Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
remove support for validating file uploads again
  • Loading branch information
kraih committed Jun 26, 2015
1 parent 488e3c2 commit 260db33
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 102 deletions.
2 changes: 0 additions & 2 deletions Changes
@@ -1,7 +1,5 @@

6.13 2015-06-26
- Added support for validating file uploads.
- Added upload check to Mojolicious::Validator.

6.12 2015-06-18
- Welcome to the Mojolicious core team Dan Book.
Expand Down
16 changes: 5 additions & 11 deletions lib/Mojolicious/Controller.pm
Expand Up @@ -341,7 +341,6 @@ sub validation {
my $header = $req->headers->header('X-CSRF-Token');
my $hash = $req->params->to_hash;
$hash->{csrf_token} //= $header if $token && $header;
$hash->{$_} = $req->every_upload($_) for map { $_->name } @{$req->uploads};
my $validation = $self->app->validator->validation->input($hash);
return $stash->{'mojo.validation'} = $validation->csrf_token($token);
}
Expand Down Expand Up @@ -917,22 +916,17 @@ to inherit query parameters from the current request.
my $validation = $c->validation;
Get L<Mojolicious::Validator::Validation> object for current request to
validate file uploads as well as C<GET> and C<POST> parameters extracted from
the query string and C<application/x-www-form-urlencoded> or
C<multipart/form-data> message body. Parts of the request body need to be loaded
into memory to parse C<POST> parameters, so you have to make sure it is not
excessively large, there's a 16MB limit by default.
validate C<GET> and C<POST> parameters extracted from the query string and
C<application/x-www-form-urlencoded> or C<multipart/form-data> message body.
Parts of the request body need to be loaded into memory to parse C<POST>
parameters, so you have to make sure it is not excessively large, there's a 16MB
limit by default.
# Validate GET/POST parameter
my $validation = $c->validation;
$validation->required('title')->size(3, 50);
my $title = $validation->param('title');
# Validate file upload
my $validation = $c->validation;
$validation->required('tarball')->upload->size(1, 1048576);
my $tarball = $validation->param('tarball');
=head2 write
$c = $c->write;
Expand Down
29 changes: 8 additions & 21 deletions lib/Mojolicious/Validator.pm
Expand Up @@ -4,13 +4,7 @@ use Mojo::Base -base;
use Mojolicious::Validator::Validation;

has checks => sub {
{
equal_to => \&_equal_to,
in => \&_in,
like => sub { $_[2] !~ $_[3] },
size => \&_size,
upload => sub { !ref $_[2] || !$_[2]->isa('Mojo::Upload') }
};
{equal_to => \&_equal_to, in => \&_in, like => \&_like, size => \&_size};
};

sub add_check { $_[0]->checks->{$_[1]} = $_[2] and return $_[0] }
Expand All @@ -31,9 +25,11 @@ sub _in {
return 1;
}

sub _like { $_[2] !~ $_[3] }

sub _size {
my ($validation, $name, $value, $min, $max) = @_;
my $len = ref $value ? $value->size : length $value;
my $len = length $value;
return $len < $min || $len > $max;
}

Expand Down Expand Up @@ -67,35 +63,26 @@ These validation checks are available by default.
$validation = $validation->equal_to('foo');
Value needs to be equal to the value of another field. Note that this check does
not work with file uploads for security reasons.
Value needs to be equal to the value of another field.
=head2 in
$validation = $validation->in(qw(foo bar baz));
Value needs to match one of the values in the list. Note that this check does
not work with file uploads for security reasons.
Value needs to match one of the values in the list.
=head2 like
$validation = $validation->like(qr/^[A-Z]/);
Value needs to match the regular expression. Note that this check does not work
with file uploads for security reasons.
Value needs to match the regular expression.
=head2 size
$validation = $validation->size(2, 5);
Value length needs to be between these two values.
=head2 upload
$validation = $validation->upload;
Value needs to be a L<Mojo::Upload> object, representing a file upload.
=head1 ATTRIBUTES
L<Mojolicious::Validator> implements the following attributes.
Expand All @@ -106,7 +93,7 @@ L<Mojolicious::Validator> implements the following attributes.
$validator = $validator->checks({size => sub {...}});
Registered validation checks, by default only L</"equal_to">, L</"in">,
L</"like">, L</"size"> and L</"upload"> are already defined.
L</"like"> and L</"size"> are already defined.
=head1 METHODS
Expand Down
68 changes: 0 additions & 68 deletions t/mojolicious/validation_lite_app.t
Expand Up @@ -3,7 +3,6 @@ use Mojo::Base -strict;
BEGIN { $ENV{MOJO_REACTOR} = 'Mojo::Reactor::Poll' }

use Test::More;
use Mojo::Upload;
use Mojolicious::Lite;
use Test::Mojo;

Expand All @@ -22,13 +21,6 @@ any '/' => sub {
$validation->optional('yada')->two;
} => 'index';

any '/upload' => sub {
my $c = shift;
my $validation = $c->validation;
return $c->render unless $validation->has_data;
$validation->required('foo')->upload;
};

any '/forgery' => sub {
my $c = shift;
my $validation = $c->validation;
Expand Down Expand Up @@ -81,23 +73,6 @@ ok $validation->has_error, 'has error';
is_deeply $validation->error('yada'), [qw(equal_to 1 foo)], 'right error';
is_deeply $validation->failed, [qw(baz yada)], 'right names';

# Upload
$validation = $t->app->validation->input(
{
foo => Mojo::Upload->new,
bar => [Mojo::Upload->new, Mojo::Upload->new],
baz => [Mojo::Upload->new, 'test']
}
);
ok $validation->required('foo')->upload->is_valid, 'valid';
ok $validation->required('bar')->upload->is_valid, 'valid';
ok $validation->required('baz')->is_valid, 'valid';
ok !$validation->has_error, 'no error';
ok !$validation->upload->is_valid, 'not valid';
ok $validation->has_error, 'has error';
is_deeply $validation->error('baz'), [qw(upload 1)], 'right error';
is_deeply $validation->failed, ['baz'], 'right names';

# In
$validation = $t->app->validation->input(
{foo => [qw(bar whatever)], baz => [qw(yada ohoh)]});
Expand Down Expand Up @@ -140,20 +115,6 @@ is_deeply $validation->output, {foo => 'bar'}, 'right result';
ok $validation->has_error, 'has error';
is_deeply $validation->error('yada'), [qw(size 1 5 10)], 'right error';

# Upload size
$validation = $t->app->validation->input(
{
foo => [Mojo::Upload->new->tap(sub { $_->asset->add_chunk('valid') })],
bar => [Mojo::Upload->new->tap(sub { $_->asset->add_chunk('not valid') })]
}
);
ok $validation->required('foo')->upload->size(1, 6)->is_valid, 'valid';
ok !$validation->has_error, 'no error';
ok !$validation->required('bar')->upload->size(1, 6)->is_valid, 'not valid';
ok $validation->has_error, 'has error';
is_deeply $validation->error('bar'), [qw(size 1 1 6)], 'right error';
is_deeply $validation->failed, ['bar'], 'right names';

# Multiple empty values
$validation = $t->app->validation;
ok !$validation->has_data, 'no data';
Expand Down Expand Up @@ -234,29 +195,6 @@ $t->post_ok('/' => form => {foo => 'no'})->status_is(200)
->element_count_is('.field-with-error', 2)
->element_count_is('.field-with-error', 2, 'with description');

# Successful file upload
$t->post_ok(
'/upload' => form => {foo => {content => 'bar', filename => 'test.txt'}})
->element_exists_not('.field-with-error');

# Successful file upload (multiple files)
$t->post_ok(
'/upload' => form => {
foo => [
{content => 'One', filename => 'one.txt'},
{content => 'Two', filename => 'two.txt'}
]
}
)->element_exists_not('.field-with-error');

# Failed file upload
$t->post_ok('/upload' => form => {foo => 'bar'})
->element_exists('.field-with-error');

# Failed file upload (multiple files)
$t->post_ok('/upload' => form => {foo => ['one', 'two']})
->element_exists('.field-with-error');

# Missing CSRF token
$t->get_ok('/forgery' => form => {foo => 'bar'})->status_is(200)
->content_like(qr/Wrong or missing CSRF token!/)
Expand Down Expand Up @@ -330,12 +268,6 @@ __DATA__
%= password_field 'yada'
% end
@@ upload.html.ep
%= form_for upload => begin
%= file_field 'foo'
%= submit_button
% end
@@ forgery.html.ep
%= form_for forgery => begin
%= 'Wrong or missing CSRF token!' if validation->has_error('csrf_token')
Expand Down

0 comments on commit 260db33

Please sign in to comment.