Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::Handler - Methods related to the Mason handler

SYNOPSIS

use Jifty;
Jifty->new();

my $handler = Jifty::Handler->handle_request( cgi => $cgi );

# after each request is handled
Jifty::Handler->cleanup_request;

DESCRIPTION

Jifty::Handler provides methods required to deal with Mason CGI handlers.

new

Create a new Jifty::Handler object. Generally, Jifty.pm does this only once at startup.

create_cache_directories

Attempts to create our app's session storage and mason cache directories.

mason_config

Returns our Mason config. We use the component root specified in the Web/TemplateRoot framework configuration variable (or html by default). Additionally, we set up a jifty component root, as specified by the Web/DefaultTemplateRoot configuration. All interpolations are HTML-escaped by default, and we use the fatal error mode.

cgi

Returns the CGI object for the current request, or undef if there is none.

apache

Returns the HTML::Mason::FakeApache or Apache object for the current request, ot undef if there is none.

handle_request

When your server processs (be it Jifty-internal, FastCGI or anything else) wants to handle a request coming in from the outside world, you should call handle_request.

cgi: A CGI object that your server has already set up and loaded with your request's data.

cleanup_request

Dispatchers should call this at the end of each request, as a class method. It flushes the session to disk, as well as flushing Jifty::DBI's cache.

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)