--- parser3/src/classes/file.C	2009/07/06 12:13:29	1.196
+++ parser3/src/classes/file.C	2010/07/05 05:54:46	1.207
@@ -5,7 +5,7 @@
 	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 */
 
-static const char * const IDENT_FILE_C="$Date: 2009/07/06 12:13:29 $";
+static const char * const IDENT_FILE_C="$Date: 2010/07/05 05:54:46 $";
 
 #include "pa_config_includes.h"
 
@@ -43,7 +43,7 @@ extern String sql_offset_name;
 class MFile: public Methoded {
 public: // VStateless_class
 	
-	Value* create_new_value(Pool&, HashStringValue*) { return new VFile(); }
+	Value* create_new_value(Pool&) { return new VFile(); }
 
 public: // Methoded
 	bool used_directly() { return true; }
@@ -115,7 +115,7 @@ static bool is_valid_mode (const String&
 	return (mode==text_mode_name || mode==binary_mode_name);
 }
 
-static bool is_text_mode(const String& mode) {
+bool is_text_mode(const String& mode) {
 	if(mode==text_mode_name)
 		return true;
 	if(mode==binary_mode_name)
@@ -126,12 +126,23 @@ static bool is_text_mode(const String& m
 }
 
 static void _save(Request& r, MethodParams& params) {
-	Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE);
+	bool is_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string());
 	Value& vfile_name=params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE);
 
+	Charset* asked_charset=0;
+	if(params.count()>2)
+		if(HashStringValue* options=params.as_no_junction(2, OPTIONS_MUST_NOT_BE_CODE).get_hash()){
+			int valid_options=0;
+			if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){
+				asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER));
+				valid_options++;
+			}
+			if(valid_options != options->count())
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
+		}
+
 	// save
-	GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()),
-		is_text_mode(vmode_name.as_string()));
+	GET_SELF(r, VFile).save(r.charsets, r.absolute(vfile_name.as_string()), is_text, asked_charset);
 }
 
 static void _delete(Request& r, MethodParams& params) {
@@ -276,12 +287,29 @@ static void _create(Request& r, MethodPa
 		params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC);
 
 	const String& content=params.as_string(2, "content must be string");
-	const char* content_cstr=content.untaint_cstr(String::L_AS_IS); // explode content, honor tainting changes
+	String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes
+
+	if(params.count()>3){
+		Charset* asked_charset=0;
+
+		if(HashStringValue* options=params.as_no_junction(3, OPTIONS_MUST_NOT_BE_CODE).get_hash()){
+			int valid_options=0;
+			if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){
+				asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER));
+				valid_options++;
+			}
+			if(valid_options != options->count())
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
+		}
+
+		if(asked_charset != 0)
+			content_body=Charset::transcode(content_body, r.charsets.source(), *asked_charset);
+	}
 
 	VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr));
 	
 	VFile& self=GET_SELF(r, VFile);
-	self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type);
+	self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type);
 
 	self.set_mode(true/*as_text*/);
 }
@@ -314,6 +342,7 @@ static bool is_safe_env_key(const char*
 		if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-'))
 			return false;
 	}
+#ifdef PA_SAFE_MODE
 	if(strncasecmp(key, "HTTP_", 5)==0)
 		return true;
 	if(strncasecmp(key, "CGI_", 4)==0)
@@ -323,6 +352,9 @@ static bool is_safe_env_key(const char*
 			return true;
 	}
 	return false;
+#else
+	return true;
+#endif
 }
 #ifndef DOXYGEN
 struct Append_env_pair_info {
@@ -418,10 +450,7 @@ static void _exec_cgi(Request& r, Method
 	ECSTR(QUERY_STRING, r.request_info.query_string);
 	ECSTR(REQUEST_URI, r.request_info.uri);
 	ECSTR(CONTENT_TYPE, r.request_info.content_type);
-	char content_length_cstr[MAX_NUMBER];  
-	snprintf(content_length_cstr, MAX_NUMBER, "%u", r.request_info.content_length);
-	//String content_length(content_length_cstr);
-	ECSTR(CONTENT_LENGTH, content_length_cstr);
+	ECSTR(CONTENT_LENGTH, format(r.request_info.content_length, "%u"));
 	// SCRIPT_*
 	env.put(String::Body("SCRIPT_NAME"), script_name);
 	//env.put(String::Body("SCRIPT_FILENAME"), ??&script_name);
@@ -452,7 +481,7 @@ static void _exec_cgi(Request& r, Method
 				if(const String* sstdin=info.vstdin->get_string()) {
 					in->append(*sstdin, String::L_CLEAN, true);
 				} else
-					if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file", false)))
+					if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file")))
 						in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED);
 					else
 						throw Exception(PARSER_RUNTIME,
@@ -619,7 +648,7 @@ static void _list(Request& r, MethodPara
 	if(params.count()>1){
 		Value& regexp=params.as_no_junction(1, "regexp must not be code");
 		if(regexp.is_defined()){
-			if(Value* value=regexp.as(VREGEX_TYPE, false)){
+			if(Value* value=regexp.as(VREGEX_TYPE)){
 				vregex=static_cast<VRegex*>(value);
 			} else {
 				vregex=new VRegex(r.charsets.source(), &regexp.as_string(), 0/*options*/);
@@ -678,21 +707,6 @@ static void _lock(Request& r, MethodPara
 			&info);
 }
 
-static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) {
-	size_t size=0; // just to calm down compiler
-	if(beforelast)
-		size=s.length();
-	size_t at;
-	while((at=s.pos(String::Body(substr), after))!=STRING_NOT_FOUND) {
-		size_t newafter=at+substr_size/*skip substr*/;
-		if(beforelast && newafter==size)
-			break;
-		after=newafter;
-	}
-
-	return after;
-}
-
 static void _find(Request& r, MethodParams& params) {
 	const String& file_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE).as_string();
 	const String* file_spec;
@@ -848,7 +862,7 @@ static void _sql(Request& r, MethodParam
 
 	Temp_lang temp_lang(r, String::L_SQL);
 	const String& statement_string=r.process_to_string(statement);
-	const char* statement_cstr=statement_string.untaint_cstr(String::L_AS_IS, r.connection());
+	const char* statement_cstr=statement_string.untaint_cstr(r.flang, r.connection());
 
 	File_sql_event_handlers handlers(statement_string, statement_cstr);
 
@@ -875,9 +889,7 @@ static void _sql(Request& r, MethodParam
 				offset=(ulong)r.process_to_value(*voffset).as_double();
 			}
 			if(valid_options!=options->count())
-				throw Exception(PARSER_RUNTIME,
-					0,
-					"called with invalid option");
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
 		}
 
 
@@ -1018,10 +1030,11 @@ static void _md5(Request& r, MethodParam
 MFile::MFile(): Methoded("file") {
 	// ^file::create[text;user-name;string]
 	// ^file::create[binary;user-name;SOMEDAY SOMETHING]
-	add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3);
+	add_native_method("create", Method::CT_DYNAMIC, _create, 3, 4);
 
 	// ^file.save[mode;file-name]
-	add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2);
+	// ^file.save[mode;file-name;$.charset[...]]
+	add_native_method("save", Method::CT_DYNAMIC, _save, 2, 3);
 
 	// ^file:delete[file-name]
 	add_native_method("delete", Method::CT_STATIC, _delete, 1, 1);
@@ -1031,6 +1044,8 @@ MFile::MFile(): Methoded("file") {
 
 	// ^file::load[mode;disk-name]
 	// ^file::load[mode;disk-name;user-name]
+	// ^file::load[mode;disk-name;user-name;options hash]
+	// ^file::load[mode;disk-name;options hash]
 	add_native_method("load", Method::CT_DYNAMIC, _load, 2, 4);
 
 	// ^file::stat[disk-name]
@@ -1057,22 +1072,22 @@ MFile::MFile(): Methoded("file") {
 	// ^file:find[file-name]{when-not-found}
 	add_native_method("find", Method::CT_STATIC, _find, 1, 2);
 
-    // ^file:dirname[/a/some.tar.gz]=/a
+	// ^file:dirname[/a/some.tar.gz]=/a
 	// ^file:dirname[/a/b/]=/a
 	add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1);
-    // ^file:basename[/a/some.tar.gz]=some.tar.gz
-    add_native_method("basename", Method::CT_STATIC, _basename, 1, 1);
-    // ^file:justname[/a/some.tar.gz]=some.tar
+	// ^file:basename[/a/some.tar.gz]=some.tar.gz
+	add_native_method("basename", Method::CT_STATIC, _basename, 1, 1);
+	// ^file:justname[/a/some.tar.gz]=some.tar
 	add_native_method("justname", Method::CT_STATIC, _justname, 1, 1);
-    // ^file:justext[/a/some.tar.gz]=gz
+	// ^file:justext[/a/some.tar.gz]=gz
 	add_native_method("justext", Method::CT_STATIC, _justext, 1, 1);
-    // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif
+	// /some/page.html: ^file:fullpath[a.gif] => /some/a.gif
 	add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1);
 
-    // ^file.sql-string[]
+	// ^file.sql-string[]
 	add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0);
 
-    // ^file::sql[[alt_name]]{}
+	// ^file::sql{}[options hash]
 	add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2);
 
 	// ^file::base64[string] << decode