--- parser3/src/classes/file.C 2007/11/14 12:46:02 1.162 +++ parser3/src/classes/file.C 2009/01/12 07:46:13 1.181 @@ -5,12 +5,10 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2007/11/14 12:46:02 $"; +static const char * const IDENT_FILE_C="$Date: 2009/01/12 07:46:13 $"; #include "pa_config_includes.h" -#include "pcre.h" - #include "classes.h" #include "pa_vmethod_frame.h" @@ -155,10 +153,10 @@ static void _move(Request& r, MethodPara } static void copy_process_source( - struct stat& , - int from_file, - const String& , const char* /*fname*/, bool, - void *context) { + struct stat& , + int from_file, + const String& , const char* /*fname*/, bool, + void *context) { int& to_file=*static_cast(context); int nCount=0; @@ -167,7 +165,7 @@ static void copy_process_source( nCount = file_block_read(from_file, buffer, sizeof(buffer)); int written=write(to_file, buffer, nCount); if( written < 0 ) - throw Exception(0, + throw Exception("file.access", 0, "write failed: %s (%d)", strerror(errno), errno); @@ -194,47 +192,46 @@ static void _copy(Request& r, MethodPara } static void _load_pass_param( - HashStringValue::key_type key, - HashStringValue::value_type value, - HashStringValue *dest) { + HashStringValue::key_type key, + HashStringValue::value_type value, + HashStringValue *dest) { dest->put(key, value); } + static void _load(Request& r, MethodParams& params) { - Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE); + bool as_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); - Value* third_param=params.count()>2?¶ms.as_no_junction(2, "filename or options must not be code") - :0; - HashStringValue* third_param_hash=third_param?third_param->get_hash():0; - size_t alt_filename_param_index=2; - if(third_param_hash) - alt_filename_param_index++; - HashStringValue* options=third_param_hash; + size_t param_index=params.count()-1; + Value* param_value=param_index>=2?¶ms.as_no_junction(param_index, "filename or options must not be code"):0; + HashStringValue* param_hash=param_value?param_value->get_hash():0; + HashStringValue* options=param_hash; + + param_index--; + size_t offset=0; size_t limit=0; - if(options) { + if(options){ options=new HashStringValue(*options); - if(Value *voffset=(Value *)options->get(sql_offset_name)) { + if(Value *voffset=(Value *)options->get(sql_offset_name)){ offset=r.process_to_value(*voffset).as_int(); } - if(Value *vlimit=(Value *)options->get(sql_limit_name)) { + if(Value *vlimit=(Value *)options->get(sql_limit_name)){ limit=r.process_to_value(*vlimit).as_int(); } // no check on options count here, see file_read } File_read_result file=file_read(r.charsets, lfile_name, - is_text_mode(vmode_name.as_string()), - options, true, 0, offset, limit + as_text, options, true, 0, offset, limit ); - const char *user_file_name=params.count()>alt_filename_param_index? - params.as_string(alt_filename_param_index, FILE_NAME_MUST_BE_STRING).cstr() - :lfile_name.cstr(String::L_FILE_SPEC); + const char *user_file_name=(param_index>=2)? + params.as_string(param_index, FILE_NAME_MUST_BE_STRING).cstr(String::L_FILE_SPEC) + :lfile_name.cstr(String::L_FILE_SPEC); Value* vcontent_type=0; - if(file.headers) - { - if(Value* remote_content_type=file.headers->get("CONTENT-TYPE")) + if(file.headers){ + if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER)) vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); } if(!vcontent_type) @@ -242,8 +239,21 @@ static void _load(Request& r, MethodPara VFile& self=GET_SELF(r, VFile); self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); - if(file.headers) + + if(file.headers){ file.headers->for_each(_load_pass_param, &self.fields()); + } else { + size_t size; + time_t atime, mtime, ctime; + + file_stat(lfile_name, size, atime, mtime, ctime); + + HashStringValue& ff=self.fields(); + ff.put(adate_name, new VDate(atime)); + ff.put(mdate_name, new VDate(mtime)); + ff.put(cdate_name, new VDate(ctime)); + } + } static void _create(Request& r, MethodParams& params) { @@ -276,13 +286,15 @@ static void _stat(Request& r, MethodPara size, atime, mtime, ctime); + const char* user_file_name=lfile_name.cstr(String::L_FILE_SPEC); + VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, 0/*no bytes*/, size); + + self.set(true/*tainted*/, 0/*no bytes*/, size, user_file_name, new VString(r.mime_type_of(user_file_name))); HashStringValue& ff=self.fields(); ff.put(adate_name, new VDate(atime)); ff.put(mdate_name, new VDate(mtime)); ff.put(cdate_name, new VDate(ctime)); - ff.put(content_type_name, new VString(r.mime_type_of(lfile_name.cstr(String::L_FILE_SPEC)))); } static bool is_safe_env_key(const char* key) { @@ -309,9 +321,9 @@ struct Append_env_pair_info { }; #endif static void append_env_pair( - HashStringValue::key_type akey, - HashStringValue::value_type avalue, - Append_env_pair_info *info) { + HashStringValue::key_type akey, + HashStringValue::value_type avalue, + Append_env_pair_info *info) { if(akey==STDIN_EXEC_PARAM_NAME) { info->vstdin=avalue; } else if(akey==CHARSET_EXEC_PARAM_NAME) { @@ -332,15 +344,15 @@ struct Pass_cgi_header_attribute_info { }; #endif static void pass_cgi_header_attribute( - ArrayString::element_type astring, - Pass_cgi_header_attribute_info* info) { + ArrayString::element_type astring, + Pass_cgi_header_attribute_info* info) { size_t colon_pos=astring->pos(':'); if(colon_pos!=STRING_NOT_FOUND) { const String& key=astring->mid(0, colon_pos).change_case( *info->charset, String::CC_UPPER); Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); info->fields->put(key, value); - if(key=="CONTENT-TYPE") + if(key==HTTP_CONTENT_TYPE_UPPER) info->content_type=value; } } @@ -351,11 +363,6 @@ static void append_to_argv(Request& r, A } } -inline size_t strpos(const char *s1, const char *s2) { - const char *p = strstr(s1, s2); - return (p==0)?(size_t)-1:p-s1; -} - /// @todo fix `` in perl - they produced flipping consoles and no output to perl static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { @@ -452,9 +459,9 @@ static void _exec_cgi(Request& r, Method // argv from params ArrayString argv; if(param_index < params.count()) { - // influence tainting - // main target -- URLencoding of tainted pieces to String::L_URI lang - Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); + // influence tainting + // main target -- URLencoding of tainted pieces to String::L_URI lang + Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); for(size_t i=param_index; ilength && is_text_mode(mode_name)){ fix_line_breaks(file_out->str, file_out->length); // treat output as string String *real_out = new String(file_out->str, file_out->length); - // transcode if necessary - if(charset) { + // transcode out if necessary + if(charset) real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); - real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); - } + // FIXME: unsafe cast - file_out->str = (char*)real_out->cstr(); + file_out->str=const_cast(real_out->cstr()); // hacking a little file_out->length = real_out->length(); } VFile& self=GET_SELF(r, VFile); if(cgi) { // ^file::cgi - const char* eol_marker=0; size_t eol_marker_size; + const char* eol_marker=0; + size_t eol_marker_size; + // construct with 'out' body and header - size_t dos_pos=strpos(file_out->str, "\r\n\r\n"); - size_t unix_pos=strpos(file_out->str, "\n\n"); + size_t dos_pos=(file_out->length)?strpos(file_out->str, "\r\n\r\n"):STRING_NOT_FOUND; + size_t unix_pos=(file_out->length)?strpos(file_out->str, "\n\n"):STRING_NOT_FOUND; bool unix_header_break; switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { - case 10: // dos - unix_header_break=false; - break; - case 01: // unix - unix_header_break=true; - break; - case 11: // dos & unix - unix_header_break=unix_poslength, file_out->str, - (uint)real_err->length(), real_err->cstr()); - break; //never reached + case 10: // dos + unix_header_break=false; + break; + case 01: // unix + unix_header_break=true; + break; + case 11: // dos & unix + unix_header_break=unix_poslength, (file_out->length) ? (file_out->str) : "", + (size_t)real_err->length(), real_err->cstr()); + break; //never reached } - int header_break_pos; + size_t header_break_pos; if(unix_header_break) { header_break_pos=unix_pos; - eol_marker="\n"; eol_marker_size=1; + eol_marker="\n"; + eol_marker_size=1; } else { header_break_pos=dos_pos; - eol_marker="\r\n"; eol_marker_size=2; + eol_marker="\r\n"; + eol_marker_size=2; } file_out->str[header_break_pos] = 0; @@ -555,7 +568,7 @@ static void _exec_cgi(Request& r, Method file_out->str += headersize; file_out->length -= headersize; - // body + // $body self.set(false/*not tainted*/, file_out->str, file_out->length); // $fields << header @@ -570,7 +583,8 @@ static void _exec_cgi(Request& r, Method if(info.content_type) self.fields().put(content_type_name, info.content_type); } - } else { + } else { // ^file::exec + // $body self.set(false/*not tainted*/, file_out->str, file_out->length); } @@ -600,15 +614,19 @@ static void _list(Request& r, MethodPara if(params.count()>1) { regexp=¶ms.as_no_junction(1, "regexp must not be code").as_string(); - const char* pattern=regexp->cstr(); + const char* pattern=regexp->cstr(String::L_UNSPECIFIED); const char* errptr; int erroffset; - regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, + int options=PCRE_EXTRA | PCRE_DOTALL; + if(r.charsets.source().isUTF8()) + options=options|PCRE_UTF8; + + regexp_code=pcre_compile(pattern, options, &errptr, &erroffset, r.charsets.source().pcre_tables); if(!regexp_code) - throw Exception(0, + throw Exception(PCRE_EXCEPTION_TYPE, ®exp->mid(erroffset, regexp->length()), "regular expression syntax error - %s", errptr); } else { @@ -636,9 +654,9 @@ static void _list(Request& r, MethodPara suits=false; else if(exec_result<0) { (*pcre_free)(regexp_code); - throw Exception(0, - regexp, - "regular expression execute (%d)", + throw Exception(PCRE_EXCEPTION_TYPE, + regexp, + print_pcre_exec_error_text(exec_result), exec_result); } } @@ -736,7 +754,7 @@ static void _find(Request& r, MethodPara static void _dirname(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - // /a/some.tar.gz > /a + // /a/some.tar.gz > /a // /a/b/ > /a int afterslash=lastposafter(file_spec, 0, "/", 1, true); if(afterslash>0) @@ -747,21 +765,21 @@ static void _dirname(Request& r, MethodP static void _basename(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - // /a/some.tar.gz > some.tar.gz + // /a/some.tar.gz > some.tar.gz int afterslash=lastposafter(file_spec, 0, "/", 1); r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); } static void _justname(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - // /a/some.tar.gz > some.tar + // /a/some.tar.gz > some.tar int afterslash=lastposafter(file_spec, 0, "/", 1); int afterdot=lastposafter(file_spec, afterslash, ".", 1); r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); } static void _justext(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - // /a/some.tar.gz > gz + // /a/some.tar.gz > gz int afterdot=lastposafter(file_spec, 0, ".", 1); if(afterdot>0) r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); @@ -856,9 +874,11 @@ static void _sql(Request& r, MethodParam statement_string.cstr(String::L_UNSPECIFIED, r.connection()); File_sql_event_handlers handlers(statement_string, statement_cstr); + ulong limit=SQL_NO_LIMIT; + ulong offset=0; + if(params.count()>1) - if(HashStringValue* options= - params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()) { + if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ int valid_options=0; if(Value* vfilename=options->get(NAME_NAME)) { valid_options++; @@ -868,6 +888,14 @@ static void _sql(Request& r, MethodParam valid_options++; handlers.user_content_type=&vcontent_type->as_string(); } + if(Value* vlimit=options->get(sql_limit_name)) { + valid_options++; + limit=(ulong)r.process_to_value(*vlimit).as_double(); + } + if(Value* voffset=options->get(sql_offset_name)) { + valid_options++; + offset=(ulong)r.process_to_value(*voffset).as_double(); + } if(valid_options!=options->count()) throw Exception(PARSER_RUNTIME, 0, @@ -878,7 +906,7 @@ static void _sql(Request& r, MethodParam r.connection()->query( statement_cstr, 0, 0, - 0, 0, + offset, limit, handlers, statement_string); @@ -900,26 +928,26 @@ static void _sql(Request& r, MethodParam static void _base64(Request& r, MethodParams& params) { bool dynamic = !(&r.get_self() == file_class); - if ( dynamic ){ - VFile& self=GET_SELF(r, VFile); - if(params.count()) { - // decode - const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); - char* decoded_cstr=0; - size_t decoded_size=0; - pa_base64_decode(cstr, strlen(cstr), decoded_cstr, decoded_size); - if(decoded_cstr && decoded_size) - self.set(true/*tainted*/, decoded_cstr, decoded_size); - } else { - // encode - const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); - r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); - } + if(dynamic){ + VFile& self=GET_SELF(r, VFile); + if(params.count()) { + // decode: ^file::base64[encoded] + const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + char* decoded=0; + size_t length=0; + pa_base64_decode(cstr, strlen(cstr), decoded, length); + if(decoded && length) + self.set(true/*tainted*/, decoded, length); + } else { + // encode: ^f.base64[] + const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); + r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed**/)); + } } else { - // encode + // encode: ^file:base64[filespec] const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); const char* encoded=pa_base64_encode(r.absolute(file_spec)); - r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/)); + r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed*/)); } } @@ -945,10 +973,10 @@ static void _crc32(Request& r, MethodPar static void file_md5_file_action( - struct stat& finfo, - int f, - const String& , const char* /*fname*/, bool, - void *context) + struct stat& finfo, + int f, + const String& , const char* /*fname*/, bool, + void *context) { PA_MD5_CTX& md5context=*static_cast(context); if(finfo.st_size) { @@ -1024,7 +1052,7 @@ MFile::MFile(): Methoded("file") { // ^file::load[mode;disk-name] // ^file::load[mode;disk-name;user-name] - add_native_method("load", Method::CT_DYNAMIC, _load, 2, 3); + add_native_method("load", Method::CT_DYNAMIC, _load, 2, 4); // ^file::stat[disk-name] add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1);