--- parser3/src/classes/file.C 2010/09/08 02:57:10 1.211 +++ parser3/src/classes/file.C 2011/05/19 06:58:40 1.214 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2010/09/08 02:57:10 $"; +static const char * const IDENT_FILE_C="$Date: 2011/05/19 06:58:40 $"; #include "pa_config_includes.h" @@ -43,15 +43,9 @@ extern String sql_offset_name; class MFile: public Methoded { public: // VStateless_class - Value* create_new_value(Pool&) { return new VFile(); } - -public: // Methoded - bool used_directly() { return true; } - public: MFile(); - }; // global variable @@ -132,7 +126,7 @@ static void _save(Request& r, MethodPara Charset* asked_charset=0; if(params.count()>2) - if(HashStringValue* options=params.as_no_junction(2, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(2)){ int valid_options=0; if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); @@ -462,7 +456,6 @@ static void _exec_cgi(Request& r, Method env.put(String::Body("SCRIPT_NAME"), script_name); //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); - bool stdin_specified=false; // environment & stdin from param String *in=new String(); Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed @@ -484,9 +477,9 @@ static void _exec_cgi(Request& r, Method } // $.stdin if(info.vstdin) { - stdin_specified=true; if(const String* sstdin=info.vstdin->get_string()) { - in->append(*sstdin, String::L_CLEAN, true); + // untaint stdin + in = new String(sstdin->cstr_to_string_body_untaint(String::L_AS_IS), String::L_AS_IS); } else if(VFile* vfile=static_cast(info.vstdin->as("file"))) in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); @@ -877,7 +870,7 @@ static void _sql(Request& r, MethodParam ulong offset=0; if(params.count()>1) - if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(1)){ int valid_options=0; if(Value* vfilename=options->get(NAME_NAME)) { valid_options++;