Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::Action::Record -- An action tied to a record in the database.

DESCRIPTION

Represents a web-based action that is a create, update, or delete of a Jifty::Record object. This automatically populates the arguments method of Jifty::Action so that you don't need to bother. To actually use this class, you probably want to inherit from one of Jifty::Action::Record::Create, Jifty::Action::Record::Update, or Jifty::Action::Record::Delete and override the record_class method.

METHODS

record

Access to the underlying Jifty::Record object for this action is through the record accessor.

record_class

This method can either be overridden to return a string specifying the name of the record class, or the name of the class can be passed to the constructor.

new PARAMHASH

Construct a new Jifty::Action::Record (as mentioned in Jifty::Action, this should only be called by framework->new_action. The record value, if provided in the PARAMHASH, will be used to load the "record"; otherwise, the parimary keys will be loaded from the action's argument values, and the "record" loaded from those primary keys.

arguments

Overrides the "arguments" in Jifty::Action method, to automatically provide a form field for every writable attribute of the underlying "record".

possible_fields

Returns the list of fields on the object that the action can update. This defaults to only the writable fields of the object.

_canonicalize_date DATE

Parses and returns the date using Time::ParseDate.

take_action

Throws an error unless it is overridden; use Jifty::Action::Record::Create, ::Update, or ::Delete

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)