instiki/vendor/plugins/erubis-2.6.5/contrib/erubis-run.rb
Jacques Distler a5e08f7bcc Rails_xss Plugin
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00

132 lines
3.3 KiB
Ruby

=begin
= apache/erubis-run.rb
Copyright (C) 2007 Andrew R Jackson <arjackson at acm dot org>
Built from original by Shugo Maeda:
Copyright (C) 2001 Shugo Maeda <shugo@modruby.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WAreqANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WAreqANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTEreqUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
== Overview
Apache::ErubisRun handles eRuby files with erubis
== Example of httpd.conf
RubyRequire apache/erubis-run
<Location /eruby>
SetHandler ruby-object
RubyHandler Apache::ErubisRun.instance
</Location>
=end
require "singleton"
require "tempfile"
require "eruby" # Still needed to bring in a couple useful helper methods
require "erubis"
module Erubis
@@cgi = nil
def self.cgi
return @@cgi
end
def self.cgi=(cgi)
@@cgi = cgi
end
end
module Apache
class ErubisRun
include Singleton
def handler(req)
status = check_request(req)
return status if(status != OK)
filename = req.filename.dup
filename.untaint
erubis = compile(filename)
prerun(req)
begin
run(erubis, filename)
ensure
postrun(req)
end
return OK
end
private
def initialize
@compiler = nil
end
def check_request(req)
if(req.method_number == M_OPTIONS)
req.allowed |= (1 << M_GET)
req.allowed |= (1 << M_POST)
return DECLINED
end
if(req.finfo.mode == 0)
return NOT_FOUND
end
return OK
end
def compile(filename)
@compiler = Erubis::Eruby.load_file(filename) # use caching version as much as possible
return @compiler
end
def prerun(req)
Erubis.cgi = nil
req.setup_cgi_env
Apache.chdir_file(req.filename)
end
def run(erubis, filename)
binding = eval_string_wrap("binding")
puts erubis.result(binding) # eval the code in the context of the same binding ERuby uses
end
def postrun(req)
if(cgi = Erubis.cgi)
# TODO: pull the content type header from the cgi object, if set there?
elsif(req.sync_output or req.sync_header)
# Do nothing: header has already been sent
else
unless(req.content_type)
req.content_type = format("text/html;")
end
req.send_http_header
end
end
end
end