当我运行我的代码的以下部分时,"未定义的方法`每个'为零:NilClass"出现错误。
if request and request.body
print_status(request.body);
request.body.split('&').each { |var|
parts = var.split('=', 2)
if parts.length != 2
print_error("Weird, we got a var that doesn't contain an equals: #{parts.inspect}")
else
fln,fld = parts
fld = Rex::Text.uri_decode(fld)
if fln == "script"
script = fld
end
end
}
end
使用request.body的一些测试:
- ----------------------------------
- request.body.class: String
- request.body: script=test
- request.body.split('&'): ["script=test"]
- Sending
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B"]
- Sending
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B%3D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%3D"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B%5D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%5D"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B-
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B-"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B+
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B+"]
- Exception handling request: undefined method `each' for nil:NilClass
大多数特殊字符都会发生错误。
可能有什么不对?
答案 0 :(得分:1)
请尝试使用request.body.read代替request.body。
ActionDispatch::Request.body方法是StringIO,请参阅:http://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-body