--- parser3/src/classes/curl.C 2012/04/20 11:43:04 1.15 +++ parser3/src/classes/curl.C 2013/03/10 23:36:00 1.23 @@ -16,7 +16,7 @@ #include "pa_http.h" #include "ltdl.h" -volatile const char * IDENT_CURL_C="$Id: curl.C,v 1.15 2012/04/20 11:43:04 moko Exp $"; +volatile const char * IDENT_CURL_C="$Id: curl.C,v 1.23 2013/03/10 23:36:00 misha Exp $"; class MCurl: public Methoded { public: @@ -76,10 +76,13 @@ public: bool is_text; Charset *charset, *response_charset; struct curl_httppost *f_post; + FILE *f_stderr; - ParserOptions() : filename(0), content_type(0), is_text(true), charset(0), response_charset(0), f_post(0){} + ParserOptions() : filename(0), content_type(0), is_text(true), charset(0), response_charset(0), f_post(0), f_stderr(0){} ~ParserOptions() { f_curl_formfree(f_post); + if(f_stderr) + fclose(f_stderr); } }; @@ -275,16 +278,11 @@ public: CURL_OPT(CURL_STRING, SSLENGINE); CURL_OPT(CURL_STRING, SSLENGINE_DEFAULT); -#ifdef CURLOPT_ISSUERCERT CURL_OPT(CURL_FILE, ISSUERCERT); -#endif - -#ifdef CURLOPT_CRLFILE CURL_OPT(CURL_FILE, CRLFILE); -#endif CURL_OPT(CURL_STRING, CAINFO); - CURL_OPT(CURL_STRING, CAPATH); + CURL_OPT(CURL_FILE, CAPATH); CURL_OPT(CURL_INT, SSL_VERIFYPEER); CURL_OPT(CURL_INT, SSL_VERIFYHOST); CURL_OPT(CURL_STRING, SSL_CIPHER_LIST); @@ -359,6 +357,14 @@ static void curl_form(HashStringValue *v } } +static const char *curl_check_file(const String &file_spec){ + const char *file_spec_cstr=file_spec.taint_cstr(String::L_FILE_SPEC); + struct stat finfo; + if(stat(file_spec_cstr, &finfo)==0) + check_safe_mode(finfo, file_spec, file_spec_cstr); + return file_spec_cstr; +} + static void curl_setopt(HashStringValue::key_type key, HashStringValue::value_type value, Request& r) { CurlOption *opt=curl_options->get(key); @@ -416,7 +422,7 @@ static void curl_setopt(HashStringValue: f_curl_formfree(options().f_post); options().f_post = 0; } else { - throw Exception("curl", 0, "%s must be a hash", key.cstr()); + throw Exception("curl", 0, "failed to set option '%s': value must be a hash", key.cstr()); } res=f_curl_easy_setopt(curl(), CURLOPT_HTTPPOST, foptions->f_post); break; @@ -429,8 +435,19 @@ static void curl_setopt(HashStringValue: } case CurlOption::CURL_FILE:{ // file-spec curl option - const char *value_str=r.absolute(v.as_string()).taint_cstr(String::L_FILE_SPEC); - res=f_curl_easy_setopt(curl(), opt->id, value_str); + const char *file_spec_cstr=curl_check_file(r.absolute(v.as_string())); + res=f_curl_easy_setopt(curl(), opt->id, file_spec_cstr); + break; + } + case CurlOption::CURL_STDERR:{ + // verbose output redirection from stderr to file curl option + const char *file_spec_cstr=curl_check_file(r.absolute(v.as_string())); + FILE *f_stderr=options().f_stderr=fopen(file_spec_cstr, "wt"); + if (f_stderr){ + res=f_curl_easy_setopt(curl(), opt->id, f_stderr); + } else { + throw Exception("curl", 0, "failed to set option '%s': unable to open file '%s'", key.cstr(), file_spec_cstr); + } break; } case CurlOption::PARSER_LIBRARY:{ @@ -438,7 +455,7 @@ static void curl_setopt(HashStringValue: if(fcurl==0){ curl_library=v.as_string().taint_cstr(String::L_FILE_SPEC); } else - throw Exception("curl", 0, "failed to set option '%s': %s", key.cstr(), "already loaded"); + throw Exception("curl", 0, "failed to set option '%s': already loaded", key.cstr()); break; } case CurlOption::PARSER_NAME:{ @@ -476,10 +493,8 @@ static void _curl_options(Request& r, Me if(curl_options==0) curl_options=new CurlOptionHash(); - if(HashStringValue* options=params.as_no_junction(0, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(0)) options->for_each(curl_setopt, r); - } else - throw Exception("curl", 0, OPTIONS_MUST_BE_HASH); } @@ -583,26 +598,41 @@ static void _curl_load_action(Request& r body.length=c.length; } - result.set(true /*tainted*/, body.buf, body.length, options().filename - , options().content_type ? new VString(*options().content_type) : 0 - , &r); - result.set_mode(options().is_text); - + result.set(true/*tainted*/, options().is_text, body.buf, body.length, options().filename + , options().content_type ? new VString(*options().content_type) : 0, &r); long http_status = 0; if(f_curl_easy_getinfo(curl(), CURLINFO_RESPONSE_CODE, &http_status) == CURLE_OK){ result.fields().put("status", new VInt(http_status)); } + Table *cookies=0; for(HASH_STRING::Iterator i(headers); i; i.next() ){ - String::Body key=i.key(); + String::Body HEADER_NAME=i.key(); String::Body value=i.value(); if(asked_charset){ - key=Charset::transcode(key, *asked_charset, r.charsets.source()); + HEADER_NAME=Charset::transcode(HEADER_NAME, *asked_charset, r.charsets.source()); value=Charset::transcode(value, *asked_charset, r.charsets.source()); } - result.fields().put(key, new VString(*new String(value.trim(String::TRIM_BOTH, " \t\n\r"), String::L_TAINTED))); + const String& header_value=*new String(value.trim(String::TRIM_BOTH, " \t\n\r"), String::L_TAINTED); + result.fields().put(HEADER_NAME, new VString(header_value)); + + if(HEADER_NAME == "SET-COOKIE") { + if(!cookies){ + // first appearence + Table::columns_type columns=new ArrayString(1); + *columns+=new String("value"); + cookies=new Table(columns); + } + ArrayString& row=*new ArrayString(1); + row+=&header_value; + *cookies+=&row; + } } + // filling $.cookies + if(cookies) + result.fields().put(HTTP_COOKIES_NAME, new VTable(parse_cookies(r, cookies))); + r.write_no_lang(result); }