lib/restfulness/request.rb in restfulness-0.2.2 vs lib/restfulness/request.rb in restfulness-0.2.3

@@ -16,19 +16,10 @@
     attr_accessor :headers
 
     # Ruby URI object
     attr_reader :uri
 
-    # Path object of the current URL being accessed
-    attr_accessor :path
-
-    # The route, determined from the path, if available!
-    attr_accessor :route
-
-    # Query parameters included in the URL
-    attr_accessor :query
-
     # Raw HTTP body, for POST and PUT requests.
     attr_accessor :body
 
     # Additional useful fields
     attr_accessor :remote_ip, :user_agent
@@ -54,22 +45,33 @@
       # Determine the route from the uri
       @route ||= app.router.route_for(uri.path)
     end
 
     def query
-      @query ||= HashWithIndifferentAccess.new(
-        ::Rack::Utils.parse_nested_query(uri.query)
-      )
+      @query ||= ::Rack::Utils.parse_nested_query(uri.query).with_indifferent_access
     end
 
+    def sanitized_query_string
+      @sanitized_query ||= uri.query ? Sanitizer.sanitize_query_string(uri.query) : ''
+    end
+
     def params
       return @params if @params || body.nil?
       case headers[:content_type]
-      when 'application/json'
-        @params = MultiJson.decode(body)
+        when /application\/json/
+          begin
+            @params = MultiJson.decode(body)
+          rescue MultiJson::LoadError
+            raise HTTPException.new(400)
+          end
       else
         raise HTTPException.new(406)
       end
+    end
+
+    def sanitized_params
+      # Note: this returns nil if #params has not been called
+      @sanitized_params ||= @params ? Sanitizer.sanitize_hash(@params) : nil
     end
 
     [:get, :post, :put, :patch, :delete, :head, :options].each do |m|
       define_method("#{m}?") do
         action == m