Hello dear esteemed monks,
My toy web framework's documentation explicitly states that it should only accept validated data from remote user, the natural and basic validation method being of course regular expression processing.
However, the path_info parameter is for now accepted as-is - one of my early design mistakes. An application itself is divided into paths (much like in dancer); anything in the URI following the matching part is considered additional input. So the current usage is:
MVC::Neaf->route( "/foo/bar" => sub { my $request = shift; $request->param( name => qr/\w+/ ); # undef unless name is 1+ word + characters $request->path_info(); # oops user input slips through } );
Here any URI that doesn't match any of the configured routes would return a customizable 404 Not Found page. So would a handler that calls die 404; or $request->error(404, %params); at some point.
Now I would like to correct this mistake by adding path_components => qr/.../ parameter to the handler definition and path_components() method to the request object that would return path_info itself, followed by capture groups $1, $2 ... in the validation regexp (if any). If the regexp doesn't match (or wasn't specified), the application would just show a 404 page.
MVC::Neaf->route( "/foo/bar" => sub { my $request = shift; $request->path_components->[0]; # 1+ digits guaranteed }, path_components => qr/\d+/ );
This way only the parts of application that actually need path_info (wiki pages, /calendar/YYYY/MM/DD etc) would get it, while the others would just reply with 404 unless called correctly.
So my questions here are:
1) Does this scheme seem reasonable?
2) What would a be better name for path_components? It's too long and clumsy, but I'll take it if I can't come up with something better.
In reply to Cool uses for path_info by Dallaylaen
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |