r27106 r27234  
    3636
    3737(module intarweb
    38   (http-line-limit http-header-limit
     38  (http-line-limit http-header-limit http-urlencoded-request-data-limit
    3939   replace-header-contents replace-header-contents! remove-header remove-header!
    4040   update-header-contents update-header-contents! headers single-headers
     
    5454   http-0.9-request-unparser http-1.x-request-unparser
    5555   header-parse-error-handler
     56   read-urlencoded-request-data
    5657   
    5758   make-response response? response-major response-major-set!
     
    102103       base64 defstruct uri-common files)
    103104
    104 (define http-line-limit (make-parameter 1024))  ; #f if you want no limit
    105 (define http-header-limit (make-parameter 256)) ; #f if you want no limit
     105;; The below can all be #f if you want no limit
     106(define http-line-limit (make-parameter 1024))
     107(define http-header-limit (make-parameter 256))
     108(define http-urlencoded-request-data-limit (make-parameter (* 4 1024 1024)))
     109
     110(define (read-urlencoded-request-data
     111         request #!optional (max-length (http-urlencoded-request-data-limit)))
     112  (let* ((p (request-port request))
     113         (len (header-value 'content-length (request-headers request)))
     114         ;; For simplicity's sake, we don't allow exactly the max request limit
     115         (limit (if (and len max-length)
     116                    (min len max-length)
     117                    (or max-length len)))
     118         (data (read-string limit (request-port request))))
     119    (if (and (not (eof-object? data)) max-length (= max-length (string-length data)))
     120        (signal-http-condition "Max allowed URLencoded request size exceeded"
     121                               (list request max-length)
     122                               'urlencoded-request-data-limit-exceeded
     123                               'contents data 'limit limit)
     124        (form-urldecode data))))
    106125
    107126(define (safe-read-line p)
  • release/4/intarweb/trunk/tests/run.scm

    r27106 r27234  
    44(http-header-limit #f)
    55(http-line-limit #f)
     6(http-urlencoded-request-data-limit #f)
    67
    78(define-syntax test-error*
     
    816817   (test-error "Request line limit exceeded gives error"
    817818               (parameterize ((http-line-limit 5))
    818                  (test-read-request "GET /path HTTP/1.1\r\n\r\n")))))
     819                 (test-read-request "GET /path HTTP/1.1\r\n\r\n")))
     820   (test "Reading request body"
     821         '((abc . "def") (ghi . "jkl"))
     822         (let ((req (test-read-request
     823                     "GET / HTTP/1.1\r\nContent-Length: 15\r\n\r\nabc=def;ghi=jkl")))
     824           (read-urlencoded-request-data req)))
     825   (test "Reading request body with bigger limit"
     826         '((abc . "def"))
     827         (let ((req (test-read-request
     828                     "GET / HTTP/1.1\r\nContent-Length: 7\r\n\r\nabc=def")))
     829           ;; Test for 8, since 7 would error
     830           (parameterize ((http-urlencoded-request-data-limit 8))
     831            (read-urlencoded-request-data req))))
     832   (test-error "Request body limit exceeded gives error"
     833               (let ((req (test-read-request
     834                           "GET / HTTP/1.1\r\nContent-Length: 7\r\n\r\nabc=def")))
     835                 ;; This errors when the limit is hit, not when it is exceeded
     836                 (parameterize ((http-urlencoded-request-data-limit 7))
     837                   (read-urlencoded-request-data req))))))
    819838
    820839(define (test-write-request req . outputs)
Note: See TracChangeset for help on using the changeset viewer.