rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
884 Commits 7 Branches 63 Tags 23 MiB
Commit Graph

23 Commits

Author SHA1 Message Date
Sergio Benitez 23093a33b8 Document 'FromParam' impl for 'Cow<str>'. 2017-09-15 02:47:29 -07:00
Sergio Benitez 5efc4b1096 Rename 'URI' to 'Uri'. 2017-09-14 22:13:07 -07:00
Sergio Benitez f623d92484 Implement 'FromParam' for 'Cow<str>'. 2017-09-14 22:12:54 -07:00
Sergio Benitez 084481a84e Initial implementation of typed URIs. 
This is a breaking change. All Rocket applications using code
generation must now additionally declare usage of the 'decl_macro'
feature.
 2017-09-14 22:10:25 -07:00
adrian5 f66780bd9e Add missing comma in 'FromParam' docs. 2017-08-14 11:49:59 -07:00
Sergio Benitez 0376fb5fe5 Rename 'WeightedMediaType' to 'QMediaType'. More docs. 
This commit nears completion of the 'http' module docs.
 2017-06-22 04:29:59 -07:00
Sergio Benitez f5ec470a7d Use the `RawStr` type for raw parameter strings. 
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
 2017-03-31 00:18:58 -07:00
Sergio Benitez 10306c3b7e Clarify segment handling for '..'. 2017-03-30 18:15:36 -07:00
Sergio Benitez cb21fbf6af Small typo: parse -> parsed. 2017-03-29 21:06:15 -07:00
Sergio Benitez 8f997a2a39 Rewrite some markdown for commonmark. 2017-03-29 19:05:49 -07:00
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls. 
Closes #129.
 2017-01-15 02:05:17 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`. 
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
 2017-01-13 13:25:33 -08:00
Sergio Benitez 12302bcadb Document default FromParam impls. 2016-12-23 02:39:34 -08:00
Sergio Benitez f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez 4f89e232aa HTML escape < in FromParam docs. 2016-12-10 17:41:44 -08:00
Sergio Benitez 470dc7f63c Improve FromParam documentation. 2016-12-10 02:55:25 -08:00
Sergio Benitez c98d047038 Add URI::percent_decoding helper method. Safeguard Pathbuf FromSegments implementation. 2016-11-02 16:55:56 +01:00
Sergio Benitez 639cd425ee Add Debug bound to associated parsing Errors. 2016-10-31 18:31:39 +01:00
Sergio Benitez 11b6158276 Refine request module API docs. 2016-10-24 10:09:50 +02:00
Sergio Benitez 2da43e24f7 Document most of the request module. 2016-10-21 02:56:57 -07:00
Sergio Benitez 647efe15d1 Move uri module into http namespace. 2016-10-03 17:25:27 -07:00
Sergio Benitez 008605bec7 This commit changes parsing traits and documents some of the core library: 
* All From* trait methods are now named like the trait.
  * All From* traits have an associated Error type.
  * Document all of the `form` module.
  * Add codegen tests for auto-derived forms.
  * The param parsing traits now live under Request.
 2016-09-30 01:25:07 -07:00