replaced protection from excessively large form values in Mojo::Messa…

…ge with documentation
mojolicious · Mar 3, 2012 · a24444e · a24444e
1 parent 8d27072
commit a24444e
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 17 deletions.
diff --git a/Changes b/Changes
@@ -1,6 +1,8 @@
 This file documents the revision history for Perl extension Mojolicious.
 
 2.57    2012-03-03 00:00:00
+        - Replaced protection from excessively large form values in
+          Mojo::Message with documentation.
         - Improved documentation.
 
 2.56    2012-03-01 00:00:00

diff --git a/lib/Mojo/Message.pm b/lib/Mojo/Message.pm
@@ -76,9 +76,7 @@ sub body_params {
   # "x-application-urlencoded" and "application/x-www-form-urlencoded"
   my $type = $self->headers->content_type || '';
   if ($type =~ m#(?:x-application|application/x-www-form)-urlencoded#i) {
-    my $asset = $self->content->asset;
-    return $params if $asset->is_file;
-    $params->parse($asset->slurp);
+    $params->parse($self->content->asset->slurp);
   }
 
   # "multipart/formdata"
@@ -481,9 +479,7 @@ sub _parse_formdata {
 
     # Form value
     unless (defined $filename) {
-      my $asset = $part->asset;
-      next if $asset->is_file;
-      $value = $asset->slurp;
+      $value = $part->asset->slurp;
       $value = decode($charset, $value) // $value
         if $charset && !$part->headers->content_transfer_encoding;
     }
@@ -585,7 +581,10 @@ to L<Mojo::JSON>.
   $message = $message->max_message_size(1024);
 
 Maximum message size in bytes, defaults to the value of the
-C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<5242880>.
+C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<5242880>. Increasing this
+value can also drastically increase memory usage, should you for example
+attempt to parse an excessively large message body with C<body_params>,
+C<dom> or C<json>.
 
 =head2 C<version>
 
@@ -624,8 +623,7 @@ Access C<content> data or replace all subscribers of the C<read> event.
 
 C<POST> parameters extracted from C<x-application-urlencoded>,
 C<application/x-www-form-urlencoded> or C<multipart/form-data> message body,
-usually a L<Mojo::Parameters> object. For security reasons only data that
-does not exceed L<Mojo::Asset::Memory/"max_memory_size"> will be parsed.
+usually a L<Mojo::Parameters> object.
 
   say $message->body_params->param('foo');
 

diff --git a/t/mojo/request.t b/t/mojo/request.t
@@ -2,7 +2,7 @@ use Mojo::Base -strict;
 
 use utf8;
 
-use Test::More tests => 962;
+use Test::More tests => 966;
 
 # "When will I learn?
 #  The answer to life's problems aren't at the bottom of a bottle,
@@ -605,6 +605,7 @@ ok !$req->at_least_version('1.2'), 'not version 1.2';
 is $req->url, '/foo/bar/baz.html?foo=13#23', 'right URL';
 is $req->headers->content_type,
   'x-application-urlencoded', 'right "Content-Type" value';
+ok !$req->content->asset->is_file, 'stored in memory';
 is $req->content->asset->size, 26, 'right size';
 is $req->content->asset->slurp, 'foo=bar& tset=23+;&foo=bar', 'right content';
 is $req->body_params, 'foo=bar&+tset=23+&foo=bar', 'right parameters';
@@ -627,12 +628,13 @@ ok !$req->at_least_version('1.2'), 'not version 1.2';
 is $req->url, '/foo/bar/baz.html?foo=13#23', 'right URL';
 is $req->headers->content_type,
   'x-application-urlencoded', 'right "Content-Type" value';
+ok $req->content->asset->is_file, 'stored in file';
 is $req->content->asset->size, 26, 'right size';
 is $req->content->asset->slurp, 'foo=bar& tset=23+;&foo=bar', 'right content';
-is $req->body_params, '', 'no parameters';
-is $req->body_params->to_hash->{foo}, undef, 'no values';
-is $req->body_params->to_hash->{' tset'}, undef, 'no value';
-is $req->params->to_hash->{foo}, 13, 'right values';
+is $req->body_params, 'foo=bar&+tset=23+&foo=bar', 'right parameters';
+is_deeply $req->body_params->to_hash->{foo}, [qw/bar bar/], 'right values';
+is $req->body_params->to_hash->{' tset'}, '23 ', 'right value';
+is_deeply $req->params->to_hash->{foo}, [qw/bar bar 13/], 'right values';
 
 # Parse HTTP 1.1 "application/x-www-form-urlencoded"
 $req = Mojo::Message::Request->new;
@@ -808,6 +810,7 @@ is $req->headers->content_length, 418, 'right "Content-Type" value';
 isa_ok $req->content->parts->[0], 'Mojo::Content::Single', 'right part';
 isa_ok $req->content->parts->[1], 'Mojo::Content::Single', 'right part';
 isa_ok $req->content->parts->[2], 'Mojo::Content::Single', 'right part';
+ok !$req->content->parts->[0]->asset->is_file, 'stored in memory';
 is $req->content->parts->[0]->asset->slurp, "hallo welt test123\n",
   'right content';
 is $req->body_params->to_hash->{text1}, "hallo welt test123\n", 'right value';
@@ -872,10 +875,11 @@ is $req->headers->content_length, 418, 'right "Content-Type" value';
 isa_ok $req->content->parts->[0], 'Mojo::Content::Single', 'right part';
 isa_ok $req->content->parts->[1], 'Mojo::Content::Single', 'right part';
 isa_ok $req->content->parts->[2], 'Mojo::Content::Single', 'right part';
-is $req->content->parts->[0]->asset->slurp, "hallo welt test123\n",
+ok $req->content->parts->[0]->asset->is_file, 'stored in file';
+is $req->content->parts->[0]->asset->slurp,   "hallo welt test123\n",
   'right content';
-is $req->body_params->to_hash->{text1}, undef, 'no value';
-is $req->body_params->to_hash->{text2}, '',    'right value';
+is $req->body_params->to_hash->{text1}, "hallo welt test123\n", 'right value';
+is $req->body_params->to_hash->{text2}, '', 'right value';
 is $req->upload('upload')->filename,  'hello.pl',          'right filename';
 isa_ok $req->upload('upload')->asset, 'Mojo::Asset::File', 'right file';
 is $req->upload('upload')->asset->size, 69, 'right size';