Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::View::Static::Handler

head1 DESCRIPTION

This class takes care of serving out static files for a Jifty application.

When fully operational, it will use an algorithm along the lines of the following:

* Static files are served out of a separate root * If static files go through apache: * How do we merge together the two static roots? * If static files go through Jifty::Handler * We need a flag to allow them to go through the dispatcher, too * return "True" (304) for if-modified-since unless develmode. * if the browser accepts gzipped data, see if we have a cached gzipped copy if so, send it see if we have a marker indicating that gzip is a lose if so, send uncompressed

   gzip the content
   send the gzipped content
* if the browser doesn't accept gzipped content
   send the content uncompressed

new

Create a new static file handler. Likely, only the Jifty::Handler needs to do this.

handle_request $path

Handle a request for $path. If we can't find a static file of that name, return undef.

client_accepts_gzipped_content

Returns true if it looks like the client accepts gzip encoding. Otherwise, returns false.

file_path $path

Returns the system path for $path, inside the application's static root or, failing that, Jifty's static root. Returns undef if it can't find the file in either path.

mime_type $path

Returns the mime type of the file whose path on disk is $path. Tries to use MIME::Types to guess first. If that fails, it falls back to File::MMagic.

send_file $path $mimetype $compression

Print $path to STDOUT (the client), identified with a mimetype of $mimetype.

If $compression is gzip, gzip the output stream.

send_not_modified

Sends a "304 Not modified" response to the browser, telling it to use a cached copy.

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)