0

当我运行代码的以下部分时,出现“nil:NilClass 的未定义方法 `each'”错误。

if request and request.body
  print_status(request.body);
  request.body.split('&').each { |var|
    parts = var.split('=', 2)
    if parts.length != 2
      print_error("Weird, we got a var that doesn't contain an equals: #{parts.inspect}")
    else
      fln,fld = parts
      fld = Rex::Text.uri_decode(fld)
      if fln == "script"
        script = fld
      end
    end
  }
end


request.body 的一些测试:

- ----------------------------------
- request.body.class:字符串
- request.body:脚本=测试
- request.body.split('&'): ["script=test"]
- 发送
- ----------------------------------
- request.body.class:字符串
- request.body:脚本=警报%28%27ok%27%29%3B
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B"]
- 发送
- ----------------------------------
- request.body.class:字符串
- request.body:脚本=alert%28%27ok%27%29%3B%3D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%3D"]
- 异常处理请求:nil:NilClass 的未定义方法“每个”
- ----------------------------------
- request.body.class:字符串
- request.body:脚本=alert%28%27ok%27%29%3B%5D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%5D"]
- 异常处理请求:nil:NilClass 的未定义方法“每个”
- ----------------------------------
- request.body.class:字符串
- request.body:脚本=alert%28%27ok%27%29%3B-
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B-"]
- 异常处理请求:nil:NilClass 的未定义方法“每个”
- ----------------------------------
- request.body.class:字符串
- request.body: 脚本=alert%28%27ok%27%29%3B+
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B+"]
- 异常处理请求:nil:NilClass 的未定义方法“每个”

大多数特殊字符会使错误发生。
有什么问题?

4

1 回答 1

1

请尝试使用request.body.read而不是request.body.

ActionDispatch::Request.body方法是StringIO,参考:http ://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-body

于 2014-02-14T10:08:31.543 回答