Ruby, HTTP, and open-uri
Ruby’s obvious HTTP client library is Net::HTTP (‘net/http’), however it feels a little bit awkward to use and lacks nice features like following redirects. If you’re coming from LWP you’ll be disappointed.
However there is a nice wrapper, open-uri that makes it simple to add custom headers, provides loop aware redirect following, etc. And it provides a super slick drop in replacement for the Kernel#open
method, so that you can open either a local file, or a remote URL….
Danger Will Robinson! Danger
At this point, alarm bells are going off in the heads’ of the PHP programmers in the audience, who are thinking to themselves,
“Wow, someone went to the trouble of making Ruby act PHP-like! Down to replicating one of the most commonly exploited security holes!”
Sincerest forms of flattery aside, that seems like a really bad idea. Admittedly you have to explicitly require 'open-uri'
in order to activate the feature, howev er as the best of the Ruby HTTP clients (I’ve found to date) that seems like a decent bet in many web apps, and once you’ve done that all future calls to open
can be hijacked to download remote files.
Now, this being Ruby, there is probably some clever solution involving de-aliasing the open
method which makes all these problems go away. Still this seems like an opportunity for the PHP community, with its near infinite experience with having web apps exploited, to teach the Ruby community something. Overloading your core file open semantic to transparently open remote resources is a bad idea, full stop.