/ 
Jifty-0.51228
/ Jifty::Handler
Security Advisories (4)
CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

NAME

Jifty::Handler - Methods related to the Mason handler

SYNOPSIS

use Jifty::Handler;

my $cgihandler = HTML::Mason::CGIHandler->new( Jifty::Handler->mason_config );

# after each request is handled
Jifty::Handler->cleanup_request;

DESCRIPTION

Jifty::Handler provides methods required to deal with Mason CGI handlers. Note that at this time there are no objects with Jifty::Handler as a class.

mason_config

Returns our Mason config. We use Jifty::MasonInterp as our Mason interpreter, and have a component root as specified in the Web/TemplateRoot framework configuration variable (or html by default). Additionally, we set up a jifty component root, as specified by the Web/DefaultTemplateRoot configuration. All interpolations are HTML-escaped by default, and we use the fatal error mode.

cleanup_request

Dispatchers should call this at the end of each request, as a class method. It flushes the session to disk, as well as flushing Jifty::DBI's cache.