Hello community, here is the log from the commit of package perl-Mojolicious for openSUSE:Factory checked in at 2017-02-10 09:49:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Mojolicious (Old) and /work/SRC/openSUSE:Factory/.perl-Mojolicious.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Mojolicious" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Mojolicious/perl-Mojolicious.changes 2017-02-03 18:54:14.324152500 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Mojolicious.new/perl-Mojolicious.changes 2017-02-10 09:50:13.403673770 +0100 @@ -1,0 +2,15 @@ +Mon Jan 30 06:06:15 UTC 2017 - [email protected] + +- updated to 7.23 + see /usr/share/doc/packages/perl-Mojolicious/Changes + + 7.23 2017-01-29 + - Added max_request_size attribute to Mojolicious. + - Added max_response_size attribute to Mojo::UserAgent. + - Added to_unsafe_string method to Mojo::URL. + - Added -S option to get command. + - Fixed a data corruption problem in Mojo::IOLoop::Stream, caused by a + dependency of IO::Socket::SSL on the internal representation of strings, + which differs from IO::Socket::IP. (coolo, sri) + +------------------------------------------------------------------- Old: ---- Mojolicious-7.22.tar.gz New: ---- Mojolicious-7.23.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Mojolicious.spec ++++++ --- /var/tmp/diff_new_pack.K8RIAp/_old 2017-02-10 09:50:14.375536357 +0100 +++ /var/tmp/diff_new_pack.K8RIAp/_new 2017-02-10 09:50:14.379535792 +0100 @@ -17,7 +17,7 @@ Name: perl-Mojolicious -Version: 7.22 +Version: 7.23 Release: 0 %define cpan_name Mojolicious Summary: Real-time web framework ++++++ Mojolicious-7.22.tar.gz -> Mojolicious-7.23.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/Changes new/Mojolicious-7.23/Changes --- old/Mojolicious-7.22/Changes 2017-01-25 21:17:33.000000000 +0100 +++ new/Mojolicious-7.23/Changes 2017-01-29 22:33:08.000000000 +0100 @@ -1,4 +1,13 @@ +7.23 2017-01-29 + - Added max_request_size attribute to Mojolicious. + - Added max_response_size attribute to Mojo::UserAgent. + - Added to_unsafe_string method to Mojo::URL. + - Added -S option to get command. + - Fixed a data corruption problem in Mojo::IOLoop::Stream, caused by a + dependency of IO::Socket::SSL on the internal representation of strings, + which differs from IO::Socket::IP. (coolo, sri) + 7.22 2017-01-25 - Added ports method to Mojo::Server::Daemon. - Added remove_tree method to Mojo::File. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/META.json new/Mojolicious-7.23/META.json --- old/Mojolicious-7.22/META.json 2017-01-26 00:09:02.000000000 +0100 +++ new/Mojolicious-7.23/META.json 2017-01-29 22:42:04.000000000 +0100 @@ -58,6 +58,6 @@ }, "x_IRC" : "irc://irc.perl.org/#mojo" }, - "version" : "7.22", + "version" : "7.23", "x_serialization_backend" : "JSON::PP version 2.27400" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/META.yml new/Mojolicious-7.23/META.yml --- old/Mojolicious-7.22/META.yml 2017-01-26 00:09:02.000000000 +0100 +++ new/Mojolicious-7.23/META.yml 2017-01-29 22:42:04.000000000 +0100 @@ -31,5 +31,5 @@ homepage: http://mojolicious.org license: http://www.opensource.org/licenses/artistic-license-2.0 repository: https://github.com/kraih/mojo.git -version: '7.22' +version: '7.23' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/IOLoop/Stream.pm new/Mojolicious-7.23/lib/Mojo/IOLoop/Stream.pm --- old/Mojolicious-7.22/lib/Mojo/IOLoop/Stream.pm 2016-08-27 04:52:25.000000000 +0200 +++ new/Mojolicious-7.23/lib/Mojo/IOLoop/Stream.pm 2017-01-29 22:33:08.000000000 +0100 @@ -77,6 +77,8 @@ sub write { my ($self, $chunk, $cb) = @_; + # IO::Socket::SSL will corrupt data with the wrong internal representation + utf8::downgrade $chunk; $self->{buffer} .= $chunk; if ($cb) { $self->once(drain => $cb) } elsif (!length $self->{buffer}) { return $self } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/Message/Request.pm new/Mojolicious-7.23/lib/Mojo/Message/Request.pm --- old/Mojolicious-7.22/lib/Mojo/Message/Request.pm 2016-07-19 02:38:18.000000000 +0200 +++ new/Mojolicious-7.23/lib/Mojo/Message/Request.pm 2017-01-29 22:33:08.000000000 +0100 @@ -410,8 +410,8 @@ than just the last one, you can use L</"every_param">. Note that this method caches all data, so it should not be called before the entire request body has been received. Parts of the request body need to be loaded into memory to parse -C<POST> parameters, so you have to make sure it is not excessively large, -there's a 16MB limit by default. +C<POST> parameters, so you have to make sure it is not excessively large. +There's a 16MB limit for requests by default. =head2 params @@ -422,8 +422,8 @@ usually a L<Mojo::Parameters> object. Note that this method caches all data, so it should not be called before the entire request body has been received. Parts of the request body need to be loaded into memory to parse C<POST> parameters, -so you have to make sure it is not excessively large, there's a 16MB limit by -default. +so you have to make sure it is not excessively large. There's a 16MB limit for +requests by default. # Get parameter names and values my $hash = $req->params->to_hash; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/Message/Response.pm new/Mojolicious-7.23/lib/Mojo/Message/Response.pm --- old/Mojolicious-7.22/lib/Mojo/Message/Response.pm 2016-12-21 13:15:18.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojo/Message/Response.pm 2017-01-29 22:33:08.000000000 +0100 @@ -6,6 +6,7 @@ use Mojo::Util 'deprecated'; has [qw(code message)]; +has max_message_size => sub { $ENV{MOJO_MAX_MESSAGE_SIZE} // 2147483648 }; # Umarked codes are from RFC 7231 my %MESSAGES = ( @@ -212,6 +213,15 @@ HTTP response status code. +=head2 max_message_size + + my $size = $res->max_message_size; + $res = $res->max_message_size(1024); + +Maximum message size in bytes, defaults to the value of the +C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<2147483648> (2GB). Setting +the value to C<0> will allow messages of indefinite size. + =head2 message my $msg = $res->message; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/Message.pm new/Mojolicious-7.23/lib/Mojo/Message.pm --- old/Mojolicious-7.22/lib/Mojo/Message.pm 2016-12-21 00:46:14.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojo/Message.pm 2017-01-29 22:33:08.000000000 +0100 @@ -389,10 +389,7 @@ Maximum message size in bytes, defaults to the value of the C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<16777216> (16MB). Setting -the value to C<0> will allow messages of indefinite size. Note that increasing -this value can also drastically increase memory usage, should you for example, -attempt to parse an excessively large message body with the L</"body_params">, -L</"dom"> or L</"json"> methods. +the value to C<0> will allow messages of indefinite size. =head2 version @@ -423,7 +420,8 @@ that this method caches all data, so it should not be called before the entire message body has been received. Parts of the message body need to be loaded into memory to parse C<POST> parameters, so you have to make sure it is not -excessively large, there's a 16MB limit by default. +excessively large. There's a 16MB limit for requests and a 2GB limit for +responses by default. # Get POST parameter names and values my $hash = $msg->body_params->to_hash; @@ -481,8 +479,8 @@ right away, which then returns a L<Mojo::Collection> object. Note that this method caches all data, so it should not be called before the entire message body has been received. The whole message body needs to be loaded into memory -to parse it, so you have to make sure it is not excessively large, there's a -16MB limit by default. +to parse it, so you have to make sure it is not excessively large. There's a +16MB limit for requests and a 2GB limit for responses by default. # Perform "find" right away say $msg->dom('h1, h2, h3')->map('text')->join("\n"); @@ -604,7 +602,8 @@ Note that this method caches all data, so it should not be called before the entire message body has been received. The whole message body needs to be loaded into memory to parse it, so you have to make sure it is not excessively -large, there's a 16MB limit by default. +large. There's a 16MB limit for requests and a 2GB limit for responses by +default. # Extract JSON values say $msg->json->{foo}{bar}[23]; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/URL.pm new/Mojolicious-7.23/lib/Mojo/URL.pm --- old/Mojolicious-7.22/lib/Mojo/URL.pm 2017-01-11 18:23:42.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojo/URL.pm 2017-01-29 22:33:08.000000000 +0100 @@ -63,9 +63,9 @@ $self->path($5) if defined $5; $self->query($7) if defined $7; $self->fragment(_decode(url_unescape $9)) if defined $9; - if (defined(my $authority = $4)) { - $self->userinfo(_decode(url_unescape $1)) if $authority =~ s/^([^\@]+)\@//; - $self->host_port($authority); + if (defined(my $auth = $4)) { + $self->userinfo(_decode(url_unescape $1)) if $auth =~ s/^([^\@]+)\@//; + $self->host_port($auth); } return $self; @@ -148,31 +148,38 @@ return $abs; } -sub to_string { - my $self = shift; +sub to_string { shift->_string(0) } +sub to_unsafe_string { shift->_string(1) } + +sub username { (shift->userinfo // '') =~ /^([^:]+)/ ? $1 : undef } + +sub _decode { decode('UTF-8', $_[0]) // $_[0] } + +sub _encode { url_escape encode('UTF-8', $_[0]), $_[1] } + +sub _string { + my ($self, $unsafe) = @_; # Scheme my $url = ''; if (my $proto = $self->protocol) { $url .= "$proto:" } - # Authority (without userinfo) - my $authority = $self->host_port; - $url .= "//$authority" if defined $authority; + # Authority + my $auth = $self->host_port; + if ($unsafe && defined(my $info = $self->userinfo)) { + $auth = _encode($info, '^A-Za-z0-9\-._~!$&\'()*+,;=:') . '@' . $auth; + } + $url .= "//$auth" if defined $auth; # Path and query my $path = $self->path_query; - $url .= !$authority || !length $path || $path =~ m!^[/?]! ? $path : "/$path"; + $url .= !$auth || !length $path || $path =~ m!^[/?]! ? $path : "/$path"; # Fragment return $url unless defined(my $fragment = $self->fragment); - return $url . '#' . url_escape encode('UTF-8', $fragment), - '^A-Za-z0-9\-._~!$&\'()*+,;=:@/?'; + return $url . '#' . _encode($fragment, '^A-Za-z0-9\-._~!$&\'()*+,;=:@/?'); } -sub username { (shift->userinfo // '') =~ /^([^:]+)/ ? $1 : undef } - -sub _decode { decode('UTF-8', $_[0]) // $_[0] } - 1; =encoding utf8 @@ -477,6 +484,15 @@ # "http://mojolicious.org"; Mojo::URL->new('http://daniel:[email protected]')->to_string; +=head2 to_unsafe_string + + my $str = $url->to_unsafe_string; + +Same as L</"to_string">, but includes L</"userinfo">. + + # "http://daniel:[email protected]"; + Mojo::URL->new('http://daniel:[email protected]')->to_unsafe_string; + =head2 username my $username = $url->username; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojo/UserAgent.pm new/Mojolicious-7.23/lib/Mojo/UserAgent.pm --- old/Mojolicious-7.22/lib/Mojo/UserAgent.pm 2017-01-15 17:02:28.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojo/UserAgent.pm 2017-01-29 22:33:08.000000000 +0100 @@ -17,7 +17,7 @@ has cert => sub { $ENV{MOJO_CERT_FILE} }; has connect_timeout => sub { $ENV{MOJO_CONNECT_TIMEOUT} || 10 }; has cookie_jar => sub { Mojo::UserAgent::CookieJar->new }; -has 'local_address'; +has [qw(local_address max_response_size)]; has inactivity_timeout => sub { $ENV{MOJO_INACTIVITY_TIMEOUT} // 20 }; has ioloop => sub { Mojo::IOLoop->new }; has key => sub { $ENV{MOJO_KEY_FILE} }; @@ -298,6 +298,8 @@ } $_->prepare($tx) for $self->proxy, $self->cookie_jar; + my $max = $self->max_response_size; + $tx->res->max_message_size($max) if defined $max; # Connect and add request timeout if necessary my $id = $self->emit(start => $tx)->_connection($loop, $tx, $cb); @@ -573,6 +575,18 @@ defaults to the value of the C<MOJO_MAX_REDIRECTS> environment variable or C<0>. +=head2 max_response_size + + my $max = $ua->max_response_size; + $ua = $ua->max_response_size(16777216); + +Maximum response size in bytes, defaults to the value of +L<Mojo::Message::Response/"max_message_size">. Setting the value to C<0> will +allow responses of indefinite size. Note that increasing this value can also +drastically increase memory usage, should you for example attempt to parse an +excessively large response body with the methods L<Mojo::Message/"dom"> or +L<Mojo::Message/"json">. + =head2 proxy my $proxy = $ua->proxy; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Command/get.pm new/Mojolicious-7.23/lib/Mojolicious/Command/get.pm --- old/Mojolicious-7.22/lib/Mojolicious/Command/get.pm 2017-01-19 11:30:58.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojolicious/Command/get.pm 2017-01-29 22:33:08.000000000 +0100 @@ -15,14 +15,16 @@ sub run { my ($self, @args) = @_; + my $ua = Mojo::UserAgent->new(ioloop => Mojo::IOLoop->singleton); getopt \@args, 'C|charset=s' => \my $charset, 'c|content=s' => \(my $content = ''), 'H|header=s' => \my @headers, - 'i|inactivity-timeout=i' => \my $inactivity, + 'i|inactivity-timeout=i' => sub { $ua->inactivity_timeout($_[1]) }, 'M|method=s' => \(my $method = 'GET'), - 'o|connect-timeout=i' => \my $connect, + 'o|connect-timeout=i' => sub { $ua->connect_timeout($_[1]) }, 'r|redirect' => \my $redirect, + 'S|response-size=i' => sub { $ua->max_response_size($_[1]) }, 'v|verbose' => \my $verbose; @args = map { decode 'UTF-8', $_ } @args; @@ -33,13 +35,9 @@ my %headers = map { /^\s*([^:]+)\s*:\s*(.*+)$/ ? ($1, $2) : () } @headers; # Detect proxy for absolute URLs - my $ua = Mojo::UserAgent->new(ioloop => Mojo::IOLoop->singleton); $url !~ m!^/! ? $ua->proxy->detect : $ua->server->app($self->app); $ua->max_redirects(10) if $redirect; - $ua->inactivity_timeout($inactivity) if defined $inactivity; - $ua->connect_timeout($connect) if $connect; - my $buffer = ''; $ua->on( start => sub { @@ -65,16 +63,14 @@ $verbose = 1 if $method eq 'HEAD'; STDOUT->autoflush(1); my $tx = $ua->start($ua->build_tx($method, $url, \%headers, $content)); - my $err = $tx->error; - warn qq{Problem loading URL "@{[$tx->req->url]}": $err->{message}\n} - if $err && !$err->{code}; + my $res = $tx->result; # JSON Pointer return unless defined $selector; return _json($buffer, $selector) if !length $selector || $selector =~ m!^/!; # Selector - $charset //= $tx->res->content->charset || $tx->res->default_charset; + $charset //= $res->content->charset || $res->default_charset; _select($buffer, $selector, $charset, @args); } @@ -163,6 +159,8 @@ -o, --connect-timeout <seconds> Connect timeout, defaults to the value of MOJO_CONNECT_TIMEOUT or 10 -r, --redirect Follow up to 10 redirects + -S, --response-size <size> Maximum response size in bytes, + defaults to 2147483648 (2GB) -v, --verbose Print request and response headers to STDERR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Controller.pm new/Mojolicious-7.23/lib/Mojolicious/Controller.pm --- old/Mojolicious-7.22/lib/Mojolicious/Controller.pm 2017-01-10 11:31:44.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojolicious/Controller.pm 2017-01-29 22:33:08.000000000 +0100 @@ -583,8 +583,8 @@ message body, in that order. If there are multiple values sharing the same name, and you want to access more than just the last one, you can use L</"every_param">. Parts of the request body need to be loaded into memory to -parse C<POST> parameters, so you have to make sure it is not excessively large, -there's a 16MB limit by default. +parse C<POST> parameters, so you have to make sure it is not excessively large. +There's a 16MB limit for requests by default. # Get first value my $first = $c->every_param('foo')->[0]; @@ -931,7 +931,7 @@ the query string and C<application/x-www-form-urlencoded> or C<multipart/form-data> message body. Parts of the request body need to be loaded into memory to parse C<POST> parameters, so you have to make sure it is not -excessively large, there's a 16MB limit by default. +excessively large. There's a 16MB limit for requests by default. # Validate GET/POST parameter my $validation = $c->validation; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Guides/Cookbook.pod new/Mojolicious-7.23/lib/Mojolicious/Guides/Cookbook.pod --- old/Mojolicious-7.22/lib/Mojolicious/Guides/Cookbook.pod 2017-01-19 11:22:13.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojolicious/Guides/Cookbook.pod 2017-01-29 22:33:08.000000000 +0100 @@ -1119,13 +1119,12 @@ my $tx = $ua->get('https://www.github.com/kraih/mojo/tarball/master'); $tx->res->content->asset->move_to('mojo.tar.gz'); -To protect you from excessively large files there is also a limit of 16MB by +To protect you from excessively large files there is also a limit of 2GB by default, which you can tweak with the attribute -L<Mojo::Message/"max_message_size"> or C<MOJO_MAX_MESSAGE_SIZE> environment -variable. +L<Mojo::UserAgent/"max_response_size">. - # Increase limit to 1GB - $ENV{MOJO_MAX_MESSAGE_SIZE} = 1073741824; + # Increase limit to 10GB + $ua->max_response_size(10737418240); =head2 Large file upload @@ -1148,13 +1147,12 @@ use Mojo::UserAgent; + # Accept responses of indefinite size + my $ua = Mojo::UserAgent->new(max_response_size => 0); + # Build a normal transaction - my $ua = Mojo::UserAgent->new; my $tx = $ua->build_tx(GET => 'http://example.com'); - # Accept response of indefinite size - $tx->res->max_message_size(0); - # Replace "read" events to disable default content parser $tx->res->content->unsubscribe('read')->on(read => sub { my ($content, $bytes) = @_; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Guides/FAQ.pod new/Mojolicious-7.23/lib/Mojolicious/Guides/FAQ.pod --- old/Mojolicious-7.22/lib/Mojolicious/Guides/FAQ.pod 2016-09-08 20:22:50.000000000 +0200 +++ new/Mojolicious-7.23/lib/Mojolicious/Guides/FAQ.pod 2017-01-29 22:33:08.000000000 +0100 @@ -189,9 +189,10 @@ To protect your applications from excessively large requests and responses, our HTTP parser has a cap after which it will automatically stop accepting new -data, and in most cases force the connection to be closed. The limit is 16MB by -default, you can use the attribute L<Mojo::Message/"max_message_size"> or -C<MOJO_MAX_MESSAGE_SIZE> environment variable to change this value. +data, and in most cases force the connection to be closed. The limit is 16MB for +requests, and 2GB for responses by default. You can use the attributes +L<Mojolicious/"max_request_size"> and L<Mojo::UserAgent/"max_response_size"> to +change these values. =head2 What does the error "Maximum start-line size exceeded" mean? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Guides/Tutorial.pod new/Mojolicious-7.23/lib/Mojolicious/Guides/Tutorial.pod --- old/Mojolicious-7.22/lib/Mojolicious/Guides/Tutorial.pod 2016-09-01 21:57:29.000000000 +0200 +++ new/Mojolicious-7.23/lib/Mojolicious/Guides/Tutorial.pod 2017-01-29 22:33:08.000000000 +0100 @@ -834,11 +834,10 @@ To protect you from excessively large files there is also a limit of 16MB by default, which you can tweak with the attribute -L<Mojo::Message/"max_message_size"> or C<MOJO_MAX_MESSAGE_SIZE> environment -variable. +L<Mojolicious/"max_request_size">. # Increase limit to 1GB - $ENV{MOJO_MAX_MESSAGE_SIZE} = 1073741824; + app->max_request_size(1073741824); =head2 User agent diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious/Lite.pm new/Mojolicious-7.23/lib/Mojolicious/Lite.pm --- old/Mojolicious-7.22/lib/Mojolicious/Lite.pm 2017-01-09 18:47:43.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojolicious/Lite.pm 2017-01-29 22:33:08.000000000 +0100 @@ -21,8 +21,7 @@ push @{"${caller}::ISA"}, 'Mojo'; # Generate moniker based on filename - my $moniker = path($ENV{MOJO_EXE})->basename; - $moniker =~ s/\.(?:pl|pm|t)$//i; + my $moniker = path($ENV{MOJO_EXE})->basename('.pl', '.pm', '.t'); my $app = shift->new(moniker => $moniker); # Initialize routes without namespaces @@ -34,8 +33,7 @@ for my $name (qw(any get options patch post put websocket)) { monkey_patch $caller, $name, sub { $routes->$name(@_) }; } - monkey_patch $caller, $_, sub {$app} - for qw(new app); + monkey_patch($caller, $_, sub {$app}) for qw(new app); monkey_patch $caller, del => sub { $routes->delete(@_) }; monkey_patch $caller, group => sub (&) { (my $old, $root) = ($root, $routes); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/lib/Mojolicious.pm new/Mojolicious-7.23/lib/Mojolicious.pm --- old/Mojolicious-7.22/lib/Mojolicious.pm 2017-01-22 15:29:08.000000000 +0100 +++ new/Mojolicious-7.23/lib/Mojolicious.pm 2017-01-29 22:33:08.000000000 +0100 @@ -37,6 +37,7 @@ # Reduced log output outside of development mode return $mode eq 'development' ? $log : $log->level('info'); }; +has 'max_request_size'; has mode => sub { $ENV{MOJO_MODE} || $ENV{PLACK_ENV} || 'development' }; has moniker => sub { Mojo::Util::decamelize ref shift }; has plugins => sub { Mojolicious::Plugins->new }; @@ -57,7 +58,7 @@ has validator => sub { Mojolicious::Validator->new }; our $CODENAME = 'Doughnut'; -our $VERSION = '7.22'; +our $VERSION = '7.23'; sub AUTOLOAD { my $self = shift; @@ -92,8 +93,12 @@ sub build_tx { my $self = shift; - my $tx = Mojo::Transaction::HTTP->new; + + my $tx = Mojo::Transaction::HTTP->new; + my $max = $self->max_request_size; + $tx->req->max_message_size($max) if defined $max; $self->plugins->emit_hook(after_build_tx => $tx, $self); + return $tx; } @@ -412,6 +417,18 @@ # Log debug message $app->log->debug('It works'); +=head2 max_request_size + + my $max = $app->max_request_size; + $app = $app->max_request_size(16777216); + +Maximum request size in bytes, defaults to the value of +L<Mojo::Message/"max_message_size">. Setting the value to C<0> will allow +requests of indefinite size. Note that increasing this value can also +drastically increase memory usage, should you for example attempt to parse an +excessively large request body with the methods L<Mojo::Message/"dom"> or +L<Mojo::Message/"json">. + =head2 mode my $mode = $app->mode; @@ -1034,6 +1051,8 @@ Steffen Ullrich +Stephan Kulow + Stephane Este-Gracias Steve Atkins diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojo/ioloop_tls.t new/Mojolicious-7.23/t/mojo/ioloop_tls.t --- old/Mojolicious-7.22/t/mojo/ioloop_tls.t 2017-01-15 14:01:00.000000000 +0100 +++ new/Mojolicious-7.23/t/mojo/ioloop_tls.t 2017-01-29 22:33:08.000000000 +0100 @@ -30,15 +30,18 @@ # openssl req -x509 -days 7300 -key bad.key -in bad.csr -out bad.crt use Mojo::IOLoop; -# Built-in certificate +# Built-in certificate (and upgraded string) my $loop = Mojo::IOLoop->new; my $delay = $loop->delay; +my $upgraded + = "\x01\x00\x00\x00\x00\x00\xD0\x00\x0A\x00\x0B\x00\x00\x00\x84\x0B"; +utf8::upgrade $upgraded; my ($server, $client); my $end = $delay->begin; my $id = $loop->server( {address => '127.0.0.1', tls => 1} => sub { my ($loop, $stream) = @_; - $stream->write('test' => sub { shift->write('321') }); + $stream->write($upgraded => sub { shift->write('321') }); $stream->on(close => $end); $stream->on(read => sub { $server .= pop }); } @@ -55,8 +58,8 @@ } ); $delay->wait; -is $server, 'tset123', 'right content'; -is $client, 'test321', 'right content'; +is $server, 'tset123', 'right content'; +is $client, "${upgraded}321", 'right content'; # Valid client certificate $delay = Mojo::IOLoop->delay; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojo/request.t new/Mojolicious-7.23/t/mojo/request.t --- old/Mojolicious-7.22/t/mojo/request.t 2017-01-11 18:25:50.000000000 +0100 +++ new/Mojolicious-7.23/t/mojo/request.t 2017-01-29 22:33:08.000000000 +0100 @@ -10,8 +10,12 @@ use Mojo::URL; use Mojo::Util 'encode'; -# Parse HTTP 1.1 message with huge "Cookie" header exceeding all limits +# Defaults my $req = Mojo::Message::Request->new; +is $req->max_message_size, 16777216, 'right default'; + +# Parse HTTP 1.1 message with huge "Cookie" header exceeding all limits +$req = Mojo::Message::Request->new; my $finished; $req->max_message_size($req->headers->max_line_size); my $huge = 'a=b; ' x $req->max_message_size; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojo/response.t new/Mojolicious-7.23/t/mojo/response.t --- old/Mojolicious-7.22/t/mojo/response.t 2016-12-21 00:12:31.000000000 +0100 +++ new/Mojolicious-7.23/t/mojo/response.t 2017-01-29 22:33:08.000000000 +0100 @@ -9,8 +9,12 @@ use Mojo::Message::Response; use Mojo::Util 'encode'; -# Common status codes +# Defaults my $res = Mojo::Message::Response->new; +is $res->max_message_size, 2147483648, 'right default'; + +# Common status codes +$res = Mojo::Message::Response->new; is $res->code(100)->default_message, 'Continue', 'right message'; is $res->code(101)->default_message, 'Switching Protocols', 'right message'; is $res->code(102)->default_message, 'Processing', 'right message'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojo/url.t new/Mojolicious-7.23/t/mojo/url.t --- old/Mojolicious-7.22/t/mojo/url.t 2017-01-11 18:24:52.000000000 +0100 +++ new/Mojolicious-7.23/t/mojo/url.t 2017-01-29 22:33:08.000000000 +0100 @@ -42,6 +42,9 @@ is $url->host, 'localhost', 'right host'; is $url->fragment, 'AZaz09-._~!$&\'()*+,;=:@/?', 'right fragment'; is "$url", 'ws://localhost#AZaz09-._~!$&\'()*+,;=:@/?', 'right format'; +is $url->to_unsafe_string, + 'ws://AZaz09-._~!$&\'()*+,;=:@localhost#AZaz09-._~!$&\'()*+,;=:@/?', + 'right format'; # Parameters $url = Mojo::URL->new( @@ -373,6 +376,9 @@ is $url->fragment, '☃', 'right fragment'; is "$url", 'http://xn--n3h.xn--n3h.de/%E2%98%83?%E2%98%83#%E2%98%83', 'right format'; +is $url->to_unsafe_string, + 'http://%E2%98%83:%e2%[email protected]/%E2%98%83?%E2%98%83#%E2%98%83', + 'right format'; # IRI/IDNA $url = Mojo::URL->new('http://☃.net/♥/?q=♥☃'); @@ -415,6 +421,7 @@ is $url->host, 'foo.com', 'right host'; is $url->fragment, '0', 'right fragment'; is "$url", 'http://foo.com#0', 'right format'; +is $url->to_unsafe_string, 'http://[email protected]#0', 'right format'; # Empty path elements $url = Mojo::URL->new('http://example.com/foo//bar/23/'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojo/user_agent.t new/Mojolicious-7.23/t/mojo/user_agent.t --- old/Mojolicious-7.22/t/mojo/user_agent.t 2017-01-15 17:02:28.000000000 +0100 +++ new/Mojolicious-7.23/t/mojo/user_agent.t 2017-01-29 22:33:08.000000000 +0100 @@ -156,7 +156,8 @@ is $tx->res->version, '1.1', 'right version'; is $tx->res->code, 200, 'right status'; ok !$tx->res->headers->connection, 'no "Connection" value'; -is $tx->res->body, 'works!', 'right content'; +is $tx->res->max_message_size, 2147483648, 'right value'; +is $tx->res->body, 'works!', 'right content'; # Again $tx = $ua->get('/'); @@ -166,12 +167,13 @@ is $tx->res->code, 200, 'right status'; ok !$tx->res->headers->connection, 'no "Connection" value'; is $tx->res->body, 'works!', 'right content'; -$tx = $ua->get('/'); +$tx = $ua->max_response_size(0)->get('/'); ok $tx->success, 'successful'; is $tx->res->version, '1.1', 'right version'; is $tx->res->code, 200, 'right status'; ok !$tx->res->headers->connection, 'no "Connection" value'; -is $tx->res->body, 'works!', 'right content'; +is $tx->res->max_message_size, 0, 'right value'; +is $tx->res->body, 'works!', 'right content'; # Shortcuts for common request methods is $ua->delete('/method')->res->body, 'DELETE', 'right content'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mojolicious-7.22/t/mojolicious/upload_lite_app.t new/Mojolicious-7.23/t/mojolicious/upload_lite_app.t --- old/Mojolicious-7.22/t/mojolicious/upload_lite_app.t 2016-07-19 02:38:18.000000000 +0200 +++ new/Mojolicious-7.23/t/mojolicious/upload_lite_app.t 2017-01-29 22:33:08.000000000 +0100 @@ -9,6 +9,11 @@ use Mojolicious::Lite; use Test::Mojo; +get '/request_size' => sub { + my $c = shift; + $c->render(text => $c->req->max_message_size); +}; + post '/upload' => sub { my $c = shift; my $file = $c->param('file'); @@ -28,6 +33,11 @@ my $t = Test::Mojo->new; +# Request size limit +$t->get_ok('/request_size')->status_is(200)->content_is(16777216); +$t->app->max_request_size(0); +$t->get_ok('/request_size')->status_is(200)->content_is(0); + # Asset and filename my $file = Mojo::Asset::File->new->add_chunk('lalala'); $t->post_ok('/upload' => form =>
