This commit also changes the signature of the 'ContentType'
'from_extension" method so that it returns an 'Option<ContentType>' as
opposed to 'ContentType'.
This commit also disallows negative quality values in 'Accept' media
types.
This commit changes the 'FromForm' trait in two ways:
1. The singular method is now named 'from_form'.
2. The method takes a second parameter: 'strict: bool'.
The 'strict' parameter is used to specify whether form parsing should
be strict or not (i.e. lenient). When parsing is lenient, extra form
fields do not result in an error. This lenient behavior is used by a
new 'LenientForm' data guard type to request lenient form parsing. The
behavior for 'Form' remains unchanged.
Resolves#242.
Differential and causal profiling determined that 35% of `Hello, world!`
dispatch time was spent rendering `Content-Type` due to many calls to `fmt` in
`MediaType::Display` and an allocation in `ContentType::Into<Header>`. This
change reduces the number of calls to `fmt` to 1 in `MediaType::Display` and
removes the allocation in `Into<Header>` for known media types.
This change also caches a `Rocket` "precheck" so that pre-dispatch checks are
done only a single time for a given `Rocket` instance, further reducing
`MockRequest::dispatch_with` time for "Hello, world!" by roughly 15%.
This commit includes two major changes to core:
1. Configuration state is no longer global. The `config::active()`
function has been removed. The active configuration can be
retrieved via the `config` method on a `Rocket` instance.
2. The `Responder` trait has changed. `Responder::respond(self)` has
been removed in favor of `Responder::respond_to(self, &Request)`.
This allows responders to dynamically adjust their response based
on the incoming request.
Additionally, it includes the following changes to core and codegen:
* The `Request::guard` method was added to allow for simple
retrivial of request guards.
* The `Request::limits` method was added to retrieve configured
limits.
* The `File` `Responder` implementation now uses a fixed size body
instead of a chunked body.
* The `Outcome::of<R: Responder>(R)` method was removed while
`Outcome::from<R: Responder(&Request, R)` was added.
* The unmounted and unmanaged limits are more cautious: they will only
emit warnings when the `Rocket` receiver is known.
This commit includes one major change to contrib:
1. To use contrib's templating, the fairing returned by
`Template::fairing()` must be attached to the running Rocket
instance.
Additionally, the `Display` implementation of `Template` was removed. To
directly render a template to a `String`, the new `Template::show`
method can be used.
This is a breaking change.
This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.
The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
This commit involves several breaking changes:
* `session_key` config param must be a 256-bit base64 encoded string.
* `FromRequest` is implemented for `Cookies`, not `Cookie`.
* Only a single `Cookies` instance can be retrieved at a time.
* `Config::take_session_key` returns a `Vec<u8>`.
* `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.
The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.
The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.
The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.
Resolves#46.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
guard is used without an accompanying `manage` call for `T`.
* The `unmounted_route` lint emits a warning when a route declared via
a Rocket attribute is not mounted via a call to `mount`.
There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.
This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.
The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.
The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.
Closes#134.
