|
|
| version 1.107.2.16, 2003/03/05 11:08:26 | version 1.144, 2006/09/03 09:47:22 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: @b file parser class. | Parser: @b file parser class. |
| Copyright (c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) | Copyright (c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| */ | */ |
| static const char* IDENT_FILE_C="$Date$"; | static const char * const IDENT_FILE_C="$Date$"; |
| #include "pa_config_includes.h" | #include "pa_config_includes.h" |
| Line 23 static const char* IDENT_FILE_C="$Date$" | Line 23 static const char* IDENT_FILE_C="$Date$" |
| #include "pa_dir.h" | #include "pa_dir.h" |
| #include "pa_vtable.h" | #include "pa_vtable.h" |
| #include "pa_charset.h" | #include "pa_charset.h" |
| #include "pa_charsets.h" | |
| #include "pa_sql_connection.h" | |
| // defines | // defines |
| #define TEXT_MODE_NAME "text" | #define TEXT_MODE_NAME "text" |
| #define BINARY_MODE_NAME "binary" | |
| #define STDIN_EXEC_PARAM_NAME "stdin" | #define STDIN_EXEC_PARAM_NAME "stdin" |
| #define CHARSET_EXEC_PARAM_NAME "charset" | |
| #define NAME_NAME "name" | |
| // externs | |
| extern String sql_limit_name; | |
| extern String sql_offset_name; | |
| // class | // class |
| class MFile: public Methoded { | class MFile: public Methoded { |
| public: // VStateless_class | public: // VStateless_class |
| ValuePtr create_new_value() { return ValuePtr(new VFile()); } | Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); } |
| public: // Methoded | public: // Methoded |
| bool used_directly() { return true; } | bool used_directly() { return true; } |
| Line 96 static const char* suexec_safe_env_lst[] | Line 107 static const char* suexec_safe_env_lst[] |
| // statics | // statics |
| static StringPtr adate_name(new String("adate")); | static const String::Body adate_name("adate"); |
| static StringPtr mdate_name(new String("mdate")); | static const String::Body mdate_name("mdate"); |
| static StringPtr cdate_name(new String("cdate")); | static const String::Body cdate_name("cdate"); |
| // methods | // methods |
| static void _save(Request& r, StringPtr /*method_name*/, MethodParams* params) { | static bool is_text_mode(const String& mode) { |
| Pool& pool=r.pool(); | if(mode==TEXT_MODE_NAME) |
| ValuePtr vmode_name=params-> as_no_junction(0, "mode must not be code"); | return true; |
| ValuePtr vfile_name=params->as_no_junction(1, "file name must not be code"); | if(mode==BINARY_MODE_NAME) |
| return false; | |
| throw Exception("parser.runtime", | |
| &mode, | |
| "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); | |
| } | |
| static void _save(Request& r, MethodParams& params) { | |
| Value& vmode_name=params. as_no_junction(0, "mode must not be code"); | |
| Value& vfile_name=params.as_no_junction(1, "file name must not be code"); | |
| // save | // save |
| GET_SELF(r, VFile).save(r.absolute(vfile_name->as_string(&pool)), | GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()), |
| *vmode_name->as_string(&pool)==TEXT_MODE_NAME); | is_text_mode(vmode_name.as_string())); |
| } | } |
| static void _delete(Request& r, StringPtr /*method_name*/, MethodParams* params) { | static void _delete(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | Value& vfile_name=params.as_no_junction(0, "file name must not be code"); |
| ValuePtr vfile_name=params->as_no_junction(0, "file name must not be code"); | |
| // unlink | // unlink |
| file_delete(r.absolute(vfile_name->as_string(&pool))); | file_delete(r.absolute(vfile_name.as_string())); |
| } | } |
| static void _move(Request& r, StringPtr /*method_name*/, MethodParams* params) { | static void _move(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); |
| ValuePtr vfrom_file_name=params->as_no_junction(0, "from file name must not be code"); | Value& vto_file_name=params.as_no_junction(1, "to file name must not be code"); |
| ValuePtr vto_file_name=params->as_no_junction(1, "to file name must not be code"); | |
| // move | // move |
| file_move( | file_move( |
| r.absolute(vfrom_file_name->as_string(&pool)), | r.absolute(vfrom_file_name.as_string()), |
| r.absolute(vto_file_name->as_string(&pool))); | r.absolute(vto_file_name.as_string())); |
| } | } |
| static void _load_pass_param( | static void _load_pass_param( |
| HashStringValue::key_type key, | HashStringValue::key_type key, |
| HashStringValue::value_type value, | HashStringValue::value_type value, |
| HashStringValue *dest) { | HashStringValue *dest) { |
| dest->put(key, value); | dest->put(key, value); |
| } | } |
| static void _load(Request& r, StringPtr method_name, MethodParams* params) { | static void _load(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | Value& vmode_name=params. as_no_junction(0, "mode must not be code"); |
| ValuePtr vmode_name=params-> as_no_junction(0, "mode must not be code"); | const String& lfile_name=r.absolute(params.as_no_junction(1, "file name must not be code").as_string()); |
| StringPtr lfile_name=r.absolute(params->as_no_junction(1, "file name must not be code")->as_string(&pool)); | Value* third_param=params.count()>2?¶ms.as_no_junction(2, "filename or options must not be code") |
| ValuePtr third_param=params->count()>2?params->as_no_junction(2, "filename or options must not be code") | :0; |
| :ValuePtr(0); | HashStringValue* third_param_hash=third_param?third_param->get_hash():0; |
| HashStringValue* third_param_hash=third_param?third_param->get_hash(method_name):0; | size_t alt_filename_param_index=2; |
| int alt_filename_param_index=2; | |
| if(third_param_hash) | if(third_param_hash) |
| alt_filename_param_index++; | alt_filename_param_index++; |
| File_read_result file=file_read(pool, r.charsets.source(), lfile_name, | HashStringValue* options=third_param_hash; |
| *vmode_name->as_string(&pool)==TEXT_MODE_NAME, | size_t offset=0; |
| third_param_hash | size_t limit=0; |
| if(options) { | |
| options=new HashStringValue(*options); | |
| if(Value *voffset=(Value *)options->get(sql_offset_name)) { | |
| offset=r.process_to_value(*voffset).as_int(); | |
| } | |
| if(Value *vlimit=(Value *)options->get(sql_limit_name)) { | |
| limit=r.process_to_value(*vlimit).as_int(); | |
| } | |
| // no check on options count here, see file_read | |
| } | |
| File_read_result file=file_read(r.charsets, lfile_name, | |
| is_text_mode(vmode_name.as_string()), | |
| options, true, 0, offset, limit | |
| ); | ); |
| char *user_file_name=params->count()>alt_filename_param_index? | const char *user_file_name=params.count()>alt_filename_param_index? |
| params->as_string(alt_filename_param_index, "filename must be string")->cstr(pool) | params.as_string(alt_filename_param_index, "filename must be string").cstr() |
| :lfile_name->cstr(pool, String::UL_FILE_SPEC); | :lfile_name.cstr(String::L_FILE_SPEC); |
| ValuePtr vcontent_type(0); | Value* vcontent_type=0; |
| if(file.headers) | if(file.headers) |
| vcontent_type=file.headers->get(content_type_name); | { |
| if(Value* remote_content_type=file.headers->get("CONTENT-TYPE")) | |
| vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); | |
| } | |
| if(!vcontent_type) | if(!vcontent_type) |
| vcontent_type=ValuePtr(new VString(r.mime_type_of(user_file_name))); | vcontent_type=new VString(r.mime_type_of(user_file_name)); |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(pool, true/*tainted*/, file.data, file.size, user_file_name, vcontent_type); | self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); |
| if(file.headers) | if(file.headers) |
| file.headers->for_each(_load_pass_param, &self.fields()); | file.headers->for_each<HashStringValue*>(_load_pass_param, &self.fields()); |
| } | } |
| static void _stat(Request& r, StringPtr method_name, MethodParams* params) { | static void _create(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | Value& vmode_name=params. as_no_junction(0, "mode must not be code"); |
| ValuePtr vfile_name=params->as_no_junction(0, "file name must not be code"); | if(!is_text_mode(vmode_name.as_string())) |
| throw Exception("parser.runtime", | |
| 0, | |
| "only text mode is currently supported"); | |
| const char* user_file_name_cstr=r.absolute( | |
| params.as_no_junction(1, "file name must not be code").as_string()).cstr(String::L_FILE_SPEC); | |
| const String& content=params.as_string(2, "content must be string"); | |
| const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes | |
| VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); | |
| VFile& self=GET_SELF(r, VFile); | |
| self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type); | |
| } | |
| StringPtr lfile_name=vfile_name->as_string(&pool); | static void _stat(Request& r, MethodParams& params) { |
| Value& vfile_name=params.as_no_junction(0, "file name must not be code"); | |
| const String& lfile_name=vfile_name.as_string(); | |
| size_t size; | size_t size; |
| time_t atime, mtime, ctime; | time_t atime, mtime, ctime; |
| Line 182 static void _stat(Request& r, StringPtr | Line 233 static void _stat(Request& r, StringPtr |
| atime, mtime, ctime); | atime, mtime, ctime); |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(pool, true/*tainted*/, 0/*no bytes*/, size); | self.set(true/*tainted*/, 0/*no bytes*/, size); |
| HashStringValue& ff=self.fields(); | HashStringValue& ff=self.fields(); |
| ff.put(adate_name, ValuePtr(new VDate(atime))); | ff.put(adate_name, new VDate(atime)); |
| ff.put(mdate_name, ValuePtr(new VDate(mtime))); | ff.put(mdate_name, new VDate(mtime)); |
| ff.put(cdate_name, ValuePtr(new VDate(ctime))); | ff.put(cdate_name, new VDate(ctime)); |
| ff.put(content_type_name, ValuePtr(new VString(r.mime_type_of(lfile_name->cstr(String::UL_FILE_SPEC))))); | ff.put(content_type_name, new VString(r.mime_type_of(lfile_name.cstr(String::L_FILE_SPEC)))); |
| } | } |
| static bool is_safe_env_key(const char* key) { | static bool is_safe_env_key(const char* key) { |
| for(const char* validator=key; *validator; validator++) { | |
| char c=*validator; | |
| if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) | |
| return false; | |
| } | |
| if(strncasecmp(key, "HTTP_", 5)==0) | if(strncasecmp(key, "HTTP_", 5)==0) |
| return true; | return true; |
| if(strncasecmp(key, "CGI_", 4)==0) | if(strncasecmp(key, "CGI_", 4)==0) |
| Line 203 static bool is_safe_env_key(const char* | Line 259 static bool is_safe_env_key(const char* |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| struct Append_env_pair_info { | struct Append_env_pair_info { |
| Pool* pool; | Request_charsets* charsets; |
| HashStringString* env; | HashStringString* env; |
| ValuePtr vstdin; | Value* vstdin; |
| }; | }; |
| #endif | #endif |
| static void append_env_pair( | static void append_env_pair( |
| HashStringValue::key_type akey, | HashStringValue::key_type akey, |
| HashStringValue::value_type avalue, | HashStringValue::value_type avalue, |
| Append_env_pair_info *info) { | Append_env_pair_info *info) { |
| if(*akey==STDIN_EXEC_PARAM_NAME) { | if(akey==STDIN_EXEC_PARAM_NAME) { |
| info->vstdin=avalue; | info->vstdin=avalue; |
| } else if(akey==CHARSET_EXEC_PARAM_NAME) { | |
| // ignore, already processed | |
| } else { | } else { |
| if(!is_safe_env_key(akey->cstr())) | if(!is_safe_env_key(akey.cstr())) |
| throw Exception("parser.runtime", | throw Exception("parser.runtime", |
| akey, | new String(akey, String::L_TAINTED), |
| "not safe environment variable"); | "not safe environment variable"); |
| info->env->put(akey, avalue->as_string(info->pool)); | info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets)); |
| } | } |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| struct Pass_cgi_header_attribute_info { | struct Pass_cgi_header_attribute_info { |
| Pool* pool; | |
| Charset* charset; | Charset* charset; |
| HashStringValue* fields; | HashStringValue* fields; |
| ValuePtr content_type; | Value* content_type; |
| }; | }; |
| #endif | #endif |
| static void pass_cgi_header_attribute( | static void pass_cgi_header_attribute( |
| ArrayString::element_type astring, | ArrayString::element_type astring, |
| Pass_cgi_header_attribute_info* info) { | Pass_cgi_header_attribute_info* info) { |
| int colon_pos=astring->pos(":", 1); | size_t colon_pos=astring->pos(':'); |
| if(colon_pos>0) { | if(colon_pos!=STRING_NOT_FOUND) { |
| StringPtr key(astring->mid(0, colon_pos)->change_case( | const String& key=astring->mid(0, colon_pos).change_case( |
| *info->pool, *info->charset, String::CC_UPPER)); | *info->charset, String::CC_UPPER); |
| ValuePtr value(new VString(astring->mid(colon_pos+1, astring->size()))); | Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); |
| info->fields->put(key, value); | info->fields->put(key, value); |
| if(*key=="CONTENT-TYPE") | if(key=="CONTENT-TYPE") |
| info->content_type=value; | info->content_type=value; |
| } | } |
| } | } |
| /// @todo fix `` in perl - they produced flipping consoles and no output to perl | /// @todo fix `` in perl - they produced flipping consoles and no output to perl |
| static void _exec_cgi(Request& r, StringPtr method_name, MethodParams* params, | static void _exec_cgi(Request& r, MethodParams& params, |
| bool cgi) { | bool cgi) { |
| Pool& pool=r.pool(); | |
| ValuePtr vfile_name=params->as_no_junction(0, "file name must not be code"); | Value& vfile_name=params.as_no_junction(0, "file name must not be code"); |
| StringPtr script_name=r.absolute(vfile_name->as_string(&pool)); | const String& script_name=r.absolute(vfile_name.as_string()); |
| HashStringString env; | HashStringString env; |
| #define ECSTR(name, value_cstr) \ | #define ECSTR(name, value_cstr) \ |
| if(value_cstr) \ | if(value_cstr) \ |
| env.put( \ | env.put( \ |
| StringPtr(new String(#name)), \ | String::Body(#name), \ |
| StringPtr(new String(value_cstr))); \ | String::Body(value_cstr, 0)); \ |
| // passing SAPI::environment | // passing SAPI::environment |
| if(const char* const *pairs=SAPI::environment(r.sapi_info, pool)) { | if(const char *const *pairs=SAPI::environment(r.sapi_info)) { |
| while(const char* pair=*pairs++) | while(const char* pair=*pairs++) |
| if(const char* eq_at=strchr(pair, '=')) | if(const char* eq_at=strchr(pair, '=')) |
| env.put( | if(eq_at[1]) // has value |
| StringPtr(new String(pair, eq_at-pair)), | env.put( |
| StringPtr(new String(eq_at+1))); | pa_strdup(pair, eq_at-pair), |
| pa_strdup(eq_at+1, 0)); | |
| } | } |
| // const | // const |
| Line 281 static void _exec_cgi(Request& r, String | Line 338 static void _exec_cgi(Request& r, String |
| //String content_length(content_length_cstr); | //String content_length(content_length_cstr); |
| ECSTR(CONTENT_LENGTH, content_length_cstr); | ECSTR(CONTENT_LENGTH, content_length_cstr); |
| // SCRIPT_* | // SCRIPT_* |
| env.put(StringPtr(new String("SCRIPT_NAME")), script_name); | env.put(String::Body("SCRIPT_NAME"), script_name); |
| //env.put(*new(pool) String(pool, "SCRIPT_FILENAME"), ??&script_name); | //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); |
| bool stdin_specified=false; | bool stdin_specified=false; |
| // environment & stdin from param | // environment & stdin from param |
| String in; | String *in=new String(); |
| if(params->count()>1) { | Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed |
| ValuePtr venv=params->as_no_junction(1, "env must not be code"); | if(params.count()>1) { |
| if(HashStringValue* user_env=venv->get_hash(method_name)) { | Value& venv=params.as_no_junction(1, "env must not be code"); |
| Append_env_pair_info info; | if(HashStringValue* user_env=venv.get_hash()) { |
| info.pool=&pool; | // $.charset [previewing to handle URI pieces] |
| info.env=&env; | if(Value* vcharset=user_env->get(CHARSET_EXEC_PARAM_NAME)) |
| user_env->for_each(append_env_pair, &info); | charset=&charsets.get(vcharset->as_string() |
| .change_case(r.charsets.source(), String::CC_UPPER)); | |
| // $.others | |
| Append_env_pair_info info={&r.charsets, &env, 0}; | |
| { | |
| // influence tainting | |
| // main target -- $.QUERY_STRING -- URLencoding of tainted pieces to String::L_URI lang | |
| Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); | |
| user_env->for_each<Append_env_pair_info*>(append_env_pair, &info); | |
| } | |
| // $.stdin | |
| if(info.vstdin) { | if(info.vstdin) { |
| stdin_specified=true; | stdin_specified=true; |
| if(StringPtr sstdin=info.vstdin->get_string(&pool)) { | if(const String* sstdin=info.vstdin->get_string()) { |
| in.append(*sstdin, String::UL_CLEAN, true); | in->append(*sstdin, String::L_CLEAN, true); |
| } else | } else |
| if(VFile *vfile=static_cast<VFile *>(info.vstdin->as("file", false))) | if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file", false))) |
| in.APPEND_TAINTED((const char* )vfile->value_ptr(), vfile->value_size(), | in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); |
| "$.stdin[assigned]", 0); | |
| else | else |
| throw Exception("parser.runtime", | throw Exception("parser.runtime", |
| method_name, | 0, |
| STDIN_EXEC_PARAM_NAME " parameter must be string or file"); | STDIN_EXEC_PARAM_NAME " parameter must be string or file"); |
| } | } |
| } | } |
| Line 312 static void _exec_cgi(Request& r, String | Line 379 static void _exec_cgi(Request& r, String |
| // argv from params | // argv from params |
| ArrayString argv; | ArrayString argv; |
| if(params->count()>2) { | if(params.count()>2) { |
| for(int i=2; i<params->count(); i++) | // influence tainting |
| argv+=params->as_string(i, "parameter must be string"); | // main target -- URLencoding of tainted pieces to String::L_URI lang |
| Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); | |
| for(size_t i=2; i<params.count(); i++) { | |
| const String& param=params.as_string(i, "parameter must be string"); | |
| argv+=new String(param.cstr_to_string_body(String::L_UNSPECIFIED, 0, &r.charsets), String::L_AS_IS); | |
| } | |
| } | } |
| // passing POST data | // transcode if necessary |
| if(!stdin_specified) // if $.stdin[...] not specified | if(charset) { |
| in.APPEND(r.request_info.post_data, r.request_info.post_size, String::UL_CLEAN, | Charset::transcode(env, r.charsets.source(), *charset); |
| "POST data (passed)", 0); | Charset::transcode(argv, r.charsets.source(), *charset); |
| in=&Charset::transcode(*in, r.charsets.source(), *charset); | |
| } | |
| // @todo | |
| // ifdef WIN32 do OEM->ANSI transcode on some(.cmd?) programs to | |
| // match silent conversion in OS | |
| // exec! | // exec! |
| PA_exec_result execution= | PA_exec_result execution= |
| pa_exec(pool, false/*forced_allow*/, script_name, &env, argv, in); | pa_exec(false/*forced_allow*/, script_name, &env, argv, *in); |
| String *real_out=&execution.out; | |
| String *real_err=&execution.err; | |
| // transcode if necessary | |
| if(charset) { | |
| real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); | |
| real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); | |
| } | |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| StringPtr body=execution.out; // ^file:exec | const String* body=real_out; // ^file:exec |
| ValuePtr content_type(0); | |
| const char* eol_marker=0; size_t eol_marker_size; | const char* eol_marker=0; size_t eol_marker_size; |
| StringPtr header(0); | const String* header=0; |
| if(cgi) { // ^file:cgi | if(cgi) { // ^file:cgi |
| // construct with 'out' body and header | // construct with 'out' body and header |
| int dos_pos=execution.out->pos("\r\n\r\n", 4); | size_t dos_pos=real_out->pos("\r\n\r\n", 4); |
| int unix_pos=execution.out->pos("\n\n", 2); | size_t unix_pos=real_out->pos("\n\n", 2); |
| bool unix_header_break; | bool unix_header_break; |
| switch((dos_pos >= 0?10:00) + (unix_pos >= 0?01:00)) { | switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { |
| case 10: // dos | case 10: // dos |
| unix_header_break=false; | unix_header_break=false; |
| break; | break; |
| Line 351 static void _exec_cgi(Request& r, String | Line 435 static void _exec_cgi(Request& r, String |
| default: // 00 | default: // 00 |
| unix_header_break=false; // calm down, compiler | unix_header_break=false; // calm down, compiler |
| throw Exception(0, | throw Exception(0, |
| method_name, | 0, |
| "output does not contain CGI header; " | "output does not contain CGI header; " |
| "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", | "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", |
| execution.status, | execution.status, |
| (uint)execution.out->size(), execution.out->cstr().get(), | (uint)real_out->length(), real_out->cstr(), |
| (uint)execution.err->size(), execution.err->cstr().get()); | (uint)real_err->length(), real_err->cstr()); |
| break; //never reached | break; //never reached |
| } | } |
| Line 369 static void _exec_cgi(Request& r, String | Line 453 static void _exec_cgi(Request& r, String |
| eol_marker="\r\n"; eol_marker_size=2; | eol_marker="\r\n"; eol_marker_size=2; |
| } | } |
| header=execution.out->mid(0, header_break_pos); | header=&real_out->mid(0, header_break_pos); |
| body=execution.out->mid(header_break_pos+eol_marker_size*2, execution.out->size()); | body=&real_out->mid(header_break_pos+eol_marker_size*2, real_out->length()); |
| } | } |
| // body | // body |
| self.set(pool, false/*not tainted*/, body->cstr(pool), body->size()); | self.set(false/*not tainted*/, body->cstr(), body->length()); |
| // $fields << header | // $fields << header |
| if(header && eol_marker) { | if(header && eol_marker) { |
| ArrayString rows; | ArrayString rows; |
| header->split(rows, 0, eol_marker, eol_marker_size); | size_t pos_after=0; |
| Pass_cgi_header_attribute_info info; | header->split(rows, pos_after, eol_marker); |
| info.pool=&pool; | Pass_cgi_header_attribute_info info={0, 0, 0}; |
| info.charset=&r.charsets.source(); | info.charset=&r.charsets.source(); |
| info.fields=&self.fields(); | info.fields=&self.fields(); |
| rows.for_each(pass_cgi_header_attribute, &info); | rows.for_each(pass_cgi_header_attribute, &info); |
| Line 389 static void _exec_cgi(Request& r, String | Line 473 static void _exec_cgi(Request& r, String |
| } | } |
| // $status | // $status |
| self.fields().put(file_status_name, ValuePtr(new VInt(execution.status))); | self.fields().put(file_status_name, new VInt(execution.status)); |
| // $stderr | // $stderr |
| if(execution.err->size()) | if(real_err->length()) |
| self.fields().put( | self.fields().put( |
| StringPtr(new String("stderr")), | String::Body("stderr"), |
| ValuePtr(new VString(execution.err))); | new VString(*real_err)); |
| } | } |
| static void _exec(Request& r, StringPtr method_name, MethodParams* params) { | static void _exec(Request& r, MethodParams& params) { |
| _exec_cgi(r, method_name, params, false); | _exec_cgi(r, params, false); |
| } | } |
| static void _cgi(Request& r, StringPtr method_name, MethodParams* params) { | static void _cgi(Request& r, MethodParams& params) { |
| _exec_cgi(r, method_name, params, true); | _exec_cgi(r, params, true); |
| } | } |
| static void _list(Request& r, StringPtr method_name, MethodParams* params) { | static void _list(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | Value& relative_path=params.as_no_junction(0, "path must not be code"); |
| ValuePtr relative_path=params->as_no_junction(0, "path must not be code"); | |
| StringPtr regexp; | const String* regexp; |
| pcre *regexp_code; | pcre *regexp_code; |
| const int ovecsize=(1/*match*/)*3; | const int ovecsize=(1/*match*/)*3; |
| int ovector[ovecsize]; | int ovector[ovecsize]; |
| if(params->count()>1) { | if(params.count()>1) { |
| regexp=params->as_no_junction(1, "regexp must not be code")->as_string(&pool); | regexp=¶ms.as_no_junction(1, "regexp must not be code").as_string(); |
| CharPtr pattern=regexp->cstr(); | const char* pattern=regexp->cstr(); |
| const char* errptr; | const char* errptr; |
| int erroffset; | int erroffset; |
| regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, | regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, |
| Line 425 static void _list(Request& r, StringPtr | Line 507 static void _list(Request& r, StringPtr |
| if(!regexp_code) | if(!regexp_code) |
| throw Exception(0, | throw Exception(0, |
| regexp->mid(erroffset, regexp->size()), | ®exp->mid(erroffset, regexp->length()), |
| "regular expression syntax error - %s", errptr); | "regular expression syntax error - %s", errptr); |
| } else | } else { |
| regexp=0; // not used, just to calm down compiler | |
| regexp_code=0; | regexp_code=0; |
| } | |
| CharPtr absolute_path_cstr=r.absolute(relative_path->as_string(&pool))-> | const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); |
| cstr(String::UL_FILE_SPEC); | |
| Table::columns_type columns(new ArrayString); | Table::columns_type columns(new ArrayString); |
| *columns+=StringPtr(new String("name")); | *columns+=new String("name"); |
| TablePtr table(new Table(method_name, columns)); | Table& table=*new Table(columns); |
| LOAD_DIR(absolute_path_cstr, | LOAD_DIR(absolute_path_cstr, |
| const char* file_name_cstr=ffblk.ff_name; | const char* file_name_cstr=ffblk.ff_name; |
| Line 459 static void _list(Request& r, StringPtr | Line 542 static void _list(Request& r, StringPtr |
| } | } |
| if(suits) { | if(suits) { |
| StringPtr file_name(new String); | |
| file_name->APPEND_TAINTED(pool.copy(file_name_cstr, file_name_size), file_name_size, | |
| method_name->origin().file, method_name->origin().line); | |
| Table::element_type row(new ArrayString); | Table::element_type row(new ArrayString); |
| *row+=file_name; | *row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true); |
| *table+=row; | table+=row; |
| } | } |
| ); | ); |
| Line 473 static void _list(Request& r, StringPtr | Line 552 static void _list(Request& r, StringPtr |
| pcre_free(regexp_code); | pcre_free(regexp_code); |
| // write out result | // write out result |
| r.write_no_lang(ValuePtr(new VTable(table))); | r.write_no_lang(*new VTable(&table)); |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| struct Lock_execute_body_info { | struct Lock_execute_body_info { |
| Request* r; | Request* r; |
| ValuePtr body_code; | Value* body_code; |
| }; | }; |
| #endif | #endif |
| static void lock_execute_body(int , void *ainfo) { | static void lock_execute_body(int , void *ainfo) { |
| Lock_execute_body_info& info=*static_cast<Lock_execute_body_info *>(ainfo); | Lock_execute_body_info& info=*static_cast<Lock_execute_body_info *>(ainfo); |
| // execute body | // execute body |
| info.r->write_assign_lang(info.r->process(info.body_code)); | info.r->write_assign_lang(info.r->process(*info.body_code)); |
| }; | }; |
| static void _lock(Request& r, StringPtr method_name, MethodParams* params) { | static void _lock(Request& r, MethodParams& params) { |
| Lock_execute_body_info info; | const String& file_spec=r.absolute(params.as_string(0, "file name must be string")); |
| info.r=&r; | Lock_execute_body_info info={ |
| StringPtr file_spec=r.absolute(params->as_string(0, "file name must be string")); | &r, |
| info.body_code=params->as_junction(1, "body must be code"); | ¶ms.as_junction(1, "body must be code") |
| }; | |
| file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); | file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); |
| } | } |
| static int lastposafter(const String& s, int after, const char* substr, size_t substr_size, bool beforelast=false) { | static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { |
| size_t size; | size_t size=0; // just to calm down compiler |
| if(beforelast) | if(beforelast) |
| size=s.size(); | size=s.length(); |
| int at; | size_t at; |
| while((at=s.pos(substr, substr_size, after))>=0) { | while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { |
| size_t newafter=at+substr_size/*skip substr*/; | size_t newafter=at+substr_size/*skip substr*/; |
| if(beforelast && newafter==size) | if(beforelast && newafter==size) |
| break; | break; |
| Line 511 static int lastposafter(const String& s, | Line 591 static int lastposafter(const String& s, |
| return after; | return after; |
| } | } |
| static void _find(Request& r, StringPtr method_name, MethodParams* params) { | static void _find(Request& r, MethodParams& params) { |
| Pool& pool=r.pool(); | const String& file_name=params.as_no_junction(0, "file name must not be code").as_string(); |
| StringPtr file_name=params->as_no_junction(0, "file name must not be code")->as_string(&pool); | const String* file_spec; |
| StringPtr file_spec; | if(file_name.first_char()=='/') |
| if(file_name->first_char()=='/') | file_spec=&file_name; |
| file_spec=file_name; | |
| else | else |
| file_spec=r.relative(r.request_info.uri, file_name); | file_spec=&r.relative(r.request_info.uri, file_name); |
| // easy way | // easy way |
| if(file_readable(r.absolute(file_spec))) { | if(file_exist(r.absolute(*file_spec))) { |
| r.write_assign_lang(*file_spec); | r.write_assign_lang(*file_spec); |
| return; | return; |
| } | } |
| // monkey way | // monkey way |
| int after_base_slash=lastposafter(*file_spec, 0, "/", 1); | int after_base_slash=lastposafter(*file_spec, 0, "/", 1); |
| StringPtr dirname=file_spec->mid(0, after_base_slash); | const String* dirname=&file_spec->mid(0, after_base_slash); |
| StringPtr basename=file_spec->mid(after_base_slash, file_spec->size()); | const String& basename=file_spec->mid(after_base_slash, file_spec->length()); |
| int after_monkey_slash; | int after_monkey_slash; |
| while((after_monkey_slash=lastposafter(*dirname, 0, "/", 1, true))>0) { | while((after_monkey_slash=lastposafter(*dirname, 0, "/", 1, true))>0) { |
| StringPtr test_name(new String); | String test_name; |
| *test_name<<*(dirname=dirname->mid(0, after_monkey_slash)); | test_name<<*(dirname=&dirname->mid(0, after_monkey_slash)); |
| *test_name<<basename; | test_name<<basename; |
| if(file_readable(r.absolute(test_name))) { | if(file_exist(r.absolute(test_name))) { |
| r.write_assign_lang(*test_name); | r.write_assign_lang(test_name); |
| return; | return; |
| } | } |
| } | } |
| // no way, not found | // no way, not found |
| if(params->count()==2) { | if(params.count()==2) { |
| ValuePtr not_found_code=params->as_junction(1, "not-found param must be code"); | Value& not_found_code=params.as_junction(1, "not-found param must be code"); |
| r.write_pass_lang(r.process(not_found_code)); | r.write_pass_lang(r.process(not_found_code)); |
| } | } |
| } | } |
| static void _dirname(Request& r, StringPtr method_name, MethodParams* params) { | static void _dirname(Request& r, MethodParams& params) { |
| StringPtr file_spec=params->as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, "file name must be string"); |
| // /a/some.tar.gz > /a | // /a/some.tar.gz > /a |
| // /a/b/ > /a | // /a/b/ > /a |
| int afterslash=lastposafter(*file_spec, 0, "/", 1, true); | int afterslash=lastposafter(file_spec, 0, "/", 1, true); |
| if(afterslash>0) | if(afterslash>0) |
| r.write_assign_lang(*file_spec->mid(0, afterslash==1?1:afterslash-1)); | r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); |
| else | else |
| r.write_assign_lang(String(".", 1)); | r.write_assign_lang(String(".", 1)); |
| } | } |
| static void _basename(Request& r, StringPtr method_name, MethodParams* params) { | static void _basename(Request& r, MethodParams& params) { |
| StringPtr file_spec=params->as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, "file name must be string"); |
| // /a/some.tar.gz > some.tar.gz | // /a/some.tar.gz > some.tar.gz |
| int afterslash=lastposafter(*file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| r.write_assign_lang(*file_spec->mid(afterslash, file_spec->size())); | r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); |
| } | } |
| static void _justname(Request& r, StringPtr method_name, MethodParams* params) { | static void _justname(Request& r, MethodParams& params) { |
| StringPtr file_spec=params->as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, "file name must be string"); |
| // /a/some.tar.gz > some.tar | // /a/some.tar.gz > some.tar |
| int afterslash=lastposafter(*file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| int afterdot=lastposafter(*file_spec, afterslash, ".", 1); | int afterdot=lastposafter(file_spec, afterslash, ".", 1); |
| r.write_assign_lang(*file_spec->mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec->size())); | r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); |
| } | } |
| static void _justext(Request& r, StringPtr method_name, MethodParams* params) { | static void _justext(Request& r, MethodParams& params) { |
| StringPtr file_spec=params->as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, "file name must be string"); |
| // /a/some.tar.gz > gz | // /a/some.tar.gz > gz |
| int afterdot=lastposafter(*file_spec, 0, ".", 1); | int afterdot=lastposafter(file_spec, 0, ".", 1); |
| if(afterdot>0) | if(afterdot>0) |
| r.write_assign_lang(*file_spec->mid(afterdot, file_spec->size())); | r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); |
| } | } |
| static void _fullpath(Request& r, StringPtr method_name, MethodParams* params) { | static void _fullpath(Request& r, MethodParams& params) { |
| StringPtr file_spec=params->as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, "file name must be string"); |
| StringPtr result(new String); | const String* result; |
| if(file_spec->first_char()=='/') | if(file_spec.first_char()=='/') |
| result=file_spec; | result=&file_spec; |
| else { | else { |
| // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif | // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif |
| StringPtr full_disk_path=r.absolute(file_spec); | const String& full_disk_path=r.absolute(file_spec); |
| size_t document_root_length=strlen(r.request_info.document_root); | size_t document_root_length=strlen(r.request_info.document_root); |
| if(document_root_length>0) { | if(document_root_length>0) { |
| Line 597 static void _fullpath(Request& r, String | Line 676 static void _fullpath(Request& r, String |
| if(last_char == '/' || last_char == '\\') | if(last_char == '/' || last_char == '\\') |
| --document_root_length; | --document_root_length; |
| } | } |
| result=full_disk_path->mid(document_root_length, full_disk_path->size()); | result=&full_disk_path.mid(document_root_length, full_disk_path.length()); |
| } | } |
| r.write_assign_lang(*result); | r.write_assign_lang(*result); |
| } | } |
| static void _sql_string(Request& r, MethodParams&) { | |
| VFile& self=GET_SELF(r, VFile); | |
| const char *quoted=r.connection()->quote(self.value_ptr(), self.value_size()); | |
| r.write_assign_lang(*new String(quoted)); | |
| } | |
| #ifndef DOXYGEN | |
| class File_sql_event_handlers: public SQL_Driver_query_event_handlers { | |
| const String& statement_string; const char* statement_cstr; | |
| int got_columns; | |
| int got_cells; | |
| public: | |
| String::C value; | |
| const String* user_file_name; | |
| const String* user_content_type; | |
| public: | |
| File_sql_event_handlers( | |
| const String& astatement_string, const char* astatement_cstr): | |
| statement_string(astatement_string), statement_cstr(astatement_cstr), | |
| got_columns(0), | |
| got_cells(0), | |
| user_file_name(0), | |
| user_content_type(0) {} | |
| bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { | |
| if(got_columns++==3) { | |
| error=SQL_Error("parser.runtime", "result must contain not more then 3 columns"); | |
| return true; | |
| } | |
| return false; | |
| } | |
| bool before_rows(SQL_Error& /*error*/ ) { /* ignore */ return false; } | |
| bool add_row(SQL_Error& /*error*/) { /* ignore */ return false; } | |
| bool add_row_cell(SQL_Error& error, const char* str, size_t length) { | |
| try { | |
| switch(got_cells++) { | |
| case 0: | |
| value=String::C(str, length); | |
| break; | |
| case 1: | |
| if(!user_file_name) // user not specified? | |
| user_file_name=new String(str, length, true); | |
| break; | |
| case 2: | |
| if(!user_content_type) // user not specified? | |
| user_content_type=new String(str, length, true); | |
| break; | |
| default: | |
| error=SQL_Error("parser.runtime", "result must not contain more then one row, three rows"); | |
| return true; | |
| } | |
| return false; | |
| } catch(...) { | |
| error=SQL_Error("exception occured in File_sql_event_handlers::add_row_cell"); | |
| return true; | |
| } | |
| } | |
| }; | |
| #endif | |
| static void _sql(Request& r, MethodParams& params) { | |
| Value& statement=params.as_junction(0, "statement must be code"); | |
| Temp_lang temp_lang(r, String::L_SQL); | |
| const String& statement_string=r.process_to_string(statement); | |
| const char* statement_cstr= | |
| statement_string.cstr(String::L_UNSPECIFIED, r.connection()); | |
| File_sql_event_handlers handlers(statement_string, statement_cstr); | |
| if(params.count()>1) | |
| if(HashStringValue* options= | |
| params.as_no_junction(1, "param must not be code").get_hash()) { | |
| int valid_options=0; | |
| if(Value* vfilename=options->get(NAME_NAME)) { | |
| valid_options++; | |
| handlers.user_file_name=&vfilename->as_string(); | |
| } | |
| if(Value* vcontent_type=options->get(CONTENT_TYPE_NAME)) { | |
| valid_options++; | |
| handlers.user_content_type=&vcontent_type->as_string(); | |
| } | |
| if(valid_options!=options->count()) | |
| throw Exception("parser.runtime", | |
| 0, | |
| "called with invalid option"); | |
| } | |
| r.connection()->query( | |
| statement_cstr, | |
| 0, 0, | |
| 0, 0, | |
| handlers, | |
| statement_string); | |
| if(!handlers.value) | |
| throw Exception("parser.runtime", | |
| 0, | |
| "produced no result"); | |
| const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0; | |
| VString* vcontent_type=handlers.user_content_type? | |
| new VString(*handlers.user_content_type) | |
| : user_file_name_cstr? | |
| new VString(r.mime_type_of(user_file_name_cstr)) | |
| : 0; | |
| VFile& self=GET_SELF(r, VFile); | |
| self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); | |
| } | |
| static void _base64(Request& r, MethodParams& params) { | |
| VFile& self=GET_SELF(r, VFile); | |
| if(params.count()) { | |
| // decode | |
| const char* cstr=params.as_string(0, "parameter must be string").cstr(); | |
| char* decoded_cstr=0; | |
| size_t decoded_size=0; | |
| pa_base64_decode(cstr, strlen(cstr), decoded_cstr, decoded_size); | |
| if(decoded_cstr && decoded_size) | |
| self.set(true/*tainted*/, decoded_cstr, decoded_size); | |
| } else { | |
| // encode | |
| const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); | |
| r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); | |
| } | |
| } | |
| // constructor | // constructor |
| MFile::MFile(): Methoded("file") { | MFile::MFile(): Methoded("file") { |
| // ^create[text;user-name;string] | |
| // ^create[binary;user-name;SOMEDAY SOMETHING] | |
| add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3); | |
| // ^save[mode;file-name] | // ^save[mode;file-name] |
| add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); | add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); |
| Line 625 MFile::MFile(): Methoded("file") { | Line 835 MFile::MFile(): Methoded("file") { |
| // ^cgi[file-name] | // ^cgi[file-name] |
| // ^cgi[file-name;env hash] | // ^cgi[file-name;env hash] |
| // ^cgi[file-name;env hash;1cmd;2line;3ar;4g;5s] | // ^cgi[file-name;env hash;1cmd;2line;3ar;4g;5s] |
| add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+10); | add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+50); |
| // ^exec[file-name] | // ^exec[file-name] |
| // ^exec[file-name;env hash] | // ^exec[file-name;env hash] |
| // ^exec[file-name;env hash;1cmd;2line;3ar;4g;5s] | // ^exec[file-name;env hash;1cmd;2line;3ar;4g;5s] |
| add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+10); | add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+50); |
| // ^file:list[path] | // ^file:list[path] |
| // ^file:list[path][regexp] | // ^file:list[path][regexp] |
| Line 654 MFile::MFile(): Methoded("file") { | Line 864 MFile::MFile(): Methoded("file") { |
| add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); | add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); |
| // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif | // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif |
| add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); | add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); |
| // ^file.sql-string[] | |
| add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); | |
| // ^file::sql[[alt_name]]{} | |
| add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); | |
| // ^file.base64[] << encode | |
| // ^file::base64[string] << decode | |
| add_native_method("base64", Method::CT_DYNAMIC, _base64, 0, 1); | |
| } | } |