Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::Plugin - Describes a plugin to the Jifty framework

DESCRIPTION

Plugins are like mini-apps. They come in packages with share directories which provide static and template files; they provide actions; they have dispatcher rules. To create the skeleton of a new plugin, you can use the command: jifty plugin --name SomePlugin

To use a plugin in your Jifty application, find the Plugins: line in the config.yml file:

Plugins:
  - SpiffyThing: {}
  - SomePlugin:
      arguments: to
      the: constructor

The dispatcher for a plugin should live in Jifty::Plugin::name::Disptcher; it is written like any other Jifty::Dispatcher. Plugin dispatcher rules are checked before the application's rules; however, see "Plugins and rule ordering" in Jifty::Dispatcher for how to manually specify exceptions to this.

Actions and models under a plugin's namespace are automatically discovered and made available to applications.

new

Sets up a new instance of this plugin. This is called by Jifty after reading the configuration file, and is supplied whatever plugin-specific settings were in the config file. Note that because plugins affect Mason's component roots, adding plugins during runtime is not supported.

init [ARGS]

Called by "new", this does any custom configuration that the plugin might need. It is passed the same parameters as "new", gleaned from the configuration file.

new_request

Called right before every request. By default, this adds the plugin's actions to the list of allowed actions, using "allow" in Jifty::API.

template_root

Returns the root of the template directory for this plugin

static_root

Returns the root of the static directory for this plugin

dispatcher

Returns the classname of the dispatcher class for this plugin

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)