|
|
| version 1.168, 2008/04/30 14:24:51 | version 1.199, 2009/08/08 13:30:20 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: @b file parser class. | Parser: @b file parser class. |
| Copyright (c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) | Copyright (c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| */ | */ |
| Line 9 static const char * const IDENT_FILE_C=" | Line 9 static const char * const IDENT_FILE_C=" |
| #include "pa_config_includes.h" | #include "pa_config_includes.h" |
| #include "pcre.h" | |
| #include "classes.h" | #include "classes.h" |
| #include "pa_vmethod_frame.h" | #include "pa_vmethod_frame.h" |
| Line 26 static const char * const IDENT_FILE_C=" | Line 24 static const char * const IDENT_FILE_C=" |
| #include "pa_charsets.h" | #include "pa_charsets.h" |
| #include "pa_sql_connection.h" | #include "pa_sql_connection.h" |
| #include "pa_md5.h" | #include "pa_md5.h" |
| #include "pa_vregex.h" | |
| // defines | // defines |
| #define TEXT_MODE_NAME "text" | |
| #define BINARY_MODE_NAME "binary" | |
| #define STDIN_EXEC_PARAM_NAME "stdin" | #define STDIN_EXEC_PARAM_NAME "stdin" |
| #define CHARSET_EXEC_PARAM_NAME "charset" | #define CHARSET_EXEC_PARAM_NAME "charset" |
| Line 46 extern String sql_offset_name; | Line 43 extern String sql_offset_name; |
| class MFile: public Methoded { | class MFile: public Methoded { |
| public: // VStateless_class | public: // VStateless_class |
| Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); } | Value* create_new_value(Pool&) { return new VFile(); } |
| public: // Methoded | public: // Methoded |
| bool used_directly() { return true; } | bool used_directly() { return true; } |
| Line 115 static const String::Body cdate_name("cd | Line 112 static const String::Body cdate_name("cd |
| // methods | // methods |
| static bool is_valid_mode (const String& mode) { | static bool is_valid_mode (const String& mode) { |
| return (mode==TEXT_MODE_NAME || mode==BINARY_MODE_NAME); | return (mode==text_mode_name || mode==binary_mode_name); |
| } | } |
| static bool is_text_mode(const String& mode) { | static bool is_text_mode(const String& mode) { |
| if(mode==TEXT_MODE_NAME) | if(mode==text_mode_name) |
| return true; | return true; |
| if(mode==BINARY_MODE_NAME) | if(mode==binary_mode_name) |
| return false; | return false; |
| throw Exception(PARSER_RUNTIME, | throw Exception(PARSER_RUNTIME, |
| &mode, | &mode, |
| Line 155 static void _move(Request& r, MethodPara | Line 152 static void _move(Request& r, MethodPara |
| } | } |
| static void copy_process_source( | static void copy_process_source( |
| struct stat& , | struct stat& , |
| int from_file, | int from_file, |
| const String& , const char* /*fname*/, bool, | const String& , const char* /*fname*/, bool, |
| void *context) { | void *context) { |
| int& to_file=*static_cast<int *>(context); | int& to_file=*static_cast<int *>(context); |
| int nCount=0; | int nCount=0; |
| Line 167 static void copy_process_source( | Line 164 static void copy_process_source( |
| nCount = file_block_read(from_file, buffer, sizeof(buffer)); | nCount = file_block_read(from_file, buffer, sizeof(buffer)); |
| int written=write(to_file, buffer, nCount); | int written=write(to_file, buffer, nCount); |
| if( written < 0 ) | if( written < 0 ) |
| throw Exception(0, | throw Exception("file.access", |
| 0, | 0, |
| "write failed: %s (%d)", strerror(errno), errno); | "write failed: %s (%d)", strerror(errno), errno); |
| Line 194 static void _copy(Request& r, MethodPara | Line 191 static void _copy(Request& r, MethodPara |
| } | } |
| static void _load_pass_param( | static void _load_pass_param( |
| HashStringValue::key_type key, | HashStringValue::key_type key, |
| HashStringValue::value_type value, | HashStringValue::value_type value, |
| HashStringValue *dest) { | HashStringValue *dest) { |
| dest->put(key, value); | dest->put(key, value); |
| } | } |
| static void _load(Request& r, MethodParams& params) { | static void _load(Request& r, MethodParams& params) { |
| Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE); | bool as_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); |
| const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); | const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); |
| Value* third_param=params.count()>2?¶ms.as_no_junction(2, "filename or options must not be code") | |
| :0; | |
| HashStringValue* third_param_hash=third_param?third_param->get_hash():0; | |
| size_t alt_filename_param_index=2; | |
| if(third_param_hash) | |
| alt_filename_param_index++; | |
| HashStringValue* options=third_param_hash; | size_t param_index=params.count()-1; |
| Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "filename or options must not be code"):0; | |
| HashStringValue* options=0; | |
| const char *user_file_name=0; | |
| if(param_value){ | |
| options=param_value->get_hash(); | |
| if(options || param_index>2) | |
| param_index--; | |
| if(param_index>1){ | |
| const String& luser_file_name=params.as_string(param_index, FILE_NAME_MUST_BE_STRING); | |
| if(!luser_file_name.is_empty()) | |
| user_file_name=luser_file_name.taint_cstr(String::L_FILE_SPEC); | |
| } | |
| } | |
| if(!user_file_name) | |
| user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); | |
| size_t offset=0; | size_t offset=0; |
| size_t limit=0; | size_t limit=0; |
| if(options) { | |
| if(options){ | |
| options=new HashStringValue(*options); | options=new HashStringValue(*options); |
| if(Value *voffset=(Value *)options->get(sql_offset_name)) { | if(Value *voffset=(Value *)options->get(sql_offset_name)){ |
| offset=r.process_to_value(*voffset).as_int(); | offset=r.process_to_value(*voffset).as_int(); |
| } | } |
| if(Value *vlimit=(Value *)options->get(sql_limit_name)) { | if(Value *vlimit=(Value *)options->get(sql_limit_name)){ |
| limit=r.process_to_value(*vlimit).as_int(); | limit=r.process_to_value(*vlimit).as_int(); |
| } | } |
| // no check on options count here, see file_read | // no check on options count here, see file_read |
| } | } |
| File_read_result file=file_read(r.charsets, lfile_name, | File_read_result file=file_load(r, lfile_name, |
| is_text_mode(vmode_name.as_string()), | as_text, options, true, 0, offset, limit |
| options, true, 0, offset, limit | |
| ); | ); |
| const char *user_file_name=params.count()>alt_filename_param_index? | |
| params.as_string(alt_filename_param_index, FILE_NAME_MUST_BE_STRING).cstr() | |
| :lfile_name.cstr(String::L_FILE_SPEC); | |
| Value* vcontent_type=0; | Value* vcontent_type=0; |
| if(file.headers){ | if(file.headers){ |
| if(Value* remote_content_type=file.headers->get("CONTENT-TYPE")) | if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER)) |
| vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); | vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); |
| } | } |
| if(!vcontent_type) | if(!vcontent_type) |
| Line 242 static void _load(Request& r, MethodPara | Line 248 static void _load(Request& r, MethodPara |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); | self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); |
| self.set_mode(as_text); | |
| if(file.headers){ | if(file.headers){ |
| file.headers->for_each<HashStringValue*>(_load_pass_param, &self.fields()); | file.headers->for_each<HashStringValue*>(_load_pass_param, &self.fields()); |
| } else { | } else { |
| size_t size; | size_t size; |
| time_t atime, mtime, ctime; | time_t atime, mtime, ctime; |
| file_stat(r.absolute(lfile_name), size, atime, mtime, ctime); | file_stat(lfile_name, size, atime, mtime, ctime); |
| HashStringValue& ff=self.fields(); | HashStringValue& ff=self.fields(); |
| ff.put(adate_name, new VDate(atime)); | ff.put(adate_name, new VDate(atime)); |
| ff.put(mdate_name, new VDate(mtime)); | ff.put(mdate_name, new VDate(mtime)); |
| ff.put(cdate_name, new VDate(ctime)); | ff.put(cdate_name, new VDate(ctime)); |
| } | } |
| } | } |
| static void _create(Request& r, MethodParams& params) { | static void _create(Request& r, MethodParams& params) { |
| Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE); | const String& mode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string(); |
| if(!is_text_mode(vmode_name.as_string())) | if(!is_text_mode(mode_name)) |
| throw Exception(PARSER_RUNTIME, | throw Exception(PARSER_RUNTIME, |
| 0, | 0, |
| "only text mode is currently supported"); | "only text mode is currently supported"); |
| const char* user_file_name_cstr=r.absolute( | const char* user_file_name_cstr=r.absolute( |
| params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).cstr(String::L_FILE_SPEC); | params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC); |
| const String& content=params.as_string(2, "content must be string"); | const String& content=params.as_string(2, "content must be string"); |
| const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes | const String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes |
| VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); | VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type); | self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type); |
| self.set_mode(true/*as_text*/); | |
| } | } |
| static void _stat(Request& r, MethodParams& params) { | static void _stat(Request& r, MethodParams& params) { |
| Line 288 static void _stat(Request& r, MethodPara | Line 297 static void _stat(Request& r, MethodPara |
| size, | size, |
| atime, mtime, ctime); | atime, mtime, ctime); |
| const char* user_file_name=lfile_name.cstr(String::L_FILE_SPEC); | const char* user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| Line 323 struct Append_env_pair_info { | Line 332 struct Append_env_pair_info { |
| }; | }; |
| #endif | #endif |
| static void append_env_pair( | static void append_env_pair( |
| HashStringValue::key_type akey, | HashStringValue::key_type akey, |
| HashStringValue::value_type avalue, | HashStringValue::value_type avalue, |
| Append_env_pair_info *info) { | Append_env_pair_info *info) { |
| if(akey==STDIN_EXEC_PARAM_NAME) { | if(akey==STDIN_EXEC_PARAM_NAME) { |
| info->vstdin=avalue; | info->vstdin=avalue; |
| } else if(akey==CHARSET_EXEC_PARAM_NAME) { | } else if(akey==CHARSET_EXEC_PARAM_NAME) { |
| Line 335 static void append_env_pair( | Line 344 static void append_env_pair( |
| throw Exception(PARSER_RUNTIME, | throw Exception(PARSER_RUNTIME, |
| new String(akey, String::L_TAINTED), | new String(akey, String::L_TAINTED), |
| "not safe environment variable"); | "not safe environment variable"); |
| info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets)); | info->env->put(akey, avalue->as_string().cstr_to_string_body_untaint(String::L_AS_IS, 0, info->charsets)); |
| } | } |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| Line 346 struct Pass_cgi_header_attribute_info { | Line 355 struct Pass_cgi_header_attribute_info { |
| }; | }; |
| #endif | #endif |
| static void pass_cgi_header_attribute( | static void pass_cgi_header_attribute( |
| ArrayString::element_type astring, | ArrayString::element_type astring, |
| Pass_cgi_header_attribute_info* info) { | Pass_cgi_header_attribute_info* info) { |
| size_t colon_pos=astring->pos(':'); | size_t colon_pos=astring->pos(':'); |
| if(colon_pos!=STRING_NOT_FOUND) { | if(colon_pos!=STRING_NOT_FOUND) { |
| const String& key=astring->mid(0, colon_pos).change_case( | const String& key=astring->mid(0, colon_pos).change_case( |
| *info->charset, String::CC_UPPER); | *info->charset, String::CC_UPPER); |
| Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); | Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); |
| info->fields->put(key, value); | info->fields->put(key, value); |
| if(key=="CONTENT-TYPE") | if(key==HTTP_CONTENT_TYPE_UPPER) |
| info->content_type=value; | info->content_type=value; |
| } | } |
| } | } |
| static void append_to_argv(Request& r, ArrayString& argv, const String* str){ | static void append_to_argv(Request& r, ArrayString& argv, const String* str){ |
| if( str->length() ){ | if(!str->is_empty()) |
| argv+=new String(str->cstr_to_string_body(String::L_UNSPECIFIED, 0, &r.charsets), String::L_AS_IS); | argv+=new String(str->cstr_to_string_body_untaint(String::L_AS_IS, 0, &r.charsets), String::L_AS_IS); |
| } | |
| } | |
| inline size_t strpos(const char *s1, const char *s2) { | |
| const char *p = strstr(s1, s2); | |
| return (p==0)?STRING_NOT_FOUND:p-s1; | |
| } | } |
| /// @todo fix `` in perl - they produced flipping consoles and no output to perl | /// @todo fix `` in perl - they produced flipping consoles and no output to perl |
| static void _exec_cgi(Request& r, MethodParams& params, | static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { |
| bool cgi) { | bool as_text=true; |
| size_t param_index=0; | |
| Value& first_param=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE); | const String& mode_name=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE).as_string(); |
| if(is_valid_mode(mode_name)){ | |
| bool is_mode_specified=is_valid_mode(first_param.as_string()); | as_text=is_text_mode(mode_name); |
| const String& mode_name=(is_mode_specified) ? first_param.as_string() : *new String(TEXT_MODE_NAME); | param_index++; |
| size_t param_index=1; | |
| if(!is_mode_specified){ | |
| --param_index; | |
| } | } |
| if(param_index>=params.count()) | if(param_index>=params.count()) |
| Line 399 static void _exec_cgi(Request& r, Method | Line 398 static void _exec_cgi(Request& r, Method |
| if(value_cstr) \ | if(value_cstr) \ |
| env.put( \ | env.put( \ |
| String::Body(#name), \ | String::Body(#name), \ |
| String::Body(value_cstr, 0)); \ | String::Body(*value_cstr?value_cstr:0)); \ |
| // passing SAPI::environment | // passing SAPI::environment |
| if(const char *const *pairs=SAPI::environment(r.sapi_info)) { | if(const char *const *pairs=SAPI::environment(r.sapi_info)) { |
| while(const char* pair=*pairs++) | while(const char* pair=*pairs++) |
| Line 453 static void _exec_cgi(Request& r, Method | Line 452 static void _exec_cgi(Request& r, Method |
| if(const String* sstdin=info.vstdin->get_string()) { | if(const String* sstdin=info.vstdin->get_string()) { |
| in->append(*sstdin, String::L_CLEAN, true); | in->append(*sstdin, String::L_CLEAN, true); |
| } else | } else |
| if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file", false))) | if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file"))) |
| in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); | in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); |
| else | else |
| throw Exception(PARSER_RUNTIME, | throw Exception(PARSER_RUNTIME, |
| Line 466 static void _exec_cgi(Request& r, Method | Line 465 static void _exec_cgi(Request& r, Method |
| // argv from params | // argv from params |
| ArrayString argv; | ArrayString argv; |
| if(param_index < params.count()) { | if(param_index < params.count()) { |
| // influence tainting | // influence tainting |
| // main target -- URLencoding of tainted pieces to String::L_URI lang | Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); |
| Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); | |
| for(size_t i=param_index; i<params.count(); i++) { | for(size_t i=param_index; i<params.count(); i++) { |
| Value& param=params.as_no_junction(i, PARAM_MUST_NOT_BE_CODE); | Value& param=params.as_no_junction(i, PARAM_MUST_NOT_BE_CODE); |
| Line 511 static void _exec_cgi(Request& r, Method | Line 509 static void _exec_cgi(Request& r, Method |
| if(charset) | if(charset) |
| real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); | real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); |
| if(file_out->length && is_text_mode(mode_name)){ | if(file_out->length && as_text){ |
| fix_line_breaks(file_out->str, file_out->length); | fix_line_breaks(file_out->str, file_out->length); |
| // treat output as string | // treat output as string |
| String *real_out = new String(file_out->str, file_out->length); | String *real_out = new String(file_out->str); |
| // transcode out if necessary | // transcode out if necessary |
| if(charset) | if(charset) |
| Line 548 static void _exec_cgi(Request& r, Method | Line 546 static void _exec_cgi(Request& r, Method |
| break; | break; |
| default: // 00 | default: // 00 |
| unix_header_break=false; // calm down, compiler | unix_header_break=false; // calm down, compiler |
| throw Exception(0, | throw Exception("file.execute", |
| 0, | 0, |
| "output does not contain CGI header; " | "output does not contain CGI header; " |
| "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", | "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", |
| execution.status, | execution.status, |
| (size_t)file_out->length, (file_out->length) ? (file_out->str) : "", | file_out->length, (file_out->length) ? (file_out->str) : "", |
| (size_t)real_err->length(), real_err->cstr()); | real_err->length(), real_err->cstr()); |
| break; //never reached | break; //never reached |
| } | } |
| Line 570 static void _exec_cgi(Request& r, Method | Line 568 static void _exec_cgi(Request& r, Method |
| } | } |
| file_out->str[header_break_pos] = 0; | file_out->str[header_break_pos] = 0; |
| String *header=new String(file_out->str, header_break_pos); | String *header=new String(file_out->str); |
| unsigned long headersize = header_break_pos+eol_marker_size*2; | unsigned long headersize = header_break_pos+eol_marker_size*2; |
| file_out->str += headersize; | file_out->str += headersize; |
| file_out->length -= headersize; | file_out->length -= headersize; |
| Line 579 static void _exec_cgi(Request& r, Method | Line 577 static void _exec_cgi(Request& r, Method |
| self.set(false/*not tainted*/, file_out->str, file_out->length); | self.set(false/*not tainted*/, file_out->str, file_out->length); |
| // $fields << header | // $fields << header |
| if(header && eol_marker) { | if(header) { |
| ArrayString rows; | ArrayString rows; |
| size_t pos_after=0; | size_t pos_after=0; |
| header->split(rows, pos_after, eol_marker); | header->split(rows, pos_after, eol_marker); |
| Line 595 static void _exec_cgi(Request& r, Method | Line 593 static void _exec_cgi(Request& r, Method |
| self.set(false/*not tainted*/, file_out->str, file_out->length); | self.set(false/*not tainted*/, file_out->str, file_out->length); |
| } | } |
| self.set_mode(as_text); | |
| // $status | // $status |
| self.fields().put(file_status_name, new VInt(execution.status)); | self.fields().put(file_status_name, new VInt(execution.status)); |
| // $stderr | // $stderr |
| if(real_err->length()) | if(!real_err->is_empty()) |
| self.fields().put( | self.fields().put( |
| String::Body("stderr"), | String::Body("stderr"), |
| new VString(*real_err)); | new VString(*real_err)); |
| Line 614 static void _cgi(Request& r, MethodParam | Line 614 static void _cgi(Request& r, MethodParam |
| static void _list(Request& r, MethodParams& params) { | static void _list(Request& r, MethodParams& params) { |
| Value& relative_path=params.as_no_junction(0, "path must not be code"); | Value& relative_path=params.as_no_junction(0, "path must not be code"); |
| const String* regexp; | VRegex* vregex=0; |
| pcre *regexp_code; | VRegexCleaner vrcleaner; |
| const int ovecsize=(1/*match*/)*3; | if(params.count()>1){ |
| int ovector[ovecsize]; | Value& regexp=params.as_no_junction(1, "regexp must not be code"); |
| if(params.count()>1) { | if(regexp.is_defined()){ |
| regexp=¶ms.as_no_junction(1, "regexp must not be code").as_string(); | if(Value* value=regexp.as(VREGEX_TYPE)){ |
| vregex=static_cast<VRegex*>(value); | |
| const char* pattern=regexp->cstr(); | } else { |
| const char* errptr; | vregex=new VRegex(r.charsets.source(), ®exp.as_string(), 0/*options*/); |
| int erroffset; | vregex->study(); |
| regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, | vrcleaner.vregex=vregex; |
| &errptr, &erroffset, | } |
| r.charsets.source().pcre_tables); | } |
| if(!regexp_code) | |
| throw Exception(0, | |
| ®exp->mid(erroffset, regexp->length()), | |
| "regular expression syntax error - %s", errptr); | |
| } else { | |
| regexp=0; // not used, just to calm down compiler | |
| regexp_code=0; | |
| } | } |
| const char* absolute_path_cstr=r.absolute(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC); | |
| const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); | |
| Table::columns_type columns(new ArrayString); | Table::columns_type columns(new ArrayString); |
| *columns+=new String("name"); | *columns+=new String("name"); |
| Table& table=*new Table(columns); | Table& table=*new Table(columns); |
| const int ovector_size=(1/*match*/)*3; | |
| int ovector[ovector_size]; | |
| LOAD_DIR(absolute_path_cstr, | LOAD_DIR(absolute_path_cstr, |
| const char* file_name_cstr=ffblk.ff_name; | const char* file_name_cstr=ffblk.ff_name; |
| size_t file_name_size=strlen(file_name_cstr); | size_t file_name_size=strlen(file_name_cstr); |
| bool suits=true; | |
| if(regexp_code) { | |
| int exec_result=pcre_exec(regexp_code, 0, | |
| ffblk.ff_name, file_name_size, 0, | |
| 0, ovector, ovecsize); | |
| if(exec_result==PCRE_ERROR_NOMATCH) | |
| suits=false; | |
| else if(exec_result<0) { | |
| (*pcre_free)(regexp_code); | |
| throw Exception(0, | |
| regexp, | |
| "regular expression execute (%d)", | |
| exec_result); | |
| } | |
| } | |
| if(suits) { | if(!vregex || vregex->exec(ffblk.ff_name, file_name_size, ovector, ovector_size)>=0) { |
| Table::element_type row(new ArrayString); | Table::element_type row(new ArrayString); |
| *row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true); | *row+=new String(pa_strdup(file_name_cstr, file_name_size), String::L_TAINTED); |
| table+=row; | table+=row; |
| } | } |
| ); | ); |
| if(regexp_code) | |
| pcre_free(regexp_code); | |
| // write out result | // write out result |
| r.write_no_lang(*new VTable(&table)); | r.write_no_lang(*new VTable(&table)); |
| } | } |
| Line 708 static int lastposafter(const String& s, | Line 683 static int lastposafter(const String& s, |
| if(beforelast) | if(beforelast) |
| size=s.length(); | size=s.length(); |
| size_t at; | size_t at; |
| while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { | while((at=s.pos(String::Body(substr), after))!=STRING_NOT_FOUND) { |
| size_t newafter=at+substr_size/*skip substr*/; | size_t newafter=at+substr_size/*skip substr*/; |
| if(beforelast && newafter==size) | if(beforelast && newafter==size) |
| break; | break; |
| Line 757 static void _find(Request& r, MethodPara | Line 732 static void _find(Request& r, MethodPara |
| static void _dirname(Request& r, MethodParams& params) { | static void _dirname(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > /a | // /a/some.tar.gz > /a |
| // /a/b/ > /a | // /a/b/ > /a |
| int afterslash=lastposafter(file_spec, 0, "/", 1, true); | int afterslash=lastposafter(file_spec, 0, "/", 1, true); |
| if(afterslash>0) | if(afterslash>0) |
| r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); | r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); |
| else | else |
| r.write_assign_lang(String(".", 1)); | r.write_assign_lang(String(".")); |
| } | } |
| static void _basename(Request& r, MethodParams& params) { | static void _basename(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > some.tar.gz | // /a/some.tar.gz > some.tar.gz |
| int afterslash=lastposafter(file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); | r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); |
| } | } |
| static void _justname(Request& r, MethodParams& params) { | static void _justname(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > some.tar | // /a/some.tar.gz > some.tar |
| int afterslash=lastposafter(file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| int afterdot=lastposafter(file_spec, afterslash, ".", 1); | int afterdot=lastposafter(file_spec, afterslash, ".", 1); |
| r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); | r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); |
| } | } |
| static void _justext(Request& r, MethodParams& params) { | static void _justext(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > gz | // /a/some.tar.gz > gz |
| int afterdot=lastposafter(file_spec, 0, ".", 1); | int afterdot=lastposafter(file_spec, 0, ".", 1); |
| if(afterdot>0) | if(afterdot>0) |
| r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); | r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); |
| Line 850 public: | Line 825 public: |
| break; | break; |
| case 1: | case 1: |
| if(!user_file_name) // user not specified? | if(!user_file_name) // user not specified? |
| user_file_name=new String(str, length, true); | user_file_name=new String(str, String::L_TAINTED); |
| break; | break; |
| case 2: | case 2: |
| if(!user_content_type) // user not specified? | if(!user_content_type) // user not specified? |
| user_content_type=new String(str, length, true); | user_content_type=new String(str, String::L_TAINTED); |
| break; | break; |
| default: | default: |
| error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); | error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); |
| Line 873 static void _sql(Request& r, MethodParam | Line 848 static void _sql(Request& r, MethodParam |
| Temp_lang temp_lang(r, String::L_SQL); | Temp_lang temp_lang(r, String::L_SQL); |
| const String& statement_string=r.process_to_string(statement); | const String& statement_string=r.process_to_string(statement); |
| const char* statement_cstr= | const char* statement_cstr=statement_string.untaint_cstr(r.flang, r.connection()); |
| statement_string.cstr(String::L_UNSPECIFIED, r.connection()); | |
| File_sql_event_handlers handlers(statement_string, statement_cstr); | File_sql_event_handlers handlers(statement_string, statement_cstr); |
| ulong limit=SQL_NO_LIMIT; | |
| ulong offset=0; | |
| if(params.count()>1) | if(params.count()>1) |
| if(HashStringValue* options= | if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ |
| params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()) { | |
| int valid_options=0; | int valid_options=0; |
| if(Value* vfilename=options->get(NAME_NAME)) { | if(Value* vfilename=options->get(NAME_NAME)) { |
| valid_options++; | valid_options++; |
| Line 889 static void _sql(Request& r, MethodParam | Line 866 static void _sql(Request& r, MethodParam |
| valid_options++; | valid_options++; |
| handlers.user_content_type=&vcontent_type->as_string(); | handlers.user_content_type=&vcontent_type->as_string(); |
| } | } |
| if(Value* vlimit=options->get(sql_limit_name)) { | |
| valid_options++; | |
| limit=(ulong)r.process_to_value(*vlimit).as_double(); | |
| } | |
| if(Value* voffset=options->get(sql_offset_name)) { | |
| valid_options++; | |
| offset=(ulong)r.process_to_value(*voffset).as_double(); | |
| } | |
| if(valid_options!=options->count()) | if(valid_options!=options->count()) |
| throw Exception(PARSER_RUNTIME, | throw Exception(PARSER_RUNTIME, |
| 0, | 0, |
| Line 899 static void _sql(Request& r, MethodParam | Line 884 static void _sql(Request& r, MethodParam |
| r.connection()->query( | r.connection()->query( |
| statement_cstr, | statement_cstr, |
| 0, 0, | 0, 0, |
| 0, 0, | offset, limit, |
| handlers, | handlers, |
| statement_string); | statement_string); |
| Line 917 static void _sql(Request& r, MethodParam | Line 902 static void _sql(Request& r, MethodParam |
| : 0; | : 0; |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); | self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); |
| self.set_mode(false/*binary*/); | |
| } | } |
| static void _base64(Request& r, MethodParams& params) { | static void _base64(Request& r, MethodParams& params) { |
| bool dynamic = !(&r.get_self() == file_class); | bool dynamic = !(&r.get_self() == file_class); |
| if ( dynamic ){ | if(dynamic){ |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| if(params.count()) { | if(params.count()) { |
| // decode | // decode: ^file::base64[encoded] |
| const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); | const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); |
| char* decoded_cstr=0; | char* decoded=0; |
| size_t decoded_size=0; | size_t length=0; |
| pa_base64_decode(cstr, strlen(cstr), decoded_cstr, decoded_size); | pa_base64_decode(cstr, strlen(cstr), decoded, length); |
| if(decoded_cstr && decoded_size) | if(decoded && length) |
| self.set(true/*tainted*/, decoded_cstr, decoded_size); | self.set(true/*tainted*/, decoded, length); |
| } else { | } else { |
| // encode | // encode: ^f.base64[] |
| const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); | const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); |
| r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); | r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed**/)); |
| } | } |
| } else { | } else { |
| // encode | // encode: ^file:base64[filespec] |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| const char* encoded=pa_base64_encode(r.absolute(file_spec)); | const char* encoded=pa_base64_encode(r.absolute(file_spec)); |
| r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); | r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed*/)); |
| } | } |
| } | } |
| Line 966 static void _crc32(Request& r, MethodPar | Line 952 static void _crc32(Request& r, MethodPar |
| static void file_md5_file_action( | static void file_md5_file_action( |
| struct stat& finfo, | struct stat& finfo, |
| int f, | int f, |
| const String& , const char* /*fname*/, bool, | const String& , const char* /*fname*/, bool, |
| void *context) | void *context) |
| { | { |
| PA_MD5_CTX& md5context=*static_cast<PA_MD5_CTX *>(context); | PA_MD5_CTX& md5context=*static_cast<PA_MD5_CTX *>(context); |
| if(finfo.st_size) { | if(finfo.st_size) { |
| Line 1045 MFile::MFile(): Methoded("file") { | Line 1031 MFile::MFile(): Methoded("file") { |
| // ^file::load[mode;disk-name] | // ^file::load[mode;disk-name] |
| // ^file::load[mode;disk-name;user-name] | // ^file::load[mode;disk-name;user-name] |
| add_native_method("load", Method::CT_DYNAMIC, _load, 2, 3); | add_native_method("load", Method::CT_DYNAMIC, _load, 2, 4); |
| // ^file::stat[disk-name] | // ^file::stat[disk-name] |
| add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1); | add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1); |