--- parser3/src/classes/file.C 2003/02/06 14:24:50 1.107.2.7 +++ parser3/src/classes/file.C 2007/02/07 15:50:32 1.151 @@ -1,11 +1,11 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char* IDENT_FILE_C="$Date: 2003/02/06 14:24:50 $"; +static const char * const IDENT_FILE_C="$Date: 2007/02/07 15:50:32 $"; #include "pa_config_includes.h" @@ -23,11 +23,42 @@ static const char* IDENT_FILE_C="$Date: #include "pa_dir.h" #include "pa_vtable.h" #include "pa_charset.h" +#include "pa_charsets.h" +#include "pa_sql_connection.h" +#include "pa_md5.h" // defines #define TEXT_MODE_NAME "text" +#define BINARY_MODE_NAME "binary" #define STDIN_EXEC_PARAM_NAME "stdin" +#define CHARSET_EXEC_PARAM_NAME "charset" + +#define NAME_NAME "name" + +// externs + +extern String sql_limit_name; +extern String sql_offset_name; + +// class + +class MFile: public Methoded { +public: // VStateless_class + + Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); } + +public: // Methoded + bool used_directly() { return true; } + +public: + MFile(); + +}; + +// global variable + +DECLARE_CLASS_VAR(file, new MFile, 0); // consts @@ -77,104 +108,165 @@ static const char* suexec_safe_env_lst[] // statics -static StringPtr adate_name(new String("adate")); -static StringPtr mdate_name(new String("mdate")); -static StringPtr cdate_name(new String("cdate")); - -// class - -class MFile : public Methoded { -public: // VStateless_class - - ValuePtr create_new_value() { return ValuePtr(new VFile()); } - -public: // Methoded - bool used_directly() { return true; } - -public: - MFile(); - -}; - -// global variable - -MethodedPtr file_class_ptr(new MFile); +static const String::Body adate_name("adate"); +static const String::Body mdate_name("mdate"); +static const String::Body cdate_name("cdate"); // methods -static void _save(Request& r, StringPtr /*method_name*/, MethodParams& params) { - Pool& pool=r.pool(); - ValuePtr vmode_name=params. as_no_junction(0, "mode must not be code"); - ValuePtr vfile_name=params.as_no_junction(1, "file name must not be code"); +static bool is_text_mode(const String& mode) { + if(mode==TEXT_MODE_NAME) + return true; + if(mode==BINARY_MODE_NAME) + return false; + throw Exception("parser.runtime", + &mode, + "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); +} + +static void _save(Request& r, MethodParams& params) { + Value& vmode_name=params. as_no_junction(0, "mode must not be code"); + Value& vfile_name=params.as_no_junction(1, "file name must not be code"); // save - GET_SELF(r, VFile).save(r.absolute(vfile_name->as_string(&pool)), - *vmode_name->as_string(&pool)==TEXT_MODE_NAME); + GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()), + is_text_mode(vmode_name.as_string())); } -static void _delete(Request& r, StringPtr /*method_name*/, MethodParams& params) { - Pool& pool=r.pool(); - ValuePtr vfile_name=params.as_no_junction(0, "file name must not be code"); +static void _delete(Request& r, MethodParams& params) { + Value& vfile_name=params.as_no_junction(0, "file name must not be code"); // unlink - file_delete(r.absolute(vfile_name->as_string(&pool))); + file_delete(r.absolute(vfile_name.as_string())); } -static void _move(Request& r, StringPtr /*method_name*/, MethodParams& params) { - Pool& pool=r.pool(); - ValuePtr vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); - ValuePtr vto_file_name=params.as_no_junction(1, "to file name must not be code"); +static void _move(Request& r, MethodParams& params) { + Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); + Value& vto_file_name=params.as_no_junction(1, "to file name must not be code"); // move file_move( - r.absolute(vfrom_file_name->as_string(&pool)), - r.absolute(vto_file_name->as_string(&pool))); + r.absolute(vfrom_file_name.as_string()), + r.absolute(vto_file_name.as_string())); +} + +static void copy_process_source( + struct stat& , + int from_file, + const String& , const char* /*fname*/, bool, + void *context) { + int& to_file=*static_cast(context); + + int nCount=0; + do { + unsigned char buffer[FILE_BUFFER_SIZE]; + nCount = file_block_read(from_file, buffer, sizeof(buffer)); + int written=write(to_file, buffer, nCount); + if( written < 0 ) + throw Exception(0, + 0, + "write failed: %s (%d)", strerror(errno), errno); + + } while(nCount > 0); +} + +static void copy_open_target(int f, void *from_spec) { + String& file_spec=*static_cast(from_spec); + file_read_action_under_lock(file_spec, "copy", copy_process_source, &f); +}; + +static void _copy(Request& r, MethodParams& params) { + Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); + Value& vto_file_name=params.as_no_junction(1, "to file name must not be code"); + + String from_spec = r.absolute(vfrom_file_name.as_string()); + const String& to_spec = r.absolute(vto_file_name.as_string()); + + create_dir_for_file(to_spec); + + file_write_action_under_lock( + to_spec, + "copy", + copy_open_target, + &from_spec); } static void _load_pass_param( - HashStringValue::key_type key, - HashStringValue::value_type value, - HashStringValue *dest) { + HashStringValue::key_type key, + HashStringValue::value_type value, + HashStringValue *dest) { dest->put(key, value); } -static void _load(Request& r, StringPtr method_name, MethodParams& params) { - Pool& pool=r.pool(); - ValuePtr vmode_name=params. as_no_junction(0, "mode must not be code"); - StringPtr lfile_name=r.absolute(params.as_no_junction(1, "file name must not be code")->as_string(&pool)); - ValuePtr third_param=params.count()>2?params.as_no_junction(2, "filename or options must not be code") - :ValuePtr(0); - HashStringValue* third_param_hash=third_param?third_param->get_hash(method_name):0; - int alt_filename_param_index=2; +static void _load(Request& r, MethodParams& params) { + Value& vmode_name=params. as_no_junction(0, "mode must not be code"); + const String& lfile_name=r.absolute(params.as_no_junction(1, "file name must not be code").as_string()); + Value* third_param=params.count()>2?¶ms.as_no_junction(2, "filename or options must not be code") + :0; + HashStringValue* third_param_hash=third_param?third_param->get_hash():0; + size_t alt_filename_param_index=2; if(third_param_hash) alt_filename_param_index++; - char *data; size_t size; - File_read_result file=file_read(pool, r.charsets.source(), lfile_name, data, size, - *vmode_name->as_string(&pool)==TEXT_MODE_NAME, - third_param_hash + HashStringValue* options=third_param_hash; + size_t offset=0; + size_t limit=0; + if(options) { + options=new HashStringValue(*options); + if(Value *voffset=(Value *)options->get(sql_offset_name)) { + offset=r.process_to_value(*voffset).as_int(); + } + if(Value *vlimit=(Value *)options->get(sql_limit_name)) { + limit=r.process_to_value(*vlimit).as_int(); + } + // no check on options count here, see file_read + } + File_read_result file=file_read(r.charsets, lfile_name, + is_text_mode(vmode_name.as_string()), + options, true, 0, offset, limit ); - char *user_file_name=params.count()>alt_filename_param_index? - params.as_string(alt_filename_param_index, "filename must be string")->cstr(pool) - :lfile_name->cstr(pool, String::UL_FILE_SPEC); + const char *user_file_name=params.count()>alt_filename_param_index? + params.as_string(alt_filename_param_index, "filename must be string").cstr() + :lfile_name.cstr(String::L_FILE_SPEC); - ValuePtr vcontent_type(0); + Value* vcontent_type=0; if(file.headers) - vcontent_type=file.headers->get(content_type_name); + { + if(Value* remote_content_type=file.headers->get("CONTENT-TYPE")) + vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); + } if(!vcontent_type) - vcontent_type=ValuePtr(new VString(r.mime_type_of(user_file_name))); + vcontent_type=new VString(r.mime_type_of(user_file_name)); VFile& self=GET_SELF(r, VFile); - self.set(pool, true/*tainted*/, data, size, user_file_name, vcontent_type); + self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); if(file.headers) - file.headers->for_each(_load_pass_param, &self.fields()); + file.headers->for_each(_load_pass_param, &self.fields()); +} + +static void _create(Request& r, MethodParams& params) { + Value& vmode_name=params. as_no_junction(0, "mode must not be code"); + if(!is_text_mode(vmode_name.as_string())) + throw Exception("parser.runtime", + 0, + "only text mode is currently supported"); + + const char* user_file_name_cstr=r.absolute( + params.as_no_junction(1, "file name must not be code").as_string()).cstr(String::L_FILE_SPEC); + + const String& content=params.as_string(2, "content must be string"); + const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes + + VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); + + VFile& self=GET_SELF(r, VFile); + self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type); } -static void _stat(Request& r, StringPtr method_name, MethodParams& params) { - Pool& pool=r.pool(); - ValuePtr vfile_name=params.as_no_junction(0, "file name must not be code"); +static void _stat(Request& r, MethodParams& params) { + Value& vfile_name=params.as_no_junction(0, "file name must not be code"); - StringPtr lfile_name=vfile_name->as_string(&pool); + const String& lfile_name=vfile_name.as_string(); size_t size; time_t atime, mtime, ctime; @@ -183,15 +275,20 @@ static void _stat(Request& r, StringPtr atime, mtime, ctime); VFile& self=GET_SELF(r, VFile); - self.set(pool, true/*tainted*/, 0/*no bytes*/, size); + self.set(true/*tainted*/, 0/*no bytes*/, size); HashStringValue& ff=self.fields(); - ff.put(adate_name, ValuePtr(new VDate(atime))); - ff.put(mdate_name, ValuePtr(new VDate(mtime))); - ff.put(cdate_name, ValuePtr(new VDate(ctime))); - ff.put(content_type_name, ValuePtr(new VString(r.mime_type_of(lfile_name->cstr(String::UL_FILE_SPEC))))); + ff.put(adate_name, new VDate(atime)); + ff.put(mdate_name, new VDate(mtime)); + ff.put(cdate_name, new VDate(ctime)); + ff.put(content_type_name, new VString(r.mime_type_of(lfile_name.cstr(String::L_FILE_SPEC)))); } -static bool is_safe_env_key(CharPtr key) { +static bool is_safe_env_key(const char* key) { + for(const char* validator=key; *validator; validator++) { + char c=*validator; + if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) + return false; + } if(strncasecmp(key, "HTTP_", 5)==0) return true; if(strncasecmp(key, "CGI_", 4)==0) @@ -204,68 +301,69 @@ static bool is_safe_env_key(CharPtr key) } #ifndef DOXYGEN struct Append_env_pair_info { - Pool* pool; + Request_charsets* charsets; HashStringString* env; - ValuePtr vstdin; + Value* vstdin; }; #endif static void append_env_pair( - HashStringValue::key_type akey, - HashStringValue::value_type avalue, - Append_env_pair_info *info) { - if(*akey==STDIN_EXEC_PARAM_NAME) { + HashStringValue::key_type akey, + HashStringValue::value_type avalue, + Append_env_pair_info *info) { + if(akey==STDIN_EXEC_PARAM_NAME) { info->vstdin=avalue; + } else if(akey==CHARSET_EXEC_PARAM_NAME) { + // ignore, already processed } else { - if(!is_safe_env_key(akey->cstr())) + if(!is_safe_env_key(akey.cstr())) throw Exception("parser.runtime", - akey, + new String(akey, String::L_TAINTED), "not safe environment variable"); - info->env->put(akey, avalue->as_string(info->pool)); + info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets)); } } #ifndef DOXYGEN struct Pass_cgi_header_attribute_info { - Pool* pool; Charset* charset; HashStringValue* fields; - ValuePtr content_type; + Value* content_type; }; #endif static void pass_cgi_header_attribute( - ArrayString::element_type astring, - Pass_cgi_header_attribute_info* info) { - int colon_pos=astring->pos(":", 1); - if(colon_pos>0) { - StringPtr key(astring->mid(0, colon_pos)->change_case( - *info->pool, *info->charset, String::CC_UPPER)); - ValuePtr value(new VString(astring->mid(colon_pos+1, astring->size()))); + ArrayString::element_type astring, + Pass_cgi_header_attribute_info* info) { + size_t colon_pos=astring->pos(':'); + if(colon_pos!=STRING_NOT_FOUND) { + const String& key=astring->mid(0, colon_pos).change_case( + *info->charset, String::CC_UPPER); + Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); info->fields->put(key, value); - if(*key=="CONTENT-TYPE") + if(key=="CONTENT-TYPE") info->content_type=value; } } /// @todo fix `` in perl - they produced flipping consoles and no output to perl -static void _exec_cgi(Request& r, StringPtr method_name, MethodParams& params, +static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { - Pool& pool=r.pool(); - ValuePtr vfile_name=params.as_no_junction(0, "file name must not be code"); + Value& vfile_name=params.as_no_junction(0, "file name must not be code"); - StringPtr script_name=r.absolute(vfile_name->as_string(&pool)); + const String& script_name=r.absolute(vfile_name.as_string()); HashStringString env; #define ECSTR(name, value_cstr) \ if(value_cstr) \ env.put( \ - StringPtr(new String(#name)), \ - StringPtr(new String(value_cstr))); \ + String::Body(#name), \ + String::Body(value_cstr, 0)); \ // passing SAPI::environment - if(const char* const *pairs=SAPI::environment(r.sapi_info)) { + if(const char *const *pairs=SAPI::environment(r.sapi_info)) { while(const char* pair=*pairs++) if(const char* eq_at=strchr(pair, '=')) - env.put( - StringPtr(new String(pair, eq_at-pair)), - StringPtr(new String(eq_at+1))); + if(eq_at[1]) // has value + env.put( + pa_strdup(pair, eq_at-pair), + pa_strdup(eq_at+1, 0)); } // const @@ -282,30 +380,40 @@ static void _exec_cgi(Request& r, String //String content_length(content_length_cstr); ECSTR(CONTENT_LENGTH, content_length_cstr); // SCRIPT_* - env.put(StringPtr(new String("SCRIPT_NAME")), script_name); - //env.put(*new(pool) String(pool, "SCRIPT_FILENAME"), ??&script_name); + env.put(String::Body("SCRIPT_NAME"), script_name); + //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); bool stdin_specified=false; // environment & stdin from param - String in; + String *in=new String(); + Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed if(params.count()>1) { - ValuePtr venv=params.as_no_junction(1, "env must not be code"); - if(HashStringValue* user_env=venv->get_hash(method_name)) { - Append_env_pair_info info; - info.pool=&pool; - info.env=&env; - user_env->for_each(append_env_pair, &info); + Value& venv=params.as_no_junction(1, "env must not be code"); + if(HashStringValue* user_env=venv.get_hash()) { + // $.charset [previewing to handle URI pieces] + if(Value* vcharset=user_env->get(CHARSET_EXEC_PARAM_NAME)) + charset=&charsets.get(vcharset->as_string() + .change_case(r.charsets.source(), String::CC_UPPER)); + + // $.others + Append_env_pair_info info={&r.charsets, &env, 0}; + { + // influence tainting + // main target -- $.QUERY_STRING -- URLencoding of tainted pieces to String::L_URI lang + Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); + user_env->for_each(append_env_pair, &info); + } + // $.stdin if(info.vstdin) { stdin_specified=true; - if(StringPtr sstdin=info.vstdin->get_string(&pool)) { - in.append(*sstdin, String::UL_CLEAN, true); + if(const String* sstdin=info.vstdin->get_string()) { + in->append(*sstdin, String::L_CLEAN, true); } else - if(VFile *vfile=static_cast(info.vstdin->as("file", false))) - in.APPEND_TAINTED((const char* )vfile->value_ptr(), vfile->value_size(), - "$.stdin[assigned]", 0); + if(VFile* vfile=static_cast(info.vstdin->as("file", false))) + in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); else throw Exception("parser.runtime", - method_name, + 0, STDIN_EXEC_PARAM_NAME " parameter must be string or file"); } } @@ -314,32 +422,51 @@ static void _exec_cgi(Request& r, String // argv from params ArrayString argv; if(params.count()>2) { - for(int i=2; i 0) { + argv+=new String(param.cstr_to_string_body(String::L_UNSPECIFIED, 0, &r.charsets), String::L_AS_IS); + } + } } - // passing POST data - if(!stdin_specified) // if $.stdin[...] not specified - in.APPEND(r.request_info.post_data, r.request_info.post_size, String::UL_CLEAN, - "POST data (passed)", 0); + // transcode if necessary + if(charset) { + Charset::transcode(env, r.charsets.source(), *charset); + Charset::transcode(argv, r.charsets.source(), *charset); + in=&Charset::transcode(*in, r.charsets.source(), *charset); + } + // @todo + // ifdef WIN32 do OEM->ANSI transcode on some(.cmd?) programs to + // match silent conversion in OS // exec! PA_exec_result execution= - pa_exec(pool, false/*forced_allow*/, script_name, env, argv, in); + pa_exec(false/*forced_allow*/, script_name, &env, argv, *in); + + String *real_out=&execution.out; + String *real_err=&execution.err; + // transcode if necessary + if(charset) { + real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); + real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); + } VFile& self=GET_SELF(r, VFile); - StringPtr body=execution.out; // ^file:exec - ValuePtr content_type(0); + const String* body=real_out; // ^file:exec const char* eol_marker=0; size_t eol_marker_size; - StringPtr header(0); + const String* header=0; if(cgi) { // ^file:cgi // construct with 'out' body and header - int dos_pos=execution.out->pos("\r\n\r\n", 4); - int unix_pos=execution.out->pos("\n\n", 2); + size_t dos_pos=real_out->pos("\r\n\r\n", 4); + size_t unix_pos=real_out->pos("\n\n", 2); bool unix_header_break; - switch((dos_pos >= 0?10:00) + (unix_pos >= 0?01:00)) { + switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { case 10: // dos unix_header_break=false; break; @@ -352,12 +479,12 @@ static void _exec_cgi(Request& r, String default: // 00 unix_header_break=false; // calm down, compiler throw Exception(0, - method_name, + 0, "output does not contain CGI header; " "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", execution.status, - (uint)execution.out->size(), execution.out->cstr(), - (uint)execution.err->size(), execution.err->cstr()); + (uint)real_out->length(), real_out->cstr(), + (uint)real_err->length(), real_err->cstr()); break; //never reached } @@ -370,18 +497,18 @@ static void _exec_cgi(Request& r, String eol_marker="\r\n"; eol_marker_size=2; } - header=execution.out->mid(0, header_break_pos); - body=execution.out->mid(header_break_pos+eol_marker_size*2, execution.out->size()); + header=&real_out->mid(0, header_break_pos); + body=&real_out->mid(header_break_pos+eol_marker_size*2, real_out->length()); } // body - self.set(pool, false/*not tainted*/, body->cstr(), body->size()); + self.set(false/*not tainted*/, body->cstr(), body->length()); // $fields << header if(header && eol_marker) { ArrayString rows; - header->split(rows, 0, eol_marker, eol_marker_size); - Pass_cgi_header_attribute_info info; - info.pool=&pool; + size_t pos_after=0; + header->split(rows, pos_after, eol_marker); + Pass_cgi_header_attribute_info info={0, 0, 0}; info.charset=&r.charsets.source(); info.fields=&self.fields(); rows.for_each(pass_cgi_header_attribute, &info); @@ -390,32 +517,30 @@ static void _exec_cgi(Request& r, String } // $status - self.fields().put(file_status_name, ValuePtr(new VInt(execution.status))); + self.fields().put(file_status_name, new VInt(execution.status)); // $stderr - if(execution.err->size()) + if(real_err->length()) self.fields().put( - StringPtr(new String("stderr")), - ValuePtr(new VString(execution.err))); + String::Body("stderr"), + new VString(*real_err)); } -static void _exec(Request& r, StringPtr method_name, MethodParams& params) { - _exec_cgi(r, method_name, params, false); +static void _exec(Request& r, MethodParams& params) { + _exec_cgi(r, params, false); } -static void _cgi(Request& r, StringPtr method_name, MethodParams& params) { - _exec_cgi(r, method_name, params, true); +static void _cgi(Request& r, MethodParams& params) { + _exec_cgi(r, params, true); } -static void _list(Request& r, StringPtr method_name, MethodParams& params) { - Pool& pool=r.pool(); - - ValuePtr relative_path=params.as_no_junction(0, "path must not be code"); +static void _list(Request& r, MethodParams& params) { + Value& relative_path=params.as_no_junction(0, "path must not be code"); - StringPtr regexp; + const String* regexp; pcre *regexp_code; const int ovecsize=(1/*match*/)*3; int ovector[ovecsize]; if(params.count()>1) { - regexp=params.as_no_junction(1, "regexp must not be code")->as_string(&pool); + regexp=¶ms.as_no_junction(1, "regexp must not be code").as_string(); const char* pattern=regexp->cstr(); const char* errptr; @@ -426,18 +551,19 @@ static void _list(Request& r, StringPtr if(!regexp_code) throw Exception(0, - regexp->mid(erroffset, regexp->size()), + ®exp->mid(erroffset, regexp->length()), "regular expression syntax error - %s", errptr); - } else + } else { + regexp=0; // not used, just to calm down compiler regexp_code=0; + } - CharPtr absolute_path_cstr=r.absolute(relative_path->as_string(&pool))-> - cstr(String::UL_FILE_SPEC); + const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); Table::columns_type columns(new ArrayString); - *columns+=StringPtr(new String("name")); - TablePtr table(new Table(method_name, columns)); + *columns+=new String("name"); + Table& table=*new Table(columns); LOAD_DIR(absolute_path_cstr, const char* file_name_cstr=ffblk.ff_name; @@ -460,13 +586,9 @@ static void _list(Request& r, StringPtr } if(suits) { - StringPtr file_name(new String); - file_name->APPEND_TAINTED(pool.copy(file_name_cstr, file_name_size), file_name_size, - method_name->origin().file, method_name->origin().line); - Table::element_type row(new ArrayString); - *row+=file_name; - *table+=row; + *row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true); + table+=row; } ); @@ -474,35 +596,36 @@ static void _list(Request& r, StringPtr pcre_free(regexp_code); // write out result - r.write_no_lang(ValuePtr(new VTable(table))); + r.write_no_lang(*new VTable(&table)); } #ifndef DOXYGEN struct Lock_execute_body_info { Request* r; - ValuePtr body_code; + Value* body_code; }; #endif static void lock_execute_body(int , void *ainfo) { Lock_execute_body_info& info=*static_cast(ainfo); // execute body - info.r->write_assign_lang(info.r->process(info.body_code)); + info.r->write_assign_lang(info.r->process(*info.body_code)); }; -static void _lock(Request& r, StringPtr method_name, MethodParams& params) { - Lock_execute_body_info info; - info.r=&r; - StringPtr file_spec=r.absolute(params.as_string(0, "file name must be string")); - info.body_code=params.as_junction(1, "body must be code"); +static void _lock(Request& r, MethodParams& params) { + const String& file_spec=r.absolute(params.as_string(0, "file name must be string")); + Lock_execute_body_info info={ + &r, + ¶ms.as_junction(1, "body must be code") + }; file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); } -static int lastposafter(const String& s, int after, const char* substr, size_t substr_size, bool beforelast=false) { - size_t size; +static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { + size_t size=0; // just to calm down compiler if(beforelast) - size=s.size(); - int at; - while((at=s.pos(substr, substr_size, after))>=0) { + size=s.length(); + size_t at; + while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { size_t newafter=at+substr_size/*skip substr*/; if(beforelast && newafter==size) break; @@ -512,85 +635,84 @@ static int lastposafter(const String& s, return after; } -static void _find(Request& r, StringPtr method_name, MethodParams& params) { - Pool& pool=r.pool(); - StringPtr file_name=params.as_no_junction(0, "file name must not be code")->as_string(&pool); - StringPtr file_spec; - if(file_name->first_char()=='/') - file_spec=file_name; +static void _find(Request& r, MethodParams& params) { + const String& file_name=params.as_no_junction(0, "file name must not be code").as_string(); + const String* file_spec; + if(file_name.first_char()=='/') + file_spec=&file_name; else - file_spec=r.relative(r.request_info.uri, file_name); + file_spec=&r.relative(r.request_info.uri, file_name); // easy way - if(file_readable(r.absolute(file_spec))) { + if(file_exist(r.absolute(*file_spec))) { r.write_assign_lang(*file_spec); return; } // monkey way int after_base_slash=lastposafter(*file_spec, 0, "/", 1); - StringPtr dirname=file_spec->mid(0, after_base_slash); - StringPtr basename=file_spec->mid(after_base_slash, file_spec->size()); + const String* dirname=&file_spec->mid(0, after_base_slash); + const String& basename=file_spec->mid(after_base_slash, file_spec->length()); int after_monkey_slash; while((after_monkey_slash=lastposafter(*dirname, 0, "/", 1, true))>0) { - StringPtr test_name(new String); - *test_name<<*(dirname=dirname->mid(0, after_monkey_slash)); - *test_name<mid(0, after_monkey_slash)); + test_name< /a // /a/b/ > /a - int afterslash=lastposafter(*file_spec, 0, "/", 1, true); + int afterslash=lastposafter(file_spec, 0, "/", 1, true); if(afterslash>0) - r.write_assign_lang(*file_spec->mid(0, afterslash==1?1:afterslash-1)); + r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); else r.write_assign_lang(String(".", 1)); } -static void _basename(Request& r, StringPtr method_name, MethodParams& params) { - StringPtr file_spec=params.as_string(0, "file name must be string"); +static void _basename(Request& r, MethodParams& params) { + const String& file_spec=params.as_string(0, "file name must be string"); // /a/some.tar.gz > some.tar.gz - int afterslash=lastposafter(*file_spec, 0, "/", 1); - r.write_assign_lang(*file_spec->mid(afterslash, file_spec->size())); + int afterslash=lastposafter(file_spec, 0, "/", 1); + r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); } -static void _justname(Request& r, StringPtr method_name, MethodParams& params) { - StringPtr file_spec=params.as_string(0, "file name must be string"); +static void _justname(Request& r, MethodParams& params) { + const String& file_spec=params.as_string(0, "file name must be string"); // /a/some.tar.gz > some.tar - int afterslash=lastposafter(*file_spec, 0, "/", 1); - int afterdot=lastposafter(*file_spec, afterslash, ".", 1); - r.write_assign_lang(*file_spec->mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec->size())); + int afterslash=lastposafter(file_spec, 0, "/", 1); + int afterdot=lastposafter(file_spec, afterslash, ".", 1); + r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); } -static void _justext(Request& r, StringPtr method_name, MethodParams& params) { - StringPtr file_spec=params.as_string(0, "file name must be string"); +static void _justext(Request& r, MethodParams& params) { + const String& file_spec=params.as_string(0, "file name must be string"); // /a/some.tar.gz > gz - int afterdot=lastposafter(*file_spec, 0, ".", 1); + int afterdot=lastposafter(file_spec, 0, ".", 1); if(afterdot>0) - r.write_assign_lang(*file_spec->mid(afterdot, file_spec->size())); + r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); } -static void _fullpath(Request& r, StringPtr method_name, MethodParams& params) { - StringPtr file_spec=params.as_string(0, "file name must be string"); - StringPtr result(new String); - if(file_spec->first_char()=='/') - result=file_spec; +static void _fullpath(Request& r, MethodParams& params) { + const String& file_spec=params.as_string(0, "file name must be string"); + const String* result; + if(file_spec.first_char()=='/') + result=&file_spec; else { // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif - StringPtr full_disk_path=r.absolute(file_spec); + const String& full_disk_path=r.absolute(file_spec); size_t document_root_length=strlen(r.request_info.document_root); if(document_root_length>0) { @@ -598,40 +720,262 @@ static void _fullpath(Request& r, String if(last_char == '/' || last_char == '\\') --document_root_length; } - result=full_disk_path->mid(document_root_length, full_disk_path->size()); + result=&full_disk_path.mid(document_root_length, full_disk_path.length()); } r.write_assign_lang(*result); } +static void _sql_string(Request& r, MethodParams&) { + VFile& self=GET_SELF(r, VFile); + + const char *quoted=r.connection()->quote(self.value_ptr(), self.value_size()); + r.write_assign_lang(*new String(quoted)); +} + +#ifndef DOXYGEN +class File_sql_event_handlers: public SQL_Driver_query_event_handlers { + const String& statement_string; const char* statement_cstr; + int got_columns; + int got_cells; +public: + String::C value; + const String* user_file_name; + const String* user_content_type; +public: + File_sql_event_handlers( + const String& astatement_string, const char* astatement_cstr): + statement_string(astatement_string), statement_cstr(astatement_cstr), + got_columns(0), + got_cells(0), + user_file_name(0), + user_content_type(0) {} + + bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { + if(got_columns++==3) { + error=SQL_Error("parser.runtime", "result must contain not more then 3 columns"); + return true; + } + return false; + } + bool before_rows(SQL_Error& /*error*/ ) { /* ignore */ return false; } + bool add_row(SQL_Error& /*error*/) { /* ignore */ return false; } + bool add_row_cell(SQL_Error& error, const char* str, size_t length) { + try { + switch(got_cells++) { + case 0: + value=String::C(str, length); + break; + case 1: + if(!user_file_name) // user not specified? + user_file_name=new String(str, length, true); + break; + case 2: + if(!user_content_type) // user not specified? + user_content_type=new String(str, length, true); + break; + default: + error=SQL_Error("parser.runtime", "result must not contain more then one row, three rows"); + return true; + } + return false; + } catch(...) { + error=SQL_Error("exception occured in File_sql_event_handlers::add_row_cell"); + return true; + } + } +}; +#endif +static void _sql(Request& r, MethodParams& params) { + Value& statement=params.as_junction(0, "statement must be code"); + + Temp_lang temp_lang(r, String::L_SQL); + const String& statement_string=r.process_to_string(statement); + const char* statement_cstr= + statement_string.cstr(String::L_UNSPECIFIED, r.connection()); + File_sql_event_handlers handlers(statement_string, statement_cstr); + + if(params.count()>1) + if(HashStringValue* options= + params.as_no_junction(1, "param must not be code").get_hash()) { + int valid_options=0; + if(Value* vfilename=options->get(NAME_NAME)) { + valid_options++; + handlers.user_file_name=&vfilename->as_string(); + } + if(Value* vcontent_type=options->get(CONTENT_TYPE_NAME)) { + valid_options++; + handlers.user_content_type=&vcontent_type->as_string(); + } + if(valid_options!=options->count()) + throw Exception("parser.runtime", + 0, + "called with invalid option"); + } + + + r.connection()->query( + statement_cstr, + 0, 0, + 0, 0, + handlers, + statement_string); + + if(!handlers.value) + throw Exception("parser.runtime", + 0, + "produced no result"); + + const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0; + + VString* vcontent_type=handlers.user_content_type? + new VString(*handlers.user_content_type) + : user_file_name_cstr? + new VString(r.mime_type_of(user_file_name_cstr)) + : 0; + VFile& self=GET_SELF(r, VFile); + self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); +} + +static void _base64(Request& r, MethodParams& params) { + bool dynamic = !(&r.get_self() == file_class); + if ( dynamic ){ + VFile& self=GET_SELF(r, VFile); + if(params.count()) { + // decode + const char* cstr=params.as_string(0, "parameter must be string").cstr(); + char* decoded_cstr=0; + size_t decoded_size=0; + pa_base64_decode(cstr, strlen(cstr), decoded_cstr, decoded_size); + if(decoded_cstr && decoded_size) + self.set(true/*tainted*/, decoded_cstr, decoded_size); + } else { + // encode + const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); + r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); + } + } else { + // encode + const String& file_spec=params.as_string(0, "file name must be string"); + const char* encoded=pa_base64_encode(r.absolute(file_spec)); + r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); + } +} + +static void _crc32(Request& r, MethodParams& params) { + unsigned long crc32 = 0; + if(&r.get_self() == file_class) { + // ^file:crc32[file-name] + if(params.count()) { + const String& file_spec=params.as_string(0, "file name must be string"); + crc32=pa_crc32(r.absolute(file_spec)); + } else { + throw Exception("parser.runtime", + 0, + "file name must be defined"); + } + } else { + // ^file.crc32[] + VFile& self=GET_SELF(r, VFile); + crc32=pa_crc32(self.value_ptr(), self.value_size()); + } + r.write_no_lang(*new VInt(crc32)); +} + + +static void file_md5_file_action( + struct stat& finfo, + int f, + const String& , const char* /*fname*/, bool, + void *context) +{ + PA_MD5_CTX& md5context=*static_cast(context); + if(finfo.st_size) { + int nCount=0; + do { + unsigned char buffer[FILE_BUFFER_SIZE]; + nCount = file_block_read(f, buffer, sizeof(buffer)); + if ( nCount ){ + pa_MD5Update(&md5context, (const unsigned char*)buffer, nCount); + } + } while(nCount > 0); + } +} + +const char* pa_md5(const String& file_spec) +{ + PA_MD5_CTX context; + unsigned char digest[16]; + pa_MD5Init(&context); + file_read_action_under_lock(file_spec, "md5", file_md5_file_action, &context); + pa_MD5Final(digest, &context); + + return hex_string(digest, sizeof(digest), false); +} + +const char* pa_md5(const char *in, size_t in_size) +{ + PA_MD5_CTX context; + unsigned char digest[16]; + pa_MD5Init(&context); + pa_MD5Update(&context, (const unsigned char*)in, in_size); + pa_MD5Final(digest, &context); + + return hex_string(digest, sizeof(digest), false); +} + +static void _md5(Request& r, MethodParams& params) { + const char* md5; + if(&r.get_self() == file_class) { + // ^file:md5[file-name] + if(params.count()) { + const String& file_spec=params.as_string(0, "file name must be string"); + md5=pa_md5(r.absolute(file_spec)); + } else { + throw Exception("parser.runtime", + 0, + "file name must be defined"); + } + } else { + // ^file.md5[] + VFile& self=GET_SELF(r, VFile); + md5=pa_md5(self.value_ptr(), self.value_size()); + + } + r.write_no_lang(*new String(md5)); +} // constructor MFile::MFile(): Methoded("file") { - // ^save[mode;file-name] + // ^file::create[text;user-name;string] + // ^file::create[binary;user-name;SOMEDAY SOMETHING] + add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3); + + // ^file.save[mode;file-name] add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); - // ^delete[file-name] + // ^file:delete[file-name] add_native_method("delete", Method::CT_STATIC, _delete, 1, 1); - // ^move[from-file-name;to-file-name] + // ^file:move[from-file-name;to-file-name] add_native_method("move", Method::CT_STATIC, _move, 2, 2); - // ^load[mode;disk-name] - // ^load[mode;disk-name;user-name] + // ^file::load[mode;disk-name] + // ^file::load[mode;disk-name;user-name] add_native_method("load", Method::CT_DYNAMIC, _load, 2, 3); - // ^stat[disk-name] + // ^file::stat[disk-name] add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1); - // ^cgi[file-name] - // ^cgi[file-name;env hash] - // ^cgi[file-name;env hash;1cmd;2line;3ar;4g;5s] - add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+10); - - // ^exec[file-name] - // ^exec[file-name;env hash] - // ^exec[file-name;env hash;1cmd;2line;3ar;4g;5s] - add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+10); + // ^file::cgi[file-name] + // ^file::cgi[file-name;env hash] + // ^file::cgi[file-name;env hash;1cmd;2line;3ar;4g;5s] + add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+50); + + // ^file::exec[file-name] + // ^file::exec[file-name;env hash] + // ^file::exec[file-name;env hash;1cmd;2line;3ar;4g;5s] + add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+50); // ^file:list[path] // ^file:list[path][regexp] @@ -640,8 +984,8 @@ MFile::MFile(): Methoded("file") { // ^file:lock[path]{code} add_native_method("lock", Method::CT_STATIC, _lock, 2, 2); - // ^find[file-name] - // ^find[file-name]{when-not-found} + // ^file:find[file-name] + // ^file:find[file-name]{when-not-found} add_native_method("find", Method::CT_STATIC, _find, 1, 2); // ^file:dirname[/a/some.tar.gz]=/a @@ -655,4 +999,26 @@ MFile::MFile(): Methoded("file") { add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); + + // ^file.sql-string[] + add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); + + // ^file::sql[[alt_name]]{} + add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); + + // ^file::base64[string] << decode + // ^file.base64[] << encode + // ^file:base64[file-name] << encode + add_native_method("base64", Method::CT_ANY, _base64, 0, 1); + + // ^file.crc32[] + // ^file:crc32[file-name] + add_native_method("crc32", Method::CT_ANY, _crc32, 0, 1); + + // ^file.md5[] + // ^file:md5[file-name] + add_native_method("md5", Method::CT_ANY, _md5, 0, 1); + + // ^file:copy[from-file-name;to-file-name] + add_native_method("copy", Method::CT_STATIC, _copy, 2, 2); }