Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::View::Mason::Handler - Handler for Mason requests inside of Jifty

SUMMARY

Jifty controls all of the input and output from the Mason templating engine; this means that we cannot use the Mason's standard HTML::Mason::CGIHandler interface to interact with it.

new PARAMHASH

Takes a number of key-value parameters; see HTML::Mason::Params. Defaults the out_method to "out_method", and the request_class to HTML::MAson::request::Jifty (below). Finally, adds h and u escapes, which map to "escape_uri" and escape_utf8 respectively.

out_method

The default output method. Sets the content-type to text/html; charset=utf-8 unless a content type has already been set, and then sends a header if need be.

escape_utf8 SCALARREF

Does a css-busting but minimalist escaping of whatever html you're passing in.

escape_uri SCALARREF

Escapes URI component according to RFC2396

handle_comp COMPONENT

Takes a component path to render. Deals with setting up a global HTML::Mason::FakeApache and Request object, and calling the component.

request_args

The official source for request arguments is from the current Jifty::Request object.

HTML::Mason::Request::Jifty

Subclass of HTML::Mason::Request which is customised for Jifty's use.

auto_send_headers

Doesn't send headers if this is a subrequest (according to the current Jifty::Request).

exec

Actually runs the component; in case no headers have been sent after running the component, and we're supposed to send headers, sends them.

redirect

Calls "redirect" in Jifty::Web.

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)