- Handle only the most basic of query string parsing and construction.
Leave the rest (e.g. Rails/PHP behaviors) to modules higher up the
stack, like Express.
Note that "//" is still a special indicator for the hostname, and this does
not change the parsing of mailto: and other "slashless" url schemes. It
does however remove some oddness in url.parse(req.url) which is the most
common use-case for the url.parse function.
- [lib/dns.js] dns.lookup takes a new optional argument "family" which
should be the integer 4, 6, dns.AF_INET or dns.AF_INET6. Passing a
non-false "family" argument makes c-ares explicitly look up addresses for
the specified family.
- [test/simple/test-c-ares.js] test explicit address family lookups
This patch standardises the load order for modules. Highest priority is trying to load exactly the file the user specified, followed by native extensions, followed by registered extra extensions, etc.
In full, if we require('foo') having registered '.coffee' as an alternative extension, we try and load the following files in order:
foo
foo.js
foo.node
foo.coffee
foo/index.js
foo/index.node
foo/index.coffee
This patch replaces the path.exists check for module loading with a call to
fs.statSync (or fs.stat for require.async) which ensures that it's not trying
to load a directory.
Any path.join or path.normalize that starts with a / will not go "above" that after normalization. This is important because /../foo is almost *always* some sort of error, and doesn't match the corollary in sh: `cd $p; pwd`
At the worse, this can be a vector for exploits, since a static file server might do path.join(docroot, path.normalize("/"+req)) to get the file. If the normalized request path could be something like "/../../../etc/passwd" then bad things could happen.
Before there was this comment:
Can't strip trailing slashes since module.js incorrectly
thinks dirname('/a/b/') should yield '/a/b' instead of '/a'.
But now, such thinking is corrected.
- Buffer.toString('ascii', 0, 0) incorrectly returns the entire contents
of the buffer. Fix this.
- Provide similar behavior to Buffer.write() and Buffer.copy() when
dealing with 0-length in valid and invalid byte ranges.
This is ever so slightly less efficient than caching based on ID, since the
filename has to be looked up before we can check the cache. However, it's
the most minimal approach possible to get this change in place. Since
require() is a blocking startup-time operation anyway, a bit of slowness is
not a huge problem.
A test involving require.paths modification and absolute loading. Here's the
gist of it.
Files: /p1/foo.js /p2/foo.js
1. Add "/p1" to require.paths.
2. foo1 = require("foo")
3. assert foo1 === require("/p1/foo") (fail)
4. Remove /p1 from require.paths.
5. Add /p2 to require.paths.
6. foo2 = require("foo")
7. assert foo1 !== foo2 (fail)
8. assert foo2 === require("/p2/foo") (fail)
It's an edge case, but it affects how dependencies are mapped by npm.
If your module requires foo-1.2.3, and my module requires foo-2.3.4,
then you should expect to have require("foo") give you foo-1.2.3, and
I should expect require("foo") to give me foo-2.3.4. However, with
module ID based caching, if your code loads *first*, then your "foo"
is THE "foo", so I'll get your version instead of mine.
It hasn't yet been a problem, but only because there are so few
modules, and everyone pretty much uses the latest version all the
time. But as things start to get to the 1.x and 2.x versions, it'll
be an issue, I'm sure. Dependency hell isn't fun, so this is a way to
avoid it before it strikes.
