replaced multi_* prefix with all_*

mojolicious · Oct 7, 2014 · c05afdd · c05afdd
1 parent c96b549
commit c05afdd
Show file tree

Hide file tree

Showing 19 changed files with 224 additions and 187 deletions.
diff --git a/Changes b/Changes
@@ -1,5 +1,13 @@
 
 5.48  2014-10-07
+  - Emergency release for a critical security issue that can result in
+    parameter injection attacks, everybody should update!
+  - Added all_cookies and all_uploads methods to Mojo::Message.
+  - Added all_params method to Mojo::Message::Request.
+  - Added all_params method to Mojo::Parameters.
+  - Added all_cookies, all_params and all_signed_cookies methods to
+    Mojolicious::Controller.
+  - Added all_params method to Mojolicious::Validator::Validation.
   - Added from_json and to_json functions to Mojo::JSON.
   - Improved pluck method in Mojo::Collection to be able to extract values
     from hash references.

diff --git a/lib/Mojo/Message.pm b/lib/Mojo/Message.pm
@@ -17,6 +17,9 @@ has max_line_size    => sub { $ENV{MOJO_MAX_LINE_SIZE} || 10240 };
 has max_message_size => sub { $ENV{MOJO_MAX_MESSAGE_SIZE} // 10485760 };
 has version          => '1.1';
 
+sub all_cookies { shift->_cache('cookie', 1, @_) }
+sub all_uploads { shift->_cache('upload', 1, @_) }
+
 sub body {
   my $self = shift;
 
@@ -139,9 +142,6 @@ sub json {
   return $pointer ? Mojo::JSON::Pointer->new($data)->get($pointer) : $data;
 }
 
-sub multi_cookie { shift->_cache('cookie', 1, @_) }
-sub multi_upload { shift->_cache('upload', 1, @_) }
-
 sub parse {
   my ($self, $chunk) = @_;
 
@@ -409,6 +409,30 @@ HTTP version of message, defaults to C<1.1>.
 L<Mojo::Message> inherits all methods from L<Mojo::EventEmitter> and
 implements the following new ones.
 
+=head2 all_cookies
+
+  my $cookies = $msg->all_cookies('foo');
+
+Access all message cookies with the same name, usually
+L<Mojo::Cookie::Request> or L<Mojo::Cookie::Response> objects. To access only
+one cookie you can also use L</"cookie">. Note that this method caches all
+data, so it should not be called before all headers have been received.
+
+  # Get first cookie value
+  say $msg->all_cookies('foo')->[0]->value;
+
+=head2 all_uploads
+
+  my $uploads = $msg->all_uploads('foo');
+
+Access all C<multipart/form-data> file uploads with the same name, usually
+L<Mojo::Upload> objects. To access only one upload you can also use
+L</"upload">. Note that this method caches all data, so it should not be
+called before the entire message body has been received.
+
+  # Get content of first uploaded file
+  say $msg->all_uploads('foo')->[0]->asset->slurp;
+
 =head2 body
 
   my $bytes = $msg->body;
@@ -457,12 +481,13 @@ Render start line.
 
 =head2 cookie
 
-  my $value       = $msg->cookie('foo');
+  my $cookie      = $msg->cookie('foo');
   my ($foo, $bar) = $msg->cookie(['foo', 'bar']);
 
 Access message cookies, usually L<Mojo::Cookie::Request> or
-L<Mojo::Cookie::Response> objects. Note that this method caches all data, so
-it should not be called before all headers have been received.
+L<Mojo::Cookie::Response> objects. To access more than one cookie you can also
+use L</"all_cookies">. Note that this method caches all data, so it should not
+be called before all headers have been received.
 
   # Get cookie value
   say $msg->cookie('foo')->value;
@@ -578,15 +603,6 @@ sure it is not excessively large, there's a 10MB limit by default.
   say $msg->json->{foo}{bar}[23];
   say $msg->json('/foo/bar/23');
 
-=head2 multi_cookie
-
-  my $values = $msg->multi_cookie('foo');
-
-Access multiple message cookies with the same name, usually
-L<Mojo::Cookie::Request> or L<Mojo::Cookie::Response> objects. Note that this
-method caches all data, so it should not be called before all headers have
-been received.
-
 =head2 parse
 
   $msg = $msg->parse('HTTP/1.1 200 OK...');
@@ -614,24 +630,17 @@ Render whole message.
 
 =head2 upload
 
-  my $value       = $msg->upload('foo');
+  my $upload      = $msg->upload('foo');
   my ($foo, $bar) = $msg->upload(['foo', 'bar']);
 
 Access C<multipart/form-data> file uploads, usually L<Mojo::Upload> objects.
-Note that this method caches all data, so it should not be called before the
-entire message body has been received.
+To access more than one upload you can also use L</"all_uploads">. Note that
+this method caches all data, so it should not be called before the entire
+message body has been received.
 
   # Get content of uploaded file
   say $msg->upload('foo')->asset->slurp;
 
-=head2 multi_upload
-
-  my $values = $msg->multi_upload('foo');
-
-Access multiple C<multipart/form-data> file uploads with the same name,
-usually L<Mojo::Upload> objects. Note that this method caches all data, so it
-should not be called before the entire message body has been received.
-
 =head2 uploads
 
   my $uploads = $msg->uploads;

diff --git a/lib/Mojo/Message/Request.pm b/lib/Mojo/Message/Request.pm
@@ -16,6 +16,8 @@ my $START_LINE_RE = qr/
   \s+HTTP\/(\d\.\d)$                                        # Version
 /x;
 
+sub all_params { shift->params->all_params(@_) }
+
 sub clone {
   my $self = shift;
 
@@ -126,8 +128,6 @@ sub is_xhr {
   (shift->headers->header('X-Requested-With') // '') =~ /XMLHttpRequest/i;
 }
 
-sub multi_param { shift->params->multi_param(@_) }
-
 sub param { shift->params->param(@_) }
 
 sub params {
@@ -339,6 +339,21 @@ Request has been performed through a reverse proxy.
 L<Mojo::Message::Request> inherits all methods from L<Mojo::Message> and
 implements the following new ones.
 
+=head2 all_params
+
+  my $values = $req->all_params('foo');
+
+Access all C<GET> and C<POST> parameters with the same name extracted from the
+query string and C<application/x-www-form-urlencoded> or
+C<multipart/form-data> message body. To access only one value you can also use
+L</"param">. Note that this method caches all data, so it should not be called
+before the entire request body has been received. Parts of the request body
+need to be loaded into memory to parse C<POST> parameters, so you have to make
+sure it is not excessively large, there's a 10MB limit by default.
+
+  # Get first value
+  say $req->all_params('foo')->[0];
+
 =head2 clone
 
   my $clone = $req->clone;
@@ -389,18 +404,6 @@ Check if connection is secure.
 
 Check C<X-Requested-With> header for C<XMLHttpRequest> value.
 
-=head2 multi_param
-
-  my $values = $req->multi_param('foo');
-
-Access multiple C<GET> and C<POST> parameters with the same name extracted
-from the query string and C<application/x-www-form-urlencoded> or
-C<multipart/form-data> message body. Note that this method caches all data, so
-it should not be called before the entire request body has been received.
-Parts of the request body need to be loaded into memory to parse C<POST>
-parameters, so you have to make sure it is not excessively large, there's a
-10MB limit by default.
-
 =head2 param
 
   my @names       = $req->param;
@@ -409,10 +412,11 @@ parameters, so you have to make sure it is not excessively large, there's a
 
 Access C<GET> and C<POST> parameters extracted from the query string and
 C<application/x-www-form-urlencoded> or C<multipart/form-data> message body.
-Note that this method caches all data, so it should not be called before the
-entire request body has been received. Parts of the request body need to be
-loaded into memory to parse C<POST> parameters, so you have to make sure it is
-not excessively large, there's a 10MB limit by default.
+To access more than one value you can also use L</"all_params">. Note that
+this method caches all data, so it should not be called before the entire
+request body has been received. Parts of the request body need to be loaded
+into memory to parse C<POST> parameters, so you have to make sure it is not
+excessively large, there's a 10MB limit by default.
 
 =head2 params
 

diff --git a/lib/Mojo/Parameters.pm b/lib/Mojo/Parameters.pm
@@ -10,6 +10,8 @@ use Mojo::Util qw(decode encode url_escape url_unescape);
 
 has charset => 'UTF-8';
 
+sub all_params { shift->_param(@_) }
+
 sub append {
   my $self = shift;
 
@@ -43,8 +45,6 @@ sub merge {
   return $self;
 }
 
-sub multi_param { shift->_param(@_) }
-
 sub new { @_ > 1 ? shift->SUPER::new->parse(@_) : shift->SUPER::new }
 
 sub param {
@@ -229,6 +229,16 @@ Charset used for encoding and decoding parameters, defaults to C<UTF-8>.
 L<Mojo::Parameters> inherits all methods from L<Mojo::Base> and implements the
 following new ones.
 
+=head2 all_params
+
+  my $values = $params->all_params('foo');
+
+Access all parameter values with the same name. To access only one value you
+can also use L</"param">. Note that this method will normalize the parameters.
+
+  # Get first value
+  say $params->all_params('foo')->[0];
+
 =head2 append
 
   $params = $params->append(foo => 'ba&r');
@@ -259,13 +269,6 @@ Clone parameters.
 Merge L<Mojo::Parameters> objects. Note that this method will normalize the
 parameters.
 
-=head2 multi_param
-
-  my $values = $params->multi_param('foo');
-
-Check multiple parameter values with the same name. Note that this method will
-normalize the parameters.
-
 =head2 new
 
   my $params = Mojo::Parameters->new;
@@ -286,8 +289,8 @@ necessary.
   $params         = $params->param(foo => qw(ba&r baz));
   $params         = $params->param(foo => ['ba;r', 'baz']);
 
-Check and replace parameter values. Note that this method will normalize the
-parameters.
+Access parameter values. To access more than one value you can also use
+L</"all_params">. Note that this method will normalize the parameters.
 
 =head2 params
 

diff --git a/lib/Mojolicious.pm b/lib/Mojolicious.pm
@@ -158,12 +158,11 @@ sub new {
   my $r = $self->routes->namespaces(["@{[ref $self]}::Controller", ref $self]);
 
   # Hide controller attributes/methods and "handler"
-  $r->hide(qw(app continue cookie finish flash handler helpers match));
-  $r->hide(qw(multi_cookie multi_param multi_signed_cookie on param));
-  $r->hide(qw(redirect_to render render_exception render_later render_maybe));
-  $r->hide(qw(render_not_found render_to_string rendered req res respond_to));
-  $r->hide(qw(send session signed_cookie stash tx url_for validation write));
-  $r->hide(qw(write_chunk));
+  $r->hide(qw(all_cookies all_params all_signed_cookies app continue cookie));
+  $r->hide(qw(finish flash handler helpers match on param redirect_to render));
+  $r->hide(qw(render_exception render_later render_maybe render_not_found));
+  $r->hide(qw(render_to_string rendered req res respond_to send session));
+  $r->hide(qw(signed_cookie stash tx url_for validation write write_chunk));
 
   # DEPRECATED in Tiger Face!
   $r->hide('render_static');