/ 
Mojolicious-2.21
⭐ Starred 2674
/ Mojo::Transaction
Security Advisories (10)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojo::Transaction - Transaction base class

SYNOPSIS

use Mojo::Base 'Mojo::Transaction';

DESCRIPTION

Mojo::Transaction is an abstract base class for transactions.

EVENTS

Mojo::Transaction can emit the following events.

finish

$tx->on(finish => sub {
  my $tx = shift;
});

Emitted when a transaction is finished.

resume

$tx->on(resume => sub {
  my $tx = shift;
});

Emitted when a transaction is resumed.

ATTRIBUTES

Mojo::Transaction implements the following attributes.

connection

my $connection = $tx->connection;
$tx            = $tx->connection($connection);

Connection identifier or socket.

kept_alive

my $kept_alive = $tx->kept_alive;
$tx            = $tx->kept_alive(1);

Connection has been kept alive.

local_address

my $local_address = $tx->local_address;
$tx               = $tx->local_address($address);

Local interface address.

local_port

my $local_port = $tx->local_port;
$tx            = $tx->local_port($port);

Local interface port.

previous

my $previous = $tx->previous;
$tx          = $tx->previous(Mojo::Transaction->new);

Previous transaction that triggered this followup transaction.

remote_address

my $remote_address = $tx->remote_address;
$tx                = $tx->remote_address($address);

Remote interface address.

remote_port

my $remote_port = $tx->remote_port;
$tx             = $tx->remote_port($port);

Remote interface port.

METHODS

Mojo::Transaction inherits all methods from Mojo::EventEmitter and implements the following new ones.

client_close

$tx->client_close;

Transaction closed.

client_read

$tx->client_read($chunk);

Read and process client data.

client_write

my $chunk = $tx->client_write;

Write client data.

error

my $message          = $message->error;
my ($message, $code) = $message->error;

Parser errors and codes.

is_finished

my $success = $tx->is_finished;

Check if transaction is finished.

is_websocket

my $false = $tx->is_websocket;

False.

is_writing

my $success = $tx->is_writing;

Check if transaction is writing.

req

my $req = $tx->req;

Transaction request, usually a Mojo::Message::Request object.

res

my $res = $tx->res;

Transaction response, usually a Mojo::Message::Response object.

resume

$tx = $tx->resume;

Resume transaction.

server_close

$tx->server_close;

Transaction closed.

server_read

$tx->server_read($chunk);

Read and process server data.

server_write

my $chunk = $tx->server_write;

Write server data.

success

my $res = $tx->success;

Returns the Mojo::Message::Response object (res) if transaction was successful or undef otherwise. Connection and parser errors have only a message in error, 400 and 500 responses also a code.

if (my $res = $tx->success) {
  say $res->body;
}
else {
  my ($message, $code) = $tx->error;
  if ($code) {
    say "$code $message response.";
  }
  else {
    say "Connection error: $message";
  }
}

Error messages can be accessed with the error method of the transaction object.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicio.us.