--- parser3/src/classes/curl.C 2012/04/20 20:02:03 1.16 +++ parser3/src/classes/curl.C 2013/04/21 21:24:53 1.26 @@ -16,7 +16,7 @@ #include "pa_http.h" #include "ltdl.h" -volatile const char * IDENT_CURL_C="$Id: curl.C,v 1.16 2012/04/20 20:02:03 moko Exp $"; +volatile const char * IDENT_CURL_C="$Id: curl.C,v 1.26 2013/04/21 21:24:53 moko Exp $"; class MCurl: public Methoded { public: @@ -76,13 +76,13 @@ public: bool is_text; Charset *charset, *response_charset; struct curl_httppost *f_post; - FILE *stderr; + FILE *f_stderr; - ParserOptions() : filename(0), content_type(0), is_text(true), charset(0), response_charset(0), f_post(0), stderr(0){} + ParserOptions() : filename(0), content_type(0), is_text(true), charset(0), response_charset(0), f_post(0), f_stderr(0){} ~ParserOptions() { f_curl_formfree(f_post); - if(stderr) - fclose(stderr); + if(f_stderr) + fclose(f_stderr); } }; @@ -224,7 +224,10 @@ public: CURL_OPT(CURL_URLENCODE, USERAGENT); CURL_OPT(CURL_URLENCODE, REFERER); CURL_OPT(CURL_INT, AUTOREFERER); + CURL_OPT(CURL_STRING, ENCODING); // gzip or deflate + CURL_OPT(CURL_STRING, ACCEPT_ENCODING); // gzip or deflate + CURL_OPT(CURL_INT, FOLLOWLOCATION); CURL_OPT(CURL_INT, UNRESTRICTED_AUTH); @@ -282,7 +285,7 @@ public: CURL_OPT(CURL_FILE, CRLFILE); CURL_OPT(CURL_STRING, CAINFO); - CURL_OPT(CURL_STRING, CAPATH); + CURL_OPT(CURL_FILE, CAPATH); CURL_OPT(CURL_INT, SSL_VERIFYPEER); CURL_OPT(CURL_INT, SSL_VERIFYHOST); CURL_OPT(CURL_STRING, SSL_CIPHER_LIST); @@ -357,6 +360,14 @@ static void curl_form(HashStringValue *v } } +static const char *curl_check_file(const String &file_spec){ + const char *file_spec_cstr=file_spec.taint_cstr(String::L_FILE_SPEC); + struct stat finfo; + if(stat(file_spec_cstr, &finfo)==0) + check_safe_mode(finfo, file_spec, file_spec_cstr); + return file_spec_cstr; +} + static void curl_setopt(HashStringValue::key_type key, HashStringValue::value_type value, Request& r) { CurlOption *opt=curl_options->get(key); @@ -427,18 +438,18 @@ static void curl_setopt(HashStringValue: } case CurlOption::CURL_FILE:{ // file-spec curl option - const char *value_str=r.absolute(v.as_string()).taint_cstr(String::L_FILE_SPEC); - res=f_curl_easy_setopt(curl(), opt->id, value_str); + const char *file_spec_cstr=curl_check_file(r.absolute(v.as_string())); + res=f_curl_easy_setopt(curl(), opt->id, file_spec_cstr); break; } case CurlOption::CURL_STDERR:{ // verbose output redirection from stderr to file curl option - const char *value_str=r.absolute(v.as_string()).taint_cstr(String::L_FILE_SPEC); - FILE *stderr=options().stderr=fopen(value_str, "at"); - if (stderr){ - res=f_curl_easy_setopt(curl(), opt->id, stderr); + const char *file_spec_cstr=curl_check_file(r.absolute(v.as_string())); + FILE *f_stderr=options().f_stderr=fopen(file_spec_cstr, "wt"); + if (f_stderr){ + res=f_curl_easy_setopt(curl(), opt->id, f_stderr); } else { - throw Exception("curl", 0, "failed to set option '%s': unable to open file %s", key.cstr(), value_str); + throw Exception("curl", 0, "failed to set option '%s': unable to open file '%s'", key.cstr(), file_spec_cstr); } break; } @@ -485,10 +496,8 @@ static void _curl_options(Request& r, Me if(curl_options==0) curl_options=new CurlOptionHash(); - if(HashStringValue* options=params.as_no_junction(0, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(0)) options->for_each(curl_setopt, r); - } else - throw Exception("curl", 0, OPTIONS_MUST_BE_HASH); } @@ -517,7 +526,13 @@ static int curl_writer(char *data, size_ return size; } -static int curl_header(char *data, size_t size, size_t nmemb, HASH_STRING *result){ +class Curl_response { +public: + HASH_STRING headers; + Array cookies; +}; + +static int curl_header(char *data, size_t size, size_t nmemb, Curl_response *result){ if(result == 0) return 0; @@ -527,7 +542,10 @@ static int curl_header(char *data, size_ char *value=lsplit(line,':'); if(value && *line){ // we need only headers, not the response code - result->put(str_upper(line), value); + const char* HEADER_NAME=str_upper(line); + result->headers.put(HEADER_NAME, value); + if(strcmp(HEADER_NAME, "SET-COOKIE")==0) + result->cookies+=value; } } return size; @@ -549,9 +567,9 @@ static void _curl_load_action(Request& r CURL_SETOPT(CURLOPT_WRITEDATA, &body, "curl write buffer"); // we need a container for headers as VFile fields can be put only after VFile.set - HASH_STRING headers; + Curl_response response; CURL_SETOPT(CURLOPT_HEADERFUNCTION, curl_header, "curl header function"); - CURL_SETOPT(CURLOPT_WRITEHEADER, &headers, "curl header buffer"); + CURL_SETOPT(CURLOPT_WRITEHEADER, &response, "curl header buffer"); if((res=f_curl_easy_perform(curl())) != CURLE_OK){ const char *ex_type = 0; @@ -579,7 +597,7 @@ static void _curl_load_action(Request& r VFile& result=*new VFile; - String::Body ct_header = headers.get(HTTP_CONTENT_TYPE_UPPER); + String::Body ct_header = response.headers.get(HTTP_CONTENT_TYPE_UPPER); Charset *asked_charset = options().response_charset; if (asked_charset == 0){ Charset *remote_charset = ct_header.is_empty() ? 0 : detect_charset(ct_header.trim(String::TRIM_BOTH, " \t\n\r").cstr()); @@ -592,26 +610,43 @@ static void _curl_load_action(Request& r body.length=c.length; } - result.set(true /*tainted*/, body.buf, body.length, options().filename - , options().content_type ? new VString(*options().content_type) : 0 - , &r); - result.set_mode(options().is_text); - + result.set(true/*tainted*/, options().is_text, body.buf, body.length, options().filename + , options().content_type ? new VString(*options().content_type) : 0, &r); long http_status = 0; if(f_curl_easy_getinfo(curl(), CURLINFO_RESPONSE_CODE, &http_status) == CURLE_OK){ result.fields().put("status", new VInt(http_status)); } - for(HASH_STRING::Iterator i(headers); i; i.next() ){ - String::Body key=i.key(); + for(HASH_STRING::Iterator i(response.headers); i; i.next() ){ + String::Body HEADER_NAME=i.key(); String::Body value=i.value(); if(asked_charset){ - key=Charset::transcode(key, *asked_charset, r.charsets.source()); + HEADER_NAME=Charset::transcode(HEADER_NAME, *asked_charset, r.charsets.source()); value=Charset::transcode(value, *asked_charset, r.charsets.source()); } - result.fields().put(key, new VString(*new String(value.trim(String::TRIM_BOTH, " \t\n\r"), String::L_TAINTED))); + result.fields().put(HEADER_NAME, new VString(*new String(value.trim(String::TRIM_BOTH, " \t\n\r"), String::L_TAINTED))); + } + + // filling $.cookies + Table* tcookies=0; + + for(Array_iterator i(response.cookies); i.has_next(); ){ + if(!tcookies){ + Table::columns_type columns=new ArrayString(1); + *columns+=new String("value"); + tcookies=new Table(columns); + } + String::Body value=i.next(); + if(asked_charset) + value=Charset::transcode(value, *asked_charset, r.charsets.source()); + ArrayString& row=*new ArrayString(1); + row+=new String(value.trim(String::TRIM_BOTH, " \t\n\r"), String::L_TAINTED); + *tcookies+=&row; } + if(tcookies) + result.fields().put(HTTP_COOKIES_NAME, new VTable(parse_cookies(r, tcookies))); + r.write_no_lang(result); }