packages feed

yesod-core 1.4.37.2 → 1.4.37.3

raw patch · 6 files changed

+35/−7 lines, 6 filesPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

API changes (from Hackage documentation)

- Yesod.Core.Handler: instance (key ~ Data.Text.Internal.Text, val ~ Data.Text.Internal.Text) => Yesod.Core.Handler.RedirectUrl master (Yesod.Routes.Class.Route master, Data.Map.Base.Map key val)
+ Yesod.Core.Handler: instance (key ~ Data.Text.Internal.Text, val ~ Data.Text.Internal.Text) => Yesod.Core.Handler.RedirectUrl master (Yesod.Routes.Class.Route master, Data.Map.Internal.Map key val)
+ Yesod.Core.Json: infixr 8 .=
- Yesod.Core: class MonadResource m => MonadHandler m where type HandlerSite m where {
+ Yesod.Core: class MonadResource m => MonadHandler m where {
- Yesod.Core: class Eq (Route a) => RenderRoute a where data Route a where {
+ Yesod.Core: class Eq (Route a) => RenderRoute a where {
- Yesod.Core: class RenderRoute site => Yesod site where approot = ApprootRelative errorHandler = defaultErrorHandler defaultLayout w = do { p <- widgetToPageContent w; msgs <- getMessages; withUrlRenderer (\ _render_a1npz -> do { id ((preEscapedText . pack) "<!DOCTYPE html>\n\ \<html><head><title>"); id (toHtml (pageTitle p)); id ((preEscapedText . pack) "</title>"); asHtmlUrl (pageHead p) _render_a1npz; id ((preEscapedText . pack) "</head><body>"); mapM_ (\ (status_a1npA, msg_a1npB) -> do { id ((preEscapedText . pack) "<p class=\"message "); id (toHtml status_a1npA); id ((preEscapedText . pack) "\">"); id (toHtml msg_a1npB); id ((preEscapedText . pack) "</p>") }) msgs; asHtmlUrl (pageBody p) _render_a1npz; id ((preEscapedText . pack) "</body></html>") }) } urlRenderOverride _ _ = Nothing urlParamRenderOverride y route params = addParams params <$> urlRenderOverride y route where addParams [] routeBldr = routeBldr addParams nonEmptyParams routeBldr = let routeBS = toByteString routeBldr qsSeparator = fromChar $ if elem '?' routeBS then '&' else '?' valueToMaybe t = if t == "" then Nothing else Just t queryText = map (id *** valueToMaybe) nonEmptyParams in copyByteString routeBS `mappend` qsSeparator `mappend` renderQueryText False queryText isAuthorized _ _ = return Authorized isWriteRequest _ = do { wai <- waiRequest; return $ W.requestMethod wai `notElem` ["GET", "HEAD", "OPTIONS", "TRACE"] } authRoute _ = Nothing cleanPath _ s = if corrected == s then Right $ map dropDash s else Left corrected where corrected = filter (not . null) s dropDash t | all (== '-') t = drop 1 t | otherwise = t joinPath _ ar pieces' qs' = fromText ar `mappend` encodePath pieces qs where pieces = if null pieces' then [""] else map addDash pieces' qs = map (encodeUtf8 *** go) qs' go "" = Nothing go x = Just $ encodeUtf8 x addDash t | all (== '-') t = cons '-' t | otherwise = t addStaticContent _ _ _ = return Nothing maximumContentLength _ _ = Just $ 2 * 1024 * 1024 makeLogger _ = defaultMakeLogger messageLoggerSource site = defaultMessageLoggerSource $ shouldLogIO site jsLoader _ = BottomOfBody jsAttributes _ = [] makeSessionBackend _ = Just <$> defaultClientSessionBackend 120 defaultKeyFile fileUpload _ (KnownLength size) | size <= 50000 = FileUploadMemory lbsBackEnd fileUpload _ _ = FileUploadDisk tempFileBackEnd shouldLog _ = defaultShouldLog shouldLogIO a b c = return (shouldLog a b c) yesodMiddleware = defaultYesodMiddleware yesodWithInternalState _ _ = bracket createInternalState closeInternalState defaultMessageWidget title body = do { setTitle title; toWidget (\ _render_a1nqd -> do { id ((preEscapedText . pack) "<h1>"); id (toHtml title); id ((preEscapedText . pack) "</h1>\n"); asHtmlUrl body _render_a1nqd }) }
+ Yesod.Core: class RenderRoute site => Yesod site
- Yesod.Core: renderCssUrl :: (url -> [(Text, Text)] -> Text) -> CssUrl url -> Text
+ Yesod.Core: renderCssUrl :: () => (url -> [(Text, Text)] -> Text) -> CssUrl url -> Text
- Yesod.Core: renderJavascriptUrl :: (url -> [(Text, Text)] -> Text) -> JavascriptUrl url -> Text
+ Yesod.Core: renderJavascriptUrl :: () => (url -> [(Text, Text)] -> Text) -> JavascriptUrl url -> Text
- Yesod.Core.Json: Array :: ~Array -> Value
+ Yesod.Core.Json: Array :: !Array -> Value
- Yesod.Core.Json: Bool :: ~Bool -> Value
+ Yesod.Core.Json: Bool :: !Bool -> Value
- Yesod.Core.Json: Number :: ~Scientific -> Value
+ Yesod.Core.Json: Number :: !Scientific -> Value
- Yesod.Core.Json: Object :: ~Object -> Value
+ Yesod.Core.Json: Object :: !Object -> Value
- Yesod.Core.Json: String :: ~Text -> Value
+ Yesod.Core.Json: String :: !Text -> Value

Files

ChangeLog.md view
@@ -1,3 +1,7 @@+## 1.4.37.3++* Improve error message when request body is too large [#1477](https://github.com/yesodweb/yesod/pull/1477)+ ## 1.4.37.2  * Improve error messages for the CSRF checking functions [#1455](https://github.com/yesodweb/yesod/issues/1455)
Yesod/Core/Handler.hs view
@@ -1464,6 +1464,23 @@ -- The form-based approach has the advantage of working for users with Javascript disabled, while adding the token to the headers with Javascript allows things like submitting JSON or binary data in AJAX requests. Yesod supports checking for a CSRF token in either the POST parameters of the form ('checkCsrfParamNamed'), the headers ('checkCsrfHeaderNamed'), or both options ('checkCsrfHeaderOrParam'). -- -- The easiest way to check both sources is to add the 'Yesod.Core.defaultCsrfMiddleware' to your Yesod Middleware.+--+-- === Opting-out of CSRF checking for specific routes+--+-- (Note: this code is generic to opting out of any Yesod middleware)+--+-- @+-- 'yesodMiddleware' app = do+--   maybeRoute <- 'getCurrentRoute'+--   let dontCheckCsrf = case maybeRoute of+--                         Just HomeR                     -> True  -- Don't check HomeR+--                         Nothing                        -> True  -- Don't check for 404s+--                         _                              -> False -- Check other routes+--+--   'defaultYesodMiddleware' $ 'defaultCsrfSetCookieMiddleware' $ (if dontCheckCsrf then 'id' else 'defaultCsrfCheckMiddleware') $ app+-- @+--+-- This can also be implemented using the 'csrfCheckMiddleware' function.  -- | The default cookie name for the CSRF token ("XSRF-TOKEN"). --
Yesod/Core/Internal/Request.hs view
@@ -25,6 +25,7 @@ import Web.Cookie (parseCookiesText) import Data.ByteString (ByteString) import qualified Data.ByteString.Char8 as S8+import qualified Data.ByteString.Lazy.Char8 as LS8 import Data.Text (Text, pack) import Network.HTTP.Types (queryToQueryText, Status (Status)) import Data.Maybe (fromMaybe, catMaybes)@@ -60,17 +61,23 @@             let len = fromIntegral $ S8.length bs                 remaining' = remaining - len             if remaining < len-                then throwIO $ HCWai tooLargeResponse+                then throwIO $ HCWai $ tooLargeResponse maxLen len                 else do                     writeIORef ref remaining'                     return bs         } -tooLargeResponse :: W.Response-tooLargeResponse = W.responseLBS+tooLargeResponse :: Word64 -> Word64 -> W.Response+tooLargeResponse maxLen bodyLen = W.responseLBS     (Status 413 "Too Large")     [("Content-Type", "text/plain")]-    "Request body too large to be processed."+    (L.concat +        [ "Request body too large to be processed. The maximum size is "+        , (LS8.pack (show maxLen))+        , " bytes; your request body was "+        , (LS8.pack (show bodyLen))+        , " bytes. If you're the developer of this site, you can configure the maximum length with the `maximumContentLength` function on the Yesod typeclass."+        ])  parseWaiRequest :: W.Request                 -> SessionMap
Yesod/Core/Internal/Run.hs view
@@ -327,7 +327,7 @@             -> Maybe (Route site)             -> Application yesodRunner handler' YesodRunnerEnv {..} route req sendResponse-  | Just maxLen <- mmaxLen, KnownLength len <- requestBodyLength req, maxLen < len = sendResponse tooLargeResponse+  | Just maxLen <- mmaxLen, KnownLength len <- requestBodyLength req, maxLen < len = sendResponse (tooLargeResponse maxLen len)   | otherwise = do     let dontSaveSession _ = return []     (session, saveSession) <- liftIO $
Yesod/Core/Unsafe.hs view
@@ -1,7 +1,7 @@ {-# LANGUAGE CPP #-} -- | This is designed to be used as ----- > qualified import Yesod.Core.Unsafe as Unsafe+-- > import qualified Yesod.Core.Unsafe as Unsafe -- -- This serves as a reminder that the functions are unsafe to use in many situations. module Yesod.Core.Unsafe (runFakeHandler, fakeHandlerGetLogger) where
yesod-core.cabal view
@@ -1,5 +1,5 @@ name:            yesod-core-version:         1.4.37.2+version:         1.4.37.3 license:         MIT license-file:    LICENSE author:          Michael Snoyman <michael@snoyman.com>