--- parser3/src/classes/file.C 2003/04/08 12:47:29 1.107.2.16.2.14 +++ parser3/src/classes/file.C 2004/07/26 10:48:58 1.127 @@ -1,11 +1,11 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2004 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char* IDENT_FILE_C="$Date: 2003/04/08 12:47:29 $"; +static const char * const IDENT_FILE_C="$Date: 2004/07/26 10:48:58 $"; #include "pa_config_includes.h" @@ -23,18 +23,22 @@ static const char* IDENT_FILE_C="$Date: #include "pa_dir.h" #include "pa_vtable.h" #include "pa_charset.h" +#include "pa_charsets.h" +#include "pa_sql_connection.h" // defines #define TEXT_MODE_NAME "text" +#define BINARY_MODE_NAME "binary" #define STDIN_EXEC_PARAM_NAME "stdin" +#define CHARSET_EXEC_PARAM_NAME "charset" // class class MFile: public Methoded { public: // VStateless_class - Value* create_new_value() { return new VFile(); } + Value* create_new_value(Pool&) { return new VFile(); } public: // Methoded bool used_directly() { return true; } @@ -96,19 +100,29 @@ static const char* suexec_safe_env_lst[] // statics -static const StringBody adate_name("adate"); -static const StringBody mdate_name("mdate"); -static const StringBody cdate_name("cdate"); +static const String::Body adate_name("adate"); +static const String::Body mdate_name("mdate"); +static const String::Body cdate_name("cdate"); // methods +static bool is_text_mode(const String& mode) { + if(mode==TEXT_MODE_NAME) + return true; + if(mode==BINARY_MODE_NAME) + return false; + throw Exception("parser.runtime", + &mode, + "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); +} + static void _save(Request& r, MethodParams& params) { Value& vmode_name=params. as_no_junction(0, "mode must not be code"); Value& vfile_name=params.as_no_junction(1, "file name must not be code"); // save GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()), - vmode_name.as_string()==TEXT_MODE_NAME); + is_text_mode(vmode_name.as_string())); } static void _delete(Request& r, MethodParams& params) { @@ -144,8 +158,8 @@ static void _load(Request& r, MethodPara if(third_param_hash) alt_filename_param_index++; - File_read_result file=file_read(r.charsets.source(), lfile_name, - vmode_name.as_string()==TEXT_MODE_NAME, + File_read_result file=file_read(r.charsets, lfile_name, + is_text_mode(vmode_name.as_string()), third_param_hash ); @@ -186,6 +200,11 @@ static void _stat(Request& r, MethodPara } static bool is_safe_env_key(const char* key) { + for(const char* validator=key; *validator; validator++) { + char c=*validator; + if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) + return false; + } if(strncasecmp(key, "HTTP_", 5)==0) return true; if(strncasecmp(key, "CGI_", 4)==0) @@ -200,6 +219,7 @@ static bool is_safe_env_key(const char* struct Append_env_pair_info { HashStringString* env; Value* vstdin; + Value* vcharset; }; #endif static void append_env_pair( @@ -208,12 +228,14 @@ static void append_env_pair( Append_env_pair_info *info) { if(akey==STDIN_EXEC_PARAM_NAME) { info->vstdin=avalue; + } else if(akey==CHARSET_EXEC_PARAM_NAME) { + info->vcharset=avalue; } else { if(!is_safe_env_key(akey.cstr())) throw Exception("parser.runtime", new String(akey, String::L_TAINTED), "not safe environment variable"); - info->env->put(akey, avalue->as_string()); + info->env->put(akey, avalue->as_string().cstr(String::L_UNSPECIFIED)); } } #ifndef DOXYGEN @@ -248,15 +270,16 @@ static void _exec_cgi(Request& r, Method #define ECSTR(name, value_cstr) \ if(value_cstr) \ env.put( \ - StringBody(#name), \ - StringBody(value_cstr)); \ + String::Body(#name), \ + String::Body(value_cstr, 0)); \ // passing SAPI::environment if(const char *const *pairs=SAPI::environment(r.sapi_info)) { while(const char* pair=*pairs++) if(const char* eq_at=strchr(pair, '=')) - env.put( - StringBody(pair, eq_at-pair), - StringBody(eq_at+1)); + if(eq_at[1]) // has value + env.put( + pa_strdup(pair, eq_at-pair), + pa_strdup(eq_at+1, 0)); } // const @@ -273,30 +296,35 @@ static void _exec_cgi(Request& r, Method //String content_length(content_length_cstr); ECSTR(CONTENT_LENGTH, content_length_cstr); // SCRIPT_* - env.put(StringBody("SCRIPT_NAME"), script_name); - //env.put(StringBody("SCRIPT_FILENAME"), ??&script_name); + env.put(String::Body("SCRIPT_NAME"), script_name); + //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); bool stdin_specified=false; // environment & stdin from param - String in; + String *in=new String(); + Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed if(params.count()>1) { Value& venv=params.as_no_junction(1, "env must not be code"); if(HashStringValue* user_env=venv.get_hash()) { - Append_env_pair_info info; - info.env=&env; + Append_env_pair_info info={&env, 0, 0}; user_env->for_each(append_env_pair, &info); + // $.stdin if(info.vstdin) { stdin_specified=true; if(const String* sstdin=info.vstdin->get_string()) { - in.append(*sstdin, String::L_CLEAN, true); + in->append(*sstdin, String::L_CLEAN, true); } else if(VFile* vfile=static_cast(info.vstdin->as("file", false))) - in.append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); + in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); else throw Exception("parser.runtime", 0, STDIN_EXEC_PARAM_NAME " parameter must be string or file"); } + // $.charset + if(info.vcharset) + charset=&charsets.get(info.vcharset->as_string() + .change_case(r.charsets.source(), String::CC_UPPER)); } } @@ -307,24 +335,37 @@ static void _exec_cgi(Request& r, Method argv+=¶ms.as_string(i, "parameter must be string"); } - // passing POST data - if(!stdin_specified) // if $.stdin[...] not specified @todo zeroterminate post_data! - in.append_know_length(r.request_info.post_data, r.request_info.post_size, String::L_CLEAN); + // transcode if necessary + if(charset) { + Charset::transcode(env, r.charsets.source(), *charset); + Charset::transcode(argv, r.charsets.source(), *charset); + in=&Charset::transcode(*in, r.charsets.source(), *charset); + } + // @todo + // ifdef WIN32 do OEM->ANSI transcode on some(.cmd?) programs to + // match silent conversion in OS // exec! PA_exec_result execution= - pa_exec(false/*forced_allow*/, script_name, &env, argv, in); + pa_exec(false/*forced_allow*/, script_name, &env, argv, *in); + + String *real_out=&execution.out; + String *real_err=&execution.err; + // transcode if necessary + if(charset) { + real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); + real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); + } VFile& self=GET_SELF(r, VFile); - const String* body=&execution.out; // ^file:exec - Value* content_type=0; + const String* body=real_out; // ^file:exec const char* eol_marker=0; size_t eol_marker_size; const String* header=0; if(cgi) { // ^file:cgi // construct with 'out' body and header - size_t dos_pos=execution.out.pos("\r\n\r\n", 4); - size_t unix_pos=execution.out.pos("\n\n", 2); + size_t dos_pos=real_out->pos("\r\n\r\n", 4); + size_t unix_pos=real_out->pos("\n\n", 2); bool unix_header_break; switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { @@ -344,8 +385,8 @@ static void _exec_cgi(Request& r, Method "output does not contain CGI header; " "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", execution.status, - (uint)execution.out.length(), execution.out.cstr(), - (uint)execution.err.length(), execution.err.cstr()); + (uint)real_out->length(), real_out->cstr(), + (uint)real_err->length(), real_err->cstr()); break; //never reached } @@ -358,8 +399,8 @@ static void _exec_cgi(Request& r, Method eol_marker="\r\n"; eol_marker_size=2; } - header=&execution.out.mid(0, header_break_pos); - body=&execution.out.mid(header_break_pos+eol_marker_size*2, execution.out.length()); + header=&real_out->mid(0, header_break_pos); + body=&real_out->mid(header_break_pos+eol_marker_size*2, real_out->length()); } // body self.set(false/*not tainted*/, body->cstr(), body->length()); @@ -369,7 +410,7 @@ static void _exec_cgi(Request& r, Method ArrayString rows; size_t pos_after=0; header->split(rows, pos_after, eol_marker); - Pass_cgi_header_attribute_info info; + Pass_cgi_header_attribute_info info={0, 0, 0}; info.charset=&r.charsets.source(); info.fields=&self.fields(); rows.for_each(pass_cgi_header_attribute, &info); @@ -381,10 +422,10 @@ static void _exec_cgi(Request& r, Method self.fields().put(file_status_name, new VInt(execution.status)); // $stderr - if(execution.err.length()) + if(real_err->length()) self.fields().put( - StringBody("stderr"), - new VString(execution.err)); + String::Body("stderr"), + new VString(*real_err)); } static void _exec(Request& r, MethodParams& params) { _exec_cgi(r, params, false); @@ -414,8 +455,10 @@ static void _list(Request& r, MethodPara throw Exception(0, ®exp->mid(erroffset, regexp->length()), "regular expression syntax error - %s", errptr); - } else + } else { + regexp=0; // not used, just to calm down compiler regexp_code=0; + } const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); @@ -470,20 +513,21 @@ static void lock_execute_body(int , void info.r->write_assign_lang(info.r->process(*info.body_code)); }; static void _lock(Request& r, MethodParams& params) { - Lock_execute_body_info info; - info.r=&r; const String& file_spec=r.absolute(params.as_string(0, "file name must be string")); - info.body_code=¶ms.as_junction(1, "body must be code"); + Lock_execute_body_info info={ + &r, + ¶ms.as_junction(1, "body must be code") + }; file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); } static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { - size_t size; + size_t size=0; // just to calm down compiler if(beforelast) size=s.length(); - int at; - while((at=s.pos(StringBody(substr, substr_size), after))>=0) { + size_t at; + while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { size_t newafter=at+substr_size/*skip substr*/; if(beforelast && newafter==size) break; @@ -583,6 +627,101 @@ static void _fullpath(Request& r, Method r.write_assign_lang(*result); } +static void _sql_string(Request& r, MethodParams&) { + VFile& self=GET_SELF(r, VFile); + + const char *quoted=r.connection()->quote(self.value_ptr(), self.value_size()); + r.write_assign_lang(*new String(quoted)); +} + +#ifndef DOXYGEN +class File_sql_event_handlers: public SQL_Driver_query_event_handlers { + const String& statement_string; const char* statement_cstr; + int got_columns; + int got_cells; +public: + String::C value; + String* user_file_name; + String* user_content_type; +public: + File_sql_event_handlers( + const String& astatement_string, const char* astatement_cstr): + statement_string(astatement_string), statement_cstr(astatement_cstr), + got_columns(0), + got_cells(0), + user_file_name(0), + user_content_type(0) {} + + bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { + if(got_columns++==3) { + error=SQL_Error("parser.runtime", "result must contain not more then 3 columns"); + return true; + } + return false; + } + bool before_rows(SQL_Error& /*error*/ ) { /* ignore */ return false; } + bool add_row(SQL_Error& /*error*/) { /* ignore */ return false; } + bool add_row_cell(SQL_Error& error, const char* str, size_t length) { + try { + switch(got_cells++) { + case 0: + value=String::C(str, length); + break; + case 1: + user_file_name=new String(str, length, true); + break; + case 2: + user_content_type=new String(str, length, true); + break; + default: + error=SQL_Error("parser.runtime", "result must not contain more then one row, three rows"); + return true; + } + return false; + } catch(...) { + error=SQL_Error("exception occured in File_sql_event_handlers::add_row_cell"); + return true; + } + } +}; +#endif +static void _sql(Request& r, MethodParams& params) { + const String* user_file_name=0; + if(params.get(0)->is_string()) + user_file_name=¶ms.get(0)->as_string(); + + Value& statement=params.as_junction(params.count()-1, "statement must be code"); + + Temp_lang temp_lang(r, String::L_SQL); + const String& statement_string=r.process_to_string(statement); + const char* statement_cstr= + statement_string.cstr(String::L_UNSPECIFIED, r.connection()); + File_sql_event_handlers handlers(statement_string, statement_cstr); + r.connection()->query( + statement_cstr, + 0, 0, + 0, 0, + handlers, + statement_string); + + if(!handlers.value) + throw Exception("parser.runtime", + 0, + "produced no result"); + + if(!user_file_name) + user_file_name=handlers.user_file_name; + + const char* user_file_name_cstr=user_file_name? user_file_name->cstr(): 0; + + VString* vcontent_type=handlers.user_content_type? + new VString(*handlers.user_content_type) + : user_file_name_cstr? + new VString(r.mime_type_of(user_file_name_cstr)) + : 0; + VFile& self=GET_SELF(r, VFile); + self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); +} // constructor @@ -635,4 +774,10 @@ MFile::MFile(): Methoded("file") { add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); + + // ^file.sql-string[] + add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); + + // ^file::sql[[alt_name]]{} + add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); }