Sha256: a2448e0cc71e61a8ba83bf57ee1a488bd2cdb168abb67c62936a776dc99d3e06

Contents?: true

Size: 1.46 KB

Versions: 27

Compression:

Stored size: 1.46 KB

Contents

# frozen-string-literal: true

# :nocov:
raise LoadError, "disallow_file_uploads plugin not supported on Rack <1.6" if Rack.release < '1.6'
# :nocov:

#
class Roda
  module RodaPlugins
    # The disallow_file_uploads plugin raises a Roda::RodaPlugins::DisallowFileUploads::Error
    # if there is an attempt to upload a file.  This plugin is useful for applications where
    # multipart file uploads are not expected and you want to remove the ability for rack
    # to create temporary files.  Example:
    #
    #   plugin :disallow_file_uploads
    #
    # This plugin is only supported on Rack 1.6+.  This plugin does not technically
    # block users from uploading files, it only blocks the parsing of request bodies containing
    # multipart file uploads.  So if you do not call +r.POST+ (or something that calls it such as
    # +r.params+), then Roda will not attempt to parse the request body, and an exception will not
    # be raised.
    module DisallowFileUploads
      # Exception class used when a multipart file upload is attempted.
      class Error < RodaError; end

      NO_TEMPFILE = lambda{|_,_| raise Error, "Support for uploading files has been disabled"}

      module RequestMethods
        # HTML escape the input and return the escaped version.
        def initialize(_, env)
          env['rack.multipart.tempfile_factory'] = NO_TEMPFILE
          super
        end
      end
    end

    register_plugin(:disallow_file_uploads, DisallowFileUploads)
  end
end

Version data entries

27 entries across 27 versions & 1 rubygems

Version Path
roda-3.59.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.58.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.57.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.56.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.55.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.54.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.53.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.52.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.51.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.50.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.49.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.48.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.47.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.46.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.45.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.44.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.43.1 lib/roda/plugins/disallow_file_uploads.rb
roda-3.43.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.42.0 lib/roda/plugins/disallow_file_uploads.rb
roda-3.41.0 lib/roda/plugins/disallow_file_uploads.rb