* The `unmanaged_state` lint emits a warning when a `State<T>` request
guard is used without an accompanying `manage` call for `T`.
* The `unmounted_route` lint emits a warning when a route declared via
a Rocket attribute is not mounted via a call to `mount`.
There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.
This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.
The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.
The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.
Closes#134.
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.
Summary of changes:
* `Responder::response` no longer takes in `FreshHyperResponse`.
Instead, it returns a new `Response` type.
* The new `Response` type now encapsulates a full HTTP response. As a
result, `Responder`s now return it.
* The `Handler` type now returns an `Outcome` directly.
* The `ErrorHandler` returns a `Result`. It can no longer forward,
which made no sense previously.
* `Stream` accepts a chunked size parameter.
* `StatusCode` removed in favor of new `Status` type.
* `ContentType` significantly modified.
* New, lightweight `Header` type that plays nicely with `Response`.
This commit includes the following important API changes:
* The `form` route parameter has been removed.
* The `data` route parameter has been added.
* Forms are not handled via the `data` parameter and `Form` type.
* Removed the `data` parameter from `Request`.
* Added `FromData` conversion trate and default implementation.
* Added `DataOutcome` enum, which is the return type of `from_data`.
* 'FromData' is now used to automatically derive the `data` parameter.
* Moved `form` into `request` module.
* Removed `Failure::new` in favor of direct value construction.
This commit includes the following important package additions:
* Added a 'raw_upload' example.
* `manual_routes` example uses `Data` parameter.
* Now building and running tests with `--all-features` flag.
* All exmaples have been updated to latest API.
* Now using upstream Tera.
This commit includes the following important fixes:
* Any valid ident is now allowed in single-parameter route parameters.
* Lifetimes are now properly stripped in code generation.
* `FromForm` derive now works on empty structs.
Sergio Benitez
Josh Holmer