diff options
Diffstat (limited to 'lib/rack')
-rw-r--r-- | lib/rack/multipart.rb | 2 | ||||
-rw-r--r-- | lib/rack/query_parser.rb | 27 | ||||
-rw-r--r-- | lib/rack/request.rb | 2 | ||||
-rw-r--r-- | lib/rack/utils.rb | 8 |
4 files changed, 21 insertions, 18 deletions
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb index 2015a3d6..c522abdc 100644 --- a/lib/rack/multipart.rb +++ b/lib/rack/multipart.rb @@ -21,7 +21,7 @@ module Rack MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni class << self - def parse_multipart(env, params = QueryParser::DEFAULT) + def parse_multipart(env, params = Rack::Utils.default_query_parser) Parser.create(env, params).parse end diff --git a/lib/rack/query_parser.rb b/lib/rack/query_parser.rb index ca73f001..118bd704 100644 --- a/lib/rack/query_parser.rb +++ b/lib/rack/query_parser.rb @@ -12,10 +12,15 @@ module Rack # sequence. class InvalidParameterError < ArgumentError; end - attr_reader :params_class + def self.make_default(key_space_limit) + new Params, key_space_limit + end + + attr_reader :params_class, :key_space_limit - def initialize(params_class) + def initialize(params_class, key_space_limit) @params_class = params_class + @key_space_limit = key_space_limit end # Stolen from Mongrel, with some small modifications: @@ -103,7 +108,11 @@ module Rack end def make_params - @params_class.new + @params_class.new @key_space_limit + end + + def new(key_space_limit) + self.class.new @params_class, key_space_limit end private @@ -117,14 +126,8 @@ module Rack end class Params - class << self - # The default number of bytes to allow parameter keys to take up. - # This helps prevent a rogue client from flooding a Request. - attr_accessor :limit - end - - def initialize(limit = self.class.limit) - @limit = limit || 65536 + def initialize(limit) + @limit = limit @size = 0 @params = {} end @@ -160,7 +163,5 @@ module Rack hash end end - - DEFAULT = new(Params) end end diff --git a/lib/rack/request.rb b/lib/rack/request.rb index 8115bdbe..bbb15826 100644 --- a/lib/rack/request.rb +++ b/lib/rack/request.rb @@ -308,7 +308,7 @@ module Rack end def query_parser - QueryParser::DEFAULT + Utils.default_query_parser end def xhr? diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index e7d6a131..c00cec25 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -22,7 +22,9 @@ module Rack class << self attr_accessor :default_query_parser end - self.default_query_parser = QueryParser::DEFAULT + # The default number of bytes to allow parameter keys to take up. + # This helps prevent a rogue client from flooding a Request. + self.default_query_parser = QueryParser.make_default(65536) # URI escapes. (CGI style space to +) def escape(s) @@ -55,11 +57,11 @@ module Rack self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || ENV['RACK_MULTIPART_LIMIT'] || 128).to_i def self.key_space_limit - default_query_parser.params_class.limit + default_query_parser.key_space_limit end def self.key_space_limit=(v) - default_query_parser.params_class.limit = v + self.default_query_parser = self.default_query_parser.new(v) end def parse_query(qs, d = nil, &unescaper) |