/ 
Mojolicious-3.21
⭐ Starred 2674
/ Mojo::Transaction
Security Advisories (10)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojo::Transaction - Transaction base class

SYNOPSIS

package Mojo::Transaction::MyTransaction;
use Mojo::Base 'Mojo::Transaction';

sub client_read  {...}
sub client_write {...}
sub server_read  {...}
sub server_write {...}

DESCRIPTION

Mojo::Transaction is an abstract base class for transactions.

EVENTS

Mojo::Transaction can emit the following events.

connection

$tx->on(connection => sub {
  my ($tx, $connection) = @_;
  ...
});

Emitted when a connection has been assigned to transaction.

finish

$tx->on(finish => sub {
  my $tx = shift;
  ...
});

Emitted when transaction is finished.

resume

$tx->on(resume => sub {
  my $tx = shift;
  ...
});

Emitted when transaction is resumed.

ATTRIBUTES

Mojo::Transaction implements the following attributes.

kept_alive

my $kept_alive = $tx->kept_alive;
$tx            = $tx->kept_alive(1);

Connection has been kept alive.

local_address

my $local_address = $tx->local_address;
$tx               = $tx->local_address($address);

Local interface address.

local_port

my $local_port = $tx->local_port;
$tx            = $tx->local_port($port);

Local interface port.

previous

my $previous = $tx->previous;
$tx          = $tx->previous(Mojo::Transaction->new);

Previous transaction that triggered this followup transaction.

# Path of previous request
say $tx->previous->req->url->path;

remote_address

my $remote_address = $tx->remote_address;
$tx                = $tx->remote_address($address);

Remote interface address.

remote_port

my $remote_port = $tx->remote_port;
$tx             = $tx->remote_port($port);

Remote interface port.

req

my $req = $tx->req;
$tx     = $tx->req(Mojo::Message::Request->new);

HTTP request, defaults to a Mojo::Message::Request object.

res

my $res = $tx->res;
$tx     = $tx->res(Mojo::Message::Response->new);

HTTP response, defaults to a Mojo::Message::Response object.

METHODS

Mojo::Transaction inherits all methods from Mojo::EventEmitter and implements the following new ones.

client_close

$tx->client_close;

Transaction closed.

client_read

$tx->client_read($chunk);

Read and process client data. Meant to be overloaded in a subclass.

client_write

my $chunk = $tx->client_write;

Write client data. Meant to be overloaded in a subclass.

connection

my $connection = $tx->connection;
$tx            = $tx->connection($connection);

Connection identifier or socket.

error

my $message          = $tx->error;
my ($message, $code) = $tx->error;

Parser errors and codes.

is_finished

my $success = $tx->is_finished;

Check if transaction is finished.

is_websocket

my $false = $tx->is_websocket;

False.

is_writing

my $success = $tx->is_writing;

Check if transaction is writing.

resume

$tx = $tx->resume;

Resume transaction.

server_close

$tx->server_close;

Transaction closed.

server_read

$tx->server_read($chunk);

Read and process server data. Meant to be overloaded in a subclass.

server_write

my $chunk = $tx->server_write;

Write server data. Meant to be overloaded in a subclass.

success

my $res = $tx->success;

Returns the Mojo::Message::Response object (res) if transaction was successful or undef otherwise. Connection and parser errors have only a message in error, 400 and 500 responses also a code.

# Sensible exception handling
if (my $res = $tx->success) { say $res->body }
else {
  my ($message, $code) = $tx->error;
  say $code ? "$code response: $message" : "Connection error: $message";
}

Error messages can be accessed with the error method of the transaction object.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicio.us.