|
|
| version 1.126, 2004/07/26 10:44:21 | version 1.206, 2010/05/20 04:28:14 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: @b file parser class. | Parser: @b file parser class. |
| Copyright (c) 2001-2004 ArtLebedev Group (http://www.artlebedev.com) | Copyright (c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| */ | */ |
| Line 9 static const char * const IDENT_FILE_C=" | Line 9 static const char * const IDENT_FILE_C=" |
| #include "pa_config_includes.h" | #include "pa_config_includes.h" |
| #include "pcre.h" | |
| #include "classes.h" | #include "classes.h" |
| #include "pa_vmethod_frame.h" | #include "pa_vmethod_frame.h" |
| Line 25 static const char * const IDENT_FILE_C=" | Line 23 static const char * const IDENT_FILE_C=" |
| #include "pa_charset.h" | #include "pa_charset.h" |
| #include "pa_charsets.h" | #include "pa_charsets.h" |
| #include "pa_sql_connection.h" | #include "pa_sql_connection.h" |
| #include "pa_vresponse.h" | #include "pa_md5.h" |
| #include "pa_vcookie.h" | #include "pa_vregex.h" |
| // defines | // defines |
| #define TEXT_MODE_NAME "text" | |
| #define BINARY_MODE_NAME "binary" | |
| #define STDIN_EXEC_PARAM_NAME "stdin" | #define STDIN_EXEC_PARAM_NAME "stdin" |
| #define CHARSET_EXEC_PARAM_NAME "charset" | #define CHARSET_EXEC_PARAM_NAME "charset" |
| #define NAME_NAME "name" | |
| // externs | |
| extern String sql_limit_name; | |
| extern String sql_offset_name; | |
| // class | // class |
| class MFile: public Methoded { | class MFile: public Methoded { |
| Line 108 static const String::Body cdate_name("cd | Line 111 static const String::Body cdate_name("cd |
| // methods | // methods |
| static bool is_text_mode(const String& mode) { | static bool is_valid_mode (const String& mode) { |
| if(mode==TEXT_MODE_NAME) | return (mode==text_mode_name || mode==binary_mode_name); |
| } | |
| bool is_text_mode(const String& mode) { | |
| if(mode==text_mode_name) | |
| return true; | return true; |
| if(mode==BINARY_MODE_NAME) | if(mode==binary_mode_name) |
| return false; | return false; |
| throw Exception("parser.runtime", | throw Exception(PARSER_RUNTIME, |
| &mode, | &mode, |
| "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); | "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); |
| } | } |
| static void _save(Request& r, MethodParams& params) { | static void _save(Request& r, MethodParams& params) { |
| Value& vmode_name=params. as_no_junction(0, "mode must not be code"); | bool is_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); |
| Value& vfile_name=params.as_no_junction(1, "file name must not be code"); | Value& vfile_name=params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE); |
| Charset* asked_charset=0; | |
| if(params.count()>2) | |
| if(HashStringValue* options=params.as_no_junction(2, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ | |
| int valid_options=0; | |
| if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ | |
| asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); | |
| valid_options++; | |
| } | |
| if(valid_options != options->count()) | |
| throw Exception(PARSER_RUNTIME, | |
| 0, | |
| INVALID_OPTION_PASSED); | |
| } | |
| // save | // save |
| GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()), | GET_SELF(r, VFile).save(r.charsets, r.absolute(vfile_name.as_string()), is_text, asked_charset); |
| is_text_mode(vmode_name.as_string())); | |
| } | } |
| static void _delete(Request& r, MethodParams& params) { | static void _delete(Request& r, MethodParams& params) { |
| Value& vfile_name=params.as_no_junction(0, "file name must not be code"); | Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); |
| // unlink | // unlink |
| file_delete(r.absolute(vfile_name.as_string())); | file_delete(r.absolute(vfile_name.as_string())); |
| Line 144 static void _move(Request& r, MethodPara | Line 164 static void _move(Request& r, MethodPara |
| r.absolute(vto_file_name.as_string())); | r.absolute(vto_file_name.as_string())); |
| } | } |
| static void copy_process_source( | |
| struct stat& , | |
| int from_file, | |
| const String& , const char* /*fname*/, bool, | |
| void *context) { | |
| int& to_file=*static_cast<int *>(context); | |
| int nCount=0; | |
| do { | |
| unsigned char buffer[FILE_BUFFER_SIZE]; | |
| nCount = file_block_read(from_file, buffer, sizeof(buffer)); | |
| int written=write(to_file, buffer, nCount); | |
| if( written < 0 ) | |
| throw Exception("file.access", | |
| 0, | |
| "write failed: %s (%d)", strerror(errno), errno); | |
| } while(nCount > 0); | |
| } | |
| static void copy_open_target(int f, void *from_spec) { | |
| String& file_spec=*static_cast<String *>(from_spec); | |
| file_read_action_under_lock(file_spec, "copy", copy_process_source, &f); | |
| }; | |
| static void _copy(Request& r, MethodParams& params) { | |
| Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); | |
| Value& vto_file_name=params.as_no_junction(1, "to file name must not be code"); | |
| String from_spec = r.absolute(vfrom_file_name.as_string()); | |
| const String& to_spec = r.absolute(vto_file_name.as_string()); | |
| file_write_action_under_lock( | |
| to_spec, | |
| "copy", | |
| copy_open_target, | |
| &from_spec); | |
| } | |
| static void _load_pass_param( | static void _load_pass_param( |
| HashStringValue::key_type key, | HashStringValue::key_type key, |
| HashStringValue::value_type value, | HashStringValue::value_type value, |
| HashStringValue *dest) { | HashStringValue *dest) { |
| dest->put(key, value); | dest->put(key, value); |
| } | } |
| static void _load(Request& r, MethodParams& params) { | static void _load(Request& r, MethodParams& params) { |
| Value& vmode_name=params. as_no_junction(0, "mode must not be code"); | bool as_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); |
| const String& lfile_name=r.absolute(params.as_no_junction(1, "file name must not be code").as_string()); | const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); |
| Value* third_param=params.count()>2?¶ms.as_no_junction(2, "filename or options must not be code") | |
| :0; | size_t param_index=params.count()-1; |
| HashStringValue* third_param_hash=third_param?third_param->get_hash():0; | Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "filename or options must not be code"):0; |
| size_t alt_filename_param_index=2; | |
| if(third_param_hash) | HashStringValue* options=0; |
| alt_filename_param_index++; | const char *user_file_name=0; |
| File_read_result file=file_read(r.charsets, lfile_name, | if(param_value){ |
| is_text_mode(vmode_name.as_string()), | options=param_value->get_hash(); |
| third_param_hash | if(options || param_index>2) |
| ); | param_index--; |
| if(param_index>1){ | |
| const String& luser_file_name=params.as_string(param_index, FILE_NAME_MUST_BE_STRING); | |
| if(!luser_file_name.is_empty()) | |
| user_file_name=luser_file_name.taint_cstr(String::L_FILE_SPEC); | |
| } | |
| } | |
| if(!user_file_name) | |
| user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); | |
| const char *user_file_name=params.count()>alt_filename_param_index? | size_t offset=0; |
| params.as_string(alt_filename_param_index, "filename must be string").cstr() | size_t limit=0; |
| :lfile_name.cstr(String::L_FILE_SPEC); | |
| if(options){ | |
| options=new HashStringValue(*options); | |
| if(Value *voffset=(Value *)options->get(sql_offset_name)){ | |
| offset=r.process_to_value(*voffset).as_int(); | |
| } | |
| if(Value *vlimit=(Value *)options->get(sql_limit_name)){ | |
| limit=r.process_to_value(*vlimit).as_int(); | |
| } | |
| // no check on options count here, see file_read | |
| } | |
| File_read_result file=file_load(r, lfile_name, | |
| as_text, options, true, 0, offset, limit | |
| ); | |
| Value* vcontent_type=0; | Value* vcontent_type=0; |
| if(file.headers) | if(file.headers){ |
| vcontent_type=file.headers->get(content_type_name); | if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER)) |
| vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); | |
| } | |
| if(!vcontent_type) | if(!vcontent_type) |
| vcontent_type=new VString(r.mime_type_of(user_file_name)); | vcontent_type=new VString(r.mime_type_of(user_file_name)); |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); | self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); |
| if(file.headers) | |
| file.headers->for_each(_load_pass_param, &self.fields()); | self.set_mode(as_text); |
| if(file.headers){ | |
| file.headers->for_each<HashStringValue*>(_load_pass_param, &self.fields()); | |
| } else { | |
| size_t size; | |
| time_t atime, mtime, ctime; | |
| file_stat(lfile_name, size, atime, mtime, ctime); | |
| HashStringValue& ff=self.fields(); | |
| ff.put(adate_name, new VDate(atime)); | |
| ff.put(mdate_name, new VDate(mtime)); | |
| ff.put(cdate_name, new VDate(ctime)); | |
| } | |
| } | |
| static void _create(Request& r, MethodParams& params) { | |
| const String& mode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string(); | |
| if(!is_text_mode(mode_name)) | |
| throw Exception(PARSER_RUNTIME, | |
| 0, | |
| "only text mode is currently supported"); | |
| const char* user_file_name_cstr=r.absolute( | |
| params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC); | |
| const String& content=params.as_string(2, "content must be string"); | |
| String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes | |
| if(params.count()>3){ | |
| Charset* asked_charset=0; | |
| if(HashStringValue* options=params.as_no_junction(3, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ | |
| int valid_options=0; | |
| if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ | |
| asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); | |
| valid_options++; | |
| } | |
| if(valid_options != options->count()) | |
| throw Exception(PARSER_RUNTIME, 0, INVALID_OPTION_PASSED); | |
| } | |
| if(asked_charset != 0) | |
| content_body=Charset::transcode(content_body, r.charsets.source(), *asked_charset); | |
| } | |
| VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); | |
| VFile& self=GET_SELF(r, VFile); | |
| self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type); | |
| self.set_mode(true/*as_text*/); | |
| } | } |
| static void _stat(Request& r, MethodParams& params) { | static void _stat(Request& r, MethodParams& params) { |
| Value& vfile_name=params.as_no_junction(0, "file name must not be code"); | Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); |
| const String& lfile_name=vfile_name.as_string(); | const String& lfile_name=vfile_name.as_string(); |
| Line 192 static void _stat(Request& r, MethodPara | Line 327 static void _stat(Request& r, MethodPara |
| size, | size, |
| atime, mtime, ctime); | atime, mtime, ctime); |
| const char* user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); | |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| self.set(true/*tainted*/, 0/*no bytes*/, size); | |
| self.set(true/*tainted*/, 0/*no bytes*/, size, user_file_name, new VString(r.mime_type_of(user_file_name))); | |
| HashStringValue& ff=self.fields(); | HashStringValue& ff=self.fields(); |
| ff.put(adate_name, new VDate(atime)); | ff.put(adate_name, new VDate(atime)); |
| ff.put(mdate_name, new VDate(mtime)); | ff.put(mdate_name, new VDate(mtime)); |
| ff.put(cdate_name, new VDate(ctime)); | ff.put(cdate_name, new VDate(ctime)); |
| ff.put(content_type_name, new VString(r.mime_type_of(lfile_name.cstr(String::L_FILE_SPEC)))); | |
| } | } |
| static bool is_safe_env_key(const char* key) { | static bool is_safe_env_key(const char* key) { |
| Line 207 static bool is_safe_env_key(const char* | Line 344 static bool is_safe_env_key(const char* |
| if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) | if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) |
| return false; | return false; |
| } | } |
| #ifdef PA_SAFE_MODE | |
| if(strncasecmp(key, "HTTP_", 5)==0) | if(strncasecmp(key, "HTTP_", 5)==0) |
| return true; | return true; |
| if(strncasecmp(key, "CGI_", 4)==0) | if(strncasecmp(key, "CGI_", 4)==0) |
| Line 216 static bool is_safe_env_key(const char* | Line 354 static bool is_safe_env_key(const char* |
| return true; | return true; |
| } | } |
| return false; | return false; |
| #else | |
| return true; | |
| #endif | |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| struct Append_env_pair_info { | struct Append_env_pair_info { |
| Request_charsets* charsets; | |
| HashStringString* env; | HashStringString* env; |
| Value* vstdin; | Value* vstdin; |
| Value* vcharset; | |
| }; | }; |
| #endif | #endif |
| static void append_env_pair( | static void append_env_pair( |
| HashStringValue::key_type akey, | HashStringValue::key_type akey, |
| HashStringValue::value_type avalue, | HashStringValue::value_type avalue, |
| Append_env_pair_info *info) { | Append_env_pair_info *info) { |
| if(akey==STDIN_EXEC_PARAM_NAME) { | if(akey==STDIN_EXEC_PARAM_NAME) { |
| info->vstdin=avalue; | info->vstdin=avalue; |
| } else if(akey==CHARSET_EXEC_PARAM_NAME) { | } else if(akey==CHARSET_EXEC_PARAM_NAME) { |
| info->vcharset=avalue; | // ignore, already processed |
| } else { | } else { |
| if(!is_safe_env_key(akey.cstr())) | if(!is_safe_env_key(akey.cstr())) |
| throw Exception("parser.runtime", | throw Exception(PARSER_RUNTIME, |
| new String(akey, String::L_TAINTED), | new String(akey, String::L_TAINTED), |
| "not safe environment variable"); | "not safe environment variable"); |
| info->env->put(akey, avalue->as_string().cstr(String::L_UNSPECIFIED)); | info->env->put(akey, avalue->as_string().cstr_to_string_body_untaint(String::L_AS_IS, 0, info->charsets)); |
| } | } |
| } | } |
| #ifndef DOXYGEN | #ifndef DOXYGEN |
| Line 248 struct Pass_cgi_header_attribute_info { | Line 389 struct Pass_cgi_header_attribute_info { |
| }; | }; |
| #endif | #endif |
| static void pass_cgi_header_attribute( | static void pass_cgi_header_attribute( |
| ArrayString::element_type astring, | ArrayString::element_type astring, |
| Pass_cgi_header_attribute_info* info) { | Pass_cgi_header_attribute_info* info) { |
| size_t colon_pos=astring->pos(':'); | size_t colon_pos=astring->pos(':'); |
| if(colon_pos==STRING_NOT_FOUND) { | if(colon_pos!=STRING_NOT_FOUND) { |
| const String& key=astring->mid(0, colon_pos).change_case( | const String& key=astring->mid(0, colon_pos).change_case( |
| *info->charset, String::CC_UPPER); | *info->charset, String::CC_UPPER); |
| Value* value=new VString(astring->mid(colon_pos+1, astring->length())); | Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim()); |
| info->fields->put(key, value); | info->fields->put(key, value); |
| if(key=="CONTENT-TYPE") | if(key==HTTP_CONTENT_TYPE_UPPER) |
| info->content_type=value; | info->content_type=value; |
| } | } |
| } | } |
| static void append_to_argv(Request& r, ArrayString& argv, const String* str){ | |
| if(!str->is_empty()) | |
| argv+=new String(str->cstr_to_string_body_untaint(String::L_AS_IS, 0, &r.charsets), String::L_AS_IS); | |
| } | |
| /// @todo fix `` in perl - they produced flipping consoles and no output to perl | /// @todo fix `` in perl - they produced flipping consoles and no output to perl |
| static void _exec_cgi(Request& r, MethodParams& params, | static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { |
| bool cgi) { | bool as_text=true; |
| size_t param_index=0; | |
| const String& mode_name=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE).as_string(); | |
| if(is_valid_mode(mode_name)){ | |
| as_text=is_text_mode(mode_name); | |
| param_index++; | |
| } | |
| if(param_index>=params.count()) | |
| throw Exception(PARSER_RUNTIME, | |
| 0, | |
| "file name must be specified"); | |
| Value& vfile_name=params.as_no_junction(0, "file name must not be code"); | Value& vfile_name=params.as_no_junction(param_index++, FILE_NAME_MUST_NOT_BE_CODE); |
| const String& script_name=r.absolute(vfile_name.as_string()); | const String& script_name=r.absolute(vfile_name.as_string()); |
| Line 273 static void _exec_cgi(Request& r, Method | Line 432 static void _exec_cgi(Request& r, Method |
| if(value_cstr) \ | if(value_cstr) \ |
| env.put( \ | env.put( \ |
| String::Body(#name), \ | String::Body(#name), \ |
| String::Body(value_cstr, 0)); \ | String::Body(*value_cstr?value_cstr:0)); \ |
| // passing SAPI::environment | // passing SAPI::environment |
| if(const char *const *pairs=SAPI::environment(r.sapi_info)) { | if(const char *const *pairs=SAPI::environment(r.sapi_info)) { |
| while(const char* pair=*pairs++) | while(const char* pair=*pairs++) |
| Line 293 static void _exec_cgi(Request& r, Method | Line 452 static void _exec_cgi(Request& r, Method |
| ECSTR(QUERY_STRING, r.request_info.query_string); | ECSTR(QUERY_STRING, r.request_info.query_string); |
| ECSTR(REQUEST_URI, r.request_info.uri); | ECSTR(REQUEST_URI, r.request_info.uri); |
| ECSTR(CONTENT_TYPE, r.request_info.content_type); | ECSTR(CONTENT_TYPE, r.request_info.content_type); |
| char content_length_cstr[MAX_NUMBER]; | ECSTR(CONTENT_LENGTH, format(r.request_info.content_length, "%u")); |
| snprintf(content_length_cstr, MAX_NUMBER, "%u", r.request_info.content_length); | |
| //String content_length(content_length_cstr); | |
| ECSTR(CONTENT_LENGTH, content_length_cstr); | |
| // SCRIPT_* | // SCRIPT_* |
| env.put(String::Body("SCRIPT_NAME"), script_name); | env.put(String::Body("SCRIPT_NAME"), script_name); |
| //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); | //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); |
| Line 305 static void _exec_cgi(Request& r, Method | Line 461 static void _exec_cgi(Request& r, Method |
| // environment & stdin from param | // environment & stdin from param |
| String *in=new String(); | String *in=new String(); |
| Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed | Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed |
| if(params.count()>1) { | if(param_index < params.count()) { |
| Value& venv=params.as_no_junction(1, "env must not be code"); | Value& venv=params.as_no_junction(param_index++, "env must not be code"); |
| if(HashStringValue* user_env=venv.get_hash()) { | if(HashStringValue* user_env=venv.get_hash()) { |
| Append_env_pair_info info={&env, 0, 0}; | // $.charset [previewing to handle URI pieces] |
| user_env->for_each(append_env_pair, &info); | if(Value* vcharset=user_env->get(CHARSET_EXEC_PARAM_NAME)) |
| charset=&charsets.get(vcharset->as_string() | |
| .change_case(r.charsets.source(), String::CC_UPPER)); | |
| // $.others | |
| Append_env_pair_info info={&r.charsets, &env, 0}; | |
| { | |
| // influence tainting | |
| // main target -- $.QUERY_STRING -- URLencoding of tainted pieces to String::L_URI lang | |
| Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); | |
| user_env->for_each<Append_env_pair_info*>(append_env_pair, &info); | |
| } | |
| // $.stdin | // $.stdin |
| if(info.vstdin) { | if(info.vstdin) { |
| stdin_specified=true; | stdin_specified=true; |
| if(const String* sstdin=info.vstdin->get_string()) { | if(const String* sstdin=info.vstdin->get_string()) { |
| in->append(*sstdin, String::L_CLEAN, true); | in->append(*sstdin, String::L_CLEAN, true); |
| } else | } else |
| if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file", false))) | if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file"))) |
| in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); | in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); |
| else | else |
| throw Exception("parser.runtime", | throw Exception(PARSER_RUNTIME, |
| 0, | 0, |
| STDIN_EXEC_PARAM_NAME " parameter must be string or file"); | STDIN_EXEC_PARAM_NAME " parameter must be string or file"); |
| } | } |
| // $.charset | |
| if(info.vcharset) | |
| charset=&charsets.get(info.vcharset->as_string() | |
| .change_case(r.charsets.source(), String::CC_UPPER)); | |
| } | } |
| } | } |
| // argv from params | // argv from params |
| ArrayString argv; | ArrayString argv; |
| if(params.count()>2) { | if(param_index < params.count()) { |
| for(size_t i=2; i<params.count(); i++) | // influence tainting |
| argv+=¶ms.as_string(i, "parameter must be string"); | Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); |
| for(size_t i=param_index; i<params.count(); i++) { | |
| Value& param=params.as_no_junction(i, PARAM_MUST_NOT_BE_CODE); | |
| if(param.is_defined()){ | |
| if(param.is_string()){ | |
| append_to_argv(r, argv, param.get_string()); | |
| } else { | |
| Table* table=param.get_table(); | |
| if(table){ | |
| for(size_t i=0; i<table->count(); i++) { | |
| append_to_argv(r, argv, table->get(i)->get(0)); | |
| } | |
| } else { | |
| throw Exception(PARSER_RUNTIME, | |
| 0, | |
| "param must be string or table"); | |
| } | |
| } | |
| } | |
| } | |
| } | } |
| // transcode if necessary | // transcode if necessary |
| Line 348 static void _exec_cgi(Request& r, Method | Line 531 static void _exec_cgi(Request& r, Method |
| // match silent conversion in OS | // match silent conversion in OS |
| // exec! | // exec! |
| PA_exec_result execution= | PA_exec_result execution=pa_exec(false/*forced_allow*/, script_name, &env, argv, *in); |
| pa_exec(false/*forced_allow*/, script_name, &env, argv, *in); | |
| String *real_out=&execution.out; | File_read_result *file_out=&execution.out; |
| String *real_err=&execution.err; | String *real_err=&execution.err; |
| // transcode if necessary | |
| if(charset) { | // transcode err if necessary (@todo: need fix line breaks in err as well ) |
| real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); | if(charset) |
| real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); | real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); |
| if(file_out->length && as_text){ | |
| fix_line_breaks(file_out->str, file_out->length); | |
| // treat output as string | |
| String *real_out = new String(file_out->str); | |
| // transcode out if necessary | |
| if(charset) | |
| real_out=&Charset::transcode(*real_out, *charset, r.charsets.source()); | |
| // FIXME: unsafe cast | |
| file_out->str=const_cast<char *>(real_out->cstr()); // hacking a little | |
| file_out->length = real_out->length(); | |
| } | } |
| VFile& self=GET_SELF(r, VFile); | VFile& self=GET_SELF(r, VFile); |
| const String* body=real_out; // ^file:exec | if(cgi) { // ^file::cgi |
| const char* eol_marker=0; size_t eol_marker_size; | const char* eol_marker=0; |
| const String* header=0; | size_t eol_marker_size; |
| if(cgi) { // ^file:cgi | |
| // construct with 'out' body and header | // construct with 'out' body and header |
| size_t dos_pos=real_out->pos("\r\n\r\n", 4); | size_t dos_pos=(file_out->length)?strpos(file_out->str, "\r\n\r\n"):STRING_NOT_FOUND; |
| size_t unix_pos=real_out->pos("\n\n", 2); | size_t unix_pos=(file_out->length)?strpos(file_out->str, "\n\n"):STRING_NOT_FOUND; |
| bool unix_header_break; | bool unix_header_break; |
| switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { | switch((dos_pos!=STRING_NOT_FOUND?10:00) + (unix_pos!=STRING_NOT_FOUND?01:00)) { |
| case 10: // dos | case 10: // dos |
| unix_header_break=false; | unix_header_break=false; |
| break; | break; |
| case 01: // unix | case 01: // unix |
| unix_header_break=true; | unix_header_break=true; |
| break; | break; |
| case 11: // dos & unix | case 11: // dos & unix |
| unix_header_break=unix_pos<dos_pos; | unix_header_break=unix_pos<dos_pos; |
| break; | break; |
| default: // 00 | default: // 00 |
| unix_header_break=false; // calm down, compiler | unix_header_break=false; // calm down, compiler |
| throw Exception(0, | throw Exception("file.execute", |
| 0, | 0, |
| "output does not contain CGI header; " | "output does not contain CGI header; " |
| "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", | "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", |
| execution.status, | execution.status, |
| (uint)real_out->length(), real_out->cstr(), | file_out->length, (file_out->length) ? (file_out->str) : "", |
| (uint)real_err->length(), real_err->cstr()); | real_err->length(), real_err->cstr()); |
| break; //never reached | break; //never reached |
| } | } |
| int header_break_pos; | size_t header_break_pos; |
| if(unix_header_break) { | if(unix_header_break) { |
| header_break_pos=unix_pos; | header_break_pos=unix_pos; |
| eol_marker="\n"; eol_marker_size=1; | eol_marker="\n"; |
| eol_marker_size=1; | |
| } else { | } else { |
| header_break_pos=dos_pos; | header_break_pos=dos_pos; |
| eol_marker="\r\n"; eol_marker_size=2; | eol_marker="\r\n"; |
| eol_marker_size=2; | |
| } | } |
| header=&real_out->mid(0, header_break_pos); | file_out->str[header_break_pos] = 0; |
| body=&real_out->mid(header_break_pos+eol_marker_size*2, real_out->length()); | String *header=new String(file_out->str); |
| unsigned long headersize = header_break_pos+eol_marker_size*2; | |
| file_out->str += headersize; | |
| file_out->length -= headersize; | |
| // $body | |
| self.set(false/*not tainted*/, file_out->str, file_out->length); | |
| // $fields << header | |
| if(header) { | |
| ArrayString rows; | |
| size_t pos_after=0; | |
| header->split(rows, pos_after, eol_marker); | |
| Pass_cgi_header_attribute_info info={0, 0, 0}; | |
| info.charset=&r.charsets.source(); | |
| info.fields=&self.fields(); | |
| rows.for_each(pass_cgi_header_attribute, &info); | |
| if(info.content_type) | |
| self.fields().put(content_type_name, info.content_type); | |
| } | |
| } else { // ^file::exec | |
| // $body | |
| self.set(false/*not tainted*/, file_out->str, file_out->length); | |
| } | } |
| // body | |
| self.set(false/*not tainted*/, body->cstr(), body->length()); | |
| // $fields << header | self.set_mode(as_text); |
| if(header && eol_marker) { | |
| ArrayString rows; | |
| size_t pos_after=0; | |
| header->split(rows, pos_after, eol_marker); | |
| Pass_cgi_header_attribute_info info={0, 0, 0}; | |
| info.charset=&r.charsets.source(); | |
| info.fields=&self.fields(); | |
| rows.for_each(pass_cgi_header_attribute, &info); | |
| if(info.content_type) | |
| self.fields().put(content_type_name, info.content_type); | |
| } | |
| // $status | // $status |
| self.fields().put(file_status_name, new VInt(execution.status)); | self.fields().put(file_status_name, new VInt(execution.status)); |
| // $stderr | // $stderr |
| if(real_err->length()) | if(!real_err->is_empty()) |
| self.fields().put( | self.fields().put( |
| String::Body("stderr"), | String::Body("stderr"), |
| new VString(*real_err)); | new VString(*real_err)); |
| Line 439 static void _cgi(Request& r, MethodParam | Line 645 static void _cgi(Request& r, MethodParam |
| static void _list(Request& r, MethodParams& params) { | static void _list(Request& r, MethodParams& params) { |
| Value& relative_path=params.as_no_junction(0, "path must not be code"); | Value& relative_path=params.as_no_junction(0, "path must not be code"); |
| const String* regexp; | VRegex* vregex=0; |
| pcre *regexp_code; | VRegexCleaner vrcleaner; |
| const int ovecsize=(1/*match*/)*3; | if(params.count()>1){ |
| int ovector[ovecsize]; | Value& regexp=params.as_no_junction(1, "regexp must not be code"); |
| if(params.count()>1) { | if(regexp.is_defined()){ |
| regexp=¶ms.as_no_junction(1, "regexp must not be code").as_string(); | if(Value* value=regexp.as(VREGEX_TYPE)){ |
| vregex=static_cast<VRegex*>(value); | |
| const char* pattern=regexp->cstr(); | } else { |
| const char* errptr; | vregex=new VRegex(r.charsets.source(), ®exp.as_string(), 0/*options*/); |
| int erroffset; | vregex->study(); |
| regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, | vrcleaner.vregex=vregex; |
| &errptr, &erroffset, | } |
| r.charsets.source().pcre_tables); | } |
| if(!regexp_code) | |
| throw Exception(0, | |
| ®exp->mid(erroffset, regexp->length()), | |
| "regular expression syntax error - %s", errptr); | |
| } else { | |
| regexp=0; // not used, just to calm down compiler | |
| regexp_code=0; | |
| } | } |
| const char* absolute_path_cstr=r.absolute(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC); | |
| const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); | |
| Table::columns_type columns(new ArrayString); | Table::columns_type columns(new ArrayString); |
| *columns+=new String("name"); | *columns+=new String("name"); |
| Table& table=*new Table(columns); | Table& table=*new Table(columns); |
| const int ovector_size=(1/*match*/)*3; | |
| int ovector[ovector_size]; | |
| LOAD_DIR(absolute_path_cstr, | LOAD_DIR(absolute_path_cstr, |
| const char* file_name_cstr=ffblk.ff_name; | const char* file_name_cstr=ffblk.ff_name; |
| size_t file_name_size=strlen(file_name_cstr); | size_t file_name_size=strlen(file_name_cstr); |
| bool suits=true; | |
| if(regexp_code) { | |
| int exec_result=pcre_exec(regexp_code, 0, | |
| ffblk.ff_name, file_name_size, 0, | |
| 0, ovector, ovecsize); | |
| if(exec_result==PCRE_ERROR_NOMATCH) | |
| suits=false; | |
| else if(exec_result<0) { | |
| (*pcre_free)(regexp_code); | |
| throw Exception(0, | |
| regexp, | |
| "regular expression execute (%d)", | |
| exec_result); | |
| } | |
| } | |
| if(suits) { | if(!vregex || vregex->exec(ffblk.ff_name, file_name_size, ovector, ovector_size)>=0) { |
| Table::element_type row(new ArrayString); | Table::element_type row(new ArrayString); |
| *row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true); | *row+=new String(pa_strdup(file_name_cstr, file_name_size), String::L_TAINTED); |
| table+=row; | table+=row; |
| } | } |
| ); | ); |
| if(regexp_code) | |
| pcre_free(regexp_code); | |
| // write out result | // write out result |
| r.write_no_lang(*new VTable(&table)); | r.write_no_lang(*new VTable(&table)); |
| } | } |
| Line 515 static void lock_execute_body(int , void | Line 696 static void lock_execute_body(int , void |
| info.r->write_assign_lang(info.r->process(*info.body_code)); | info.r->write_assign_lang(info.r->process(*info.body_code)); |
| }; | }; |
| static void _lock(Request& r, MethodParams& params) { | static void _lock(Request& r, MethodParams& params) { |
| const String& file_spec=r.absolute(params.as_string(0, "file name must be string")); | const String& file_spec=r.absolute(params.as_string(0, FILE_NAME_MUST_BE_STRING)); |
| Lock_execute_body_info info={ | Lock_execute_body_info info={ |
| &r, | &r, |
| ¶ms.as_junction(1, "body must be code") | ¶ms.as_junction(1, "body must be code") |
| }; | }; |
| file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); | file_write_action_under_lock( |
| } | file_spec, |
| "lock", | |
| static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { | lock_execute_body, |
| size_t size=0; // just to calm down compiler | &info); |
| if(beforelast) | |
| size=s.length(); | |
| size_t at; | |
| while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { | |
| size_t newafter=at+substr_size/*skip substr*/; | |
| if(beforelast && newafter==size) | |
| break; | |
| after=newafter; | |
| } | |
| return after; | |
| } | } |
| static void _find(Request& r, MethodParams& params) { | static void _find(Request& r, MethodParams& params) { |
| const String& file_name=params.as_no_junction(0, "file name must not be code").as_string(); | const String& file_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE).as_string(); |
| const String* file_spec; | const String* file_spec; |
| if(file_name.first_char()=='/') | if(file_name.first_char()=='/') |
| file_spec=&file_name; | file_spec=&file_name; |
| Line 548 static void _find(Request& r, MethodPara | Line 718 static void _find(Request& r, MethodPara |
| file_spec=&r.relative(r.request_info.uri, file_name); | file_spec=&r.relative(r.request_info.uri, file_name); |
| // easy way | // easy way |
| if(file_readable(r.absolute(*file_spec))) { | if(file_exist(r.absolute(*file_spec))) { |
| r.write_assign_lang(*file_spec); | r.write_assign_lang(*file_spec); |
| return; | return; |
| } | } |
| Line 563 static void _find(Request& r, MethodPara | Line 733 static void _find(Request& r, MethodPara |
| String test_name; | String test_name; |
| test_name<<*(dirname=&dirname->mid(0, after_monkey_slash)); | test_name<<*(dirname=&dirname->mid(0, after_monkey_slash)); |
| test_name<<basename; | test_name<<basename; |
| if(file_readable(r.absolute(test_name))) { | if(file_exist(r.absolute(test_name))) { |
| r.write_assign_lang(test_name); | r.write_assign_lang(test_name); |
| return; | return; |
| } | } |
| Line 577 static void _find(Request& r, MethodPara | Line 747 static void _find(Request& r, MethodPara |
| } | } |
| static void _dirname(Request& r, MethodParams& params) { | static void _dirname(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > /a | // /a/some.tar.gz > /a |
| // /a/b/ > /a | // /a/b/ > /a |
| int afterslash=lastposafter(file_spec, 0, "/", 1, true); | int afterslash=lastposafter(file_spec, 0, "/", 1, true); |
| if(afterslash>0) | if(afterslash>0) |
| r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); | r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); |
| else | else |
| r.write_assign_lang(String(".", 1)); | r.write_assign_lang(String(".")); |
| } | } |
| static void _basename(Request& r, MethodParams& params) { | static void _basename(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > some.tar.gz | // /a/some.tar.gz > some.tar.gz |
| int afterslash=lastposafter(file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); | r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); |
| } | } |
| static void _justname(Request& r, MethodParams& params) { | static void _justname(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > some.tar | // /a/some.tar.gz > some.tar |
| int afterslash=lastposafter(file_spec, 0, "/", 1); | int afterslash=lastposafter(file_spec, 0, "/", 1); |
| int afterdot=lastposafter(file_spec, afterslash, ".", 1); | int afterdot=lastposafter(file_spec, afterslash, ".", 1); |
| r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); | r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); |
| } | } |
| static void _justext(Request& r, MethodParams& params) { | static void _justext(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| // /a/some.tar.gz > gz | // /a/some.tar.gz > gz |
| int afterdot=lastposafter(file_spec, 0, ".", 1); | int afterdot=lastposafter(file_spec, 0, ".", 1); |
| if(afterdot>0) | if(afterdot>0) |
| r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); | r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); |
| } | } |
| static void _fullpath(Request& r, MethodParams& params) { | static void _fullpath(Request& r, MethodParams& params) { |
| const String& file_spec=params.as_string(0, "file name must be string"); | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| const String* result; | const String* result; |
| if(file_spec.first_char()=='/') | if(file_spec.first_char()=='/') |
| result=&file_spec; | result=&file_spec; |
| Line 643 class File_sql_event_handlers: public SQ | Line 813 class File_sql_event_handlers: public SQ |
| int got_cells; | int got_cells; |
| public: | public: |
| String::C value; | String::C value; |
| String* user_file_name; | const String* user_file_name; |
| String* user_content_type; | const String* user_content_type; |
| public: | public: |
| File_sql_event_handlers( | File_sql_event_handlers( |
| const String& astatement_string, const char* astatement_cstr): | const String& astatement_string, const char* astatement_cstr): |
| Line 656 public: | Line 826 public: |
| bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { | bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { |
| if(got_columns++==3) { | if(got_columns++==3) { |
| error=SQL_Error("parser.runtime", "result must contain not more then 3 columns"); | error=SQL_Error(PARSER_RUNTIME, "result must contain not more then 3 columns"); |
| return true; | return true; |
| } | } |
| return false; | return false; |
| Line 670 public: | Line 840 public: |
| value=String::C(str, length); | value=String::C(str, length); |
| break; | break; |
| case 1: | case 1: |
| user_file_name=new String(str, length, true); | if(!user_file_name) // user not specified? |
| user_file_name=new String(str, String::L_TAINTED); | |
| break; | break; |
| case 2: | case 2: |
| user_content_type=new String(str, length, true); | if(!user_content_type) // user not specified? |
| user_content_type=new String(str, String::L_TAINTED); | |
| break; | break; |
| default: | default: |
| error=SQL_Error("parser.runtime", "result must not contain more then one row, three rows"); | error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); |
| return true; | return true; |
| } | } |
| return false; | return false; |
| Line 688 public: | Line 860 public: |
| }; | }; |
| #endif | #endif |
| static void _sql(Request& r, MethodParams& params) { | static void _sql(Request& r, MethodParams& params) { |
| const String* user_file_name=0; | Value& statement=params.as_junction(0, "statement must be code"); |
| if(params.get(0)->is_string()) | |
| user_file_name=¶ms.get(0)->as_string(); | |
| Value& statement=params.as_junction(params.count()-1, "statement must be code"); | |
| Temp_lang temp_lang(r, String::L_SQL); | Temp_lang temp_lang(r, String::L_SQL); |
| const String& statement_string=r.process_to_string(statement); | const String& statement_string=r.process_to_string(statement); |
| const char* statement_cstr= | const char* statement_cstr=statement_string.untaint_cstr(r.flang, r.connection()); |
| statement_string.cstr(String::L_UNSPECIFIED, r.connection()); | |
| File_sql_event_handlers handlers(statement_string, statement_cstr); | File_sql_event_handlers handlers(statement_string, statement_cstr); |
| ulong limit=SQL_NO_LIMIT; | |
| ulong offset=0; | |
| if(params.count()>1) | |
| if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ | |
| int valid_options=0; | |
| if(Value* vfilename=options->get(NAME_NAME)) { | |
| valid_options++; | |
| handlers.user_file_name=&vfilename->as_string(); | |
| } | |
| if(Value* vcontent_type=options->get(CONTENT_TYPE_NAME)) { | |
| valid_options++; | |
| handlers.user_content_type=&vcontent_type->as_string(); | |
| } | |
| if(Value* vlimit=options->get(sql_limit_name)) { | |
| valid_options++; | |
| limit=(ulong)r.process_to_value(*vlimit).as_double(); | |
| } | |
| if(Value* voffset=options->get(sql_offset_name)) { | |
| valid_options++; | |
| offset=(ulong)r.process_to_value(*voffset).as_double(); | |
| } | |
| if(valid_options!=options->count()) | |
| throw Exception(PARSER_RUNTIME, | |
| 0, | |
| "called with invalid option"); | |
| } | |
| r.connection()->query( | r.connection()->query( |
| statement_cstr, | statement_cstr, |
| 0, 0, | 0, 0, |
| 0, 0, | offset, limit, |
| handlers, | handlers, |
| statement_string); | statement_string); |
| if(!handlers.value) | if(!handlers.value) |
| throw Exception("parser.runtime", | throw Exception(PARSER_RUNTIME, |
| 0, | 0, |
| "produced no result"); | "produced no result"); |
| if(!user_file_name) | const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0; |
| class send_attr_info | |
| { | |
| public: | |
| send_attr_info(Request *t) : r(t), add_content_type(true), add_last_modified(true), add_content_disposition(true) {} | |
| Request *r; | |
| bool add_content_type; | |
| bool add_last_modified; | |
| bool add_content_disposition; | |
| }; | |
| static void send_add_header_attribute( | VString* vcontent_type=handlers.user_content_type? |
| HashStringValue::key_type aattribute, | new VString(*handlers.user_content_type) |
| HashStringValue::value_type ameaning, | : user_file_name_cstr? |
| send_attr_info *r) | new VString(r.mime_type_of(user_file_name_cstr)) |
| { | : 0; |
| const char *a = aattribute.cstr(); | VFile& self=GET_SELF(r, VFile); |
| SAPI::add_header_attribute(r->r->sapi_info, | self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); |
| a, | self.set_mode(false/*binary*/); |
| attributed_meaning_to_string(*ameaning, String::L_HTTP_HEADER, false). | |
| cstr(String::L_UNSPECIFIED)); | |
| if(strcasecmp(a, "content-type")==0) | |
| r->add_content_type = false; | |
| else if(strcasecmp(a, "last-modified")==0) | |
| r->add_last_modified = false; | |
| else if(strcasecmp(a, "content-disposition")==0) | |
| r->add_content_disposition = false; | |
| } | } |
| struct RANGE | static void _base64(Request& r, MethodParams& params) { |
| { | bool dynamic = !(&r.get_self() == file_class); |
| size_t start; | if(dynamic){ |
| size_t end; | VFile& self=GET_SELF(r, VFile); |
| }; | if(params.count()) { |
| // decode: ^file::base64[encoded] | |
| static void parse_range(const String* s, Array<RANGE> &ar) | const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); |
| { | char* decoded=0; |
| const char *p = s->cstr(); | size_t length=0; |
| if(s->starts_with("bytes=")) | pa_base64_decode(cstr, strlen(cstr), decoded, length); |
| p += 6; | if(decoded && length) |
| RANGE r; | self.set(true/*tainted*/, decoded, length); |
| while(*p){ | } else { |
| r.start = (size_t)-1; | // encode: ^f.base64[] |
| r.end = (size_t)-1; | const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); |
| if(*p >= '0' && *p <= '9'){ | r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed**/)); |
| r.start = atol(p); | |
| while(*p>='0' && *p<='9') ++p; | |
| } | |
| if(*p++ != '-') break; | |
| if(*p >= '0' && *p <= '9'){ | |
| r.end = atol(p); | |
| while(*p>='0' && *p<='9') ++p; | |
| } | } |
| if(*p == ',') ++p; | } else { |
| ar += r; | // encode: ^file:base64[filespec] |
| const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); | |
| const char* encoded=pa_base64_encode(r.absolute(file_spec)); | |
| r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed*/)); | |
| } | } |
| } | } |
| class auto_file | static void _crc32(Request& r, MethodParams& params) { |
| { | unsigned long crc32 = 0; |
| protected: | if(&r.get_self() == file_class) { |
| FILE *f; | // ^file:crc32[file-name] |
| public: | if(params.count()) { |
| auto_file(FILE *t){ | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| f = t; | crc32=pa_crc32(r.absolute(file_spec)); |
| } | } else { |
| ~auto_file(){ | throw Exception(PARSER_RUNTIME, |
| if(f != 0){ | 0, |
| fclose(f); | "file name must be defined"); |
| f = 0; | |
| } | |
| } | |
| operator FILE*(){ | |
| return f; | |
| } | |
| }; | |
| // ^file:send[filename] | |
| // ^file:send[filename;options hash] | |
| // ^file:send[local_filename;remote_filename] | |
| // ^file:send[local_filename;remote_filename;options hash] | |
| static void _send(Request& r, MethodParams& params) { | |
| SAPI::add_header_attribute(r.sapi_info, "Accept-Ranges", "bytes"); | |
| if(r.response.fields().get("ignore")!=0) throw Exception("parser.runtime", 0, "^file:send not allowed here"); | |
| Value *to_file_name = 0; | |
| Value *options = 0; | |
| Value *from_file_name = params.get(0); | |
| const char *c_from_file_name=0, *disposition=0; | |
| if(!from_file_name->is("string")) throw Exception("parser.runtime", 0, "filename must be string"); | |
| size_t count = params.count(); | |
| if(count > 1){ | |
| to_file_name = params.get(1); | |
| if(to_file_name->is("hash")){ | |
| options = to_file_name; | |
| to_file_name = 0; | |
| }else if(count > 2){ | |
| options = params.get(2); | |
| if(!options->is("hash")) throw Exception("parser.runtime", 0, "options parameter must be hash"); | |
| } | } |
| } else { | |
| // ^file.crc32[] | |
| VFile& self=GET_SELF(r, VFile); | |
| crc32=pa_crc32(self.value_ptr(), self.value_size()); | |
| } | } |
| r.write_no_lang(*new VInt(crc32)); | |
| } | |
| c_from_file_name=r.absolute(from_file_name->as_string()).cstr(); | |
| size_t offset = 0; | |
| size_t limit = (size_t)-1; | |
| send_attr_info info(&r); | |
| VDate *date = 0; | |
| if(options){ | static void file_md5_file_action( |
| HashStringValue *opts = options->get_hash(); | struct stat& finfo, |
| if(opts == 0) | int f, |
| throw Exception("parser.runtime", 0, "options must be hash"); | const String& , const char* /*fname*/, bool, |
| Value *v; | void *context) |
| int valid_options = 0; | { |
| if(v = opts->get("offset")){ | PA_MD5_CTX& md5context=*static_cast<PA_MD5_CTX *>(context); |
| ++valid_options; | if(finfo.st_size) { |
| offset = v->as_int(); | int nCount=0; |
| } | do { |
| if(v = opts->get("limit")){ | unsigned char buffer[FILE_BUFFER_SIZE]; |
| ++valid_options; | nCount = file_block_read(f, buffer, sizeof(buffer)); |
| limit = v->as_int(); | if ( nCount ){ |
| } | pa_MD5Update(&md5context, (const unsigned char*)buffer, nCount); |
| if(v = opts->get("headers")){ | } |
| ++valid_options; | } while(nCount > 0); |
| HashStringValue *headers = v->get_hash(); | |
| if(headers == 0) | |
| throw Exception("parser.runtime", 0, "headers must be hash"); | |
| headers->for_each(send_add_header_attribute, &info); | |
| } | |
| if(v = opts->get("mdate")){ | |
| ++valid_options; | |
| if(Value* vdate=v->as(VDATE_TYPE, false)) | |
| date=static_cast<VDate*>(vdate); | |
| else throw Exception("parser.runtime", 0, "mdate must be a date"); | |
| } | |
| if(v = opts->get("disposition")){ | |
| ++valid_options; | |
| if(!v->is("string")) throw Exception("parser.runtime", 0, "disposition must be a string"); | |
| disposition = v->get_string()->cstr(); | |
| if(strcmp(disposition, "inline") && strcmp(disposition, "attachment")) throw Exception("parser.runtime", 0, "disposition can be only 'inline' or 'attachment'"); | |
| } | |
| if(valid_options != opts->count()) | |
| throw Exception("parser.runtime", 0, "invalid option passed"); | |
| } | } |
| } | |
| auto_file f = fopen(c_from_file_name, "rb"); | const char* pa_md5(const String& file_spec) |
| if(f == 0) | { |
| throw Exception("parser.runtime", 0, "Can't open file"); | PA_MD5_CTX context; |
| unsigned char digest[16]; | |
| if(fseek(f, 0, SEEK_END)!=0) | pa_MD5Init(&context); |
| throw Exception("parser.runtime", 0, "Can't seek file"); | file_read_action_under_lock(file_spec, "md5", file_md5_file_action, &context); |
| pa_MD5Final(digest, &context); | |
| size_t file_length = (size_t)ftell(f); | |
| if(file_length == (size_t)-1) | |
| throw Exception("parser.runtime", 0, "can't get file size"); | |
| if(file_length <= offset) | |
| throw Exception("parser.runtime", 0, "offset too big"); | |
| size_t content_length = file_length-offset; | return hex_string(digest, sizeof(digest), false); |
| if(limit != (size_t)-1) | } |
| content_length = limit<content_length?limit:content_length; | |
| size_t part_length = content_length; | |
| const size_t BUFSIZE = 4096; | |
| unsigned char buf[BUFSIZE]; | |
| const char *range = SAPI::get_env(r.sapi_info, "HTTP_RANGE"); | |
| if(range){ | |
| Array<RANGE> ar; | |
| parse_range(new String(range), ar); | |
| size_t count = ar.count(); | |
| if(count == 1){ | |
| RANGE &rg = ar.get_ref(0); | |
| if(rg.start == (size_t)-1 && rg.end == (size_t)-1){ | |
| SAPI::add_header_attribute(r.sapi_info, "status", "416 Requested Range Not Satisfiable"); | |
| return; | |
| } | |
| if(rg.start == (size_t)-1 && rg.end != (size_t)-1){ | |
| rg.start = content_length - rg.end; | |
| rg.end = content_length; | |
| offset += rg.start; | |
| part_length = rg.end-rg.start; | |
| }else if(rg.start != (size_t)-1 && rg.end == (size_t)-1){ | |
| rg.end = content_length-1; | |
| offset += rg.start; | |
| part_length -= rg.start; | |
| } | |
| if(part_length == 0){ | |
| SAPI::add_header_attribute(r.sapi_info, "status", "204 No Content"); | |
| return; | |
| } | |
| SAPI::add_header_attribute(r.sapi_info, "status", "206 Partial Content"); | |
| snprintf((char*)buf, BUFSIZE, "bytes %u-%u/%u", rg.start, rg.end, content_length); | |
| SAPI::add_header_attribute(r.sapi_info, "Content-Range", (char*)buf); | |
| }else if(count != 0){ | |
| SAPI::add_header_attribute(r.sapi_info, "status", "501 Not Implemented"); | |
| return; | |
| } | |
| } | |
| fseek(f, offset, SEEK_SET); | const char* pa_md5(const char *in, size_t in_size) |
| snprintf((char*)buf, BUFSIZE, "%u", part_length); | { |
| SAPI::add_header_attribute(r.sapi_info, "Content-Length", (char*)buf); | PA_MD5_CTX context; |
| unsigned char digest[16]; | |
| if(info.add_content_disposition && disposition){ | pa_MD5Init(&context); |
| const char *fname = 0; | pa_MD5Update(&context, (const unsigned char*)in, in_size); |
| if(to_file_name){ | pa_MD5Final(digest, &context); |
| fname = to_file_name->as_string().cstr(); | |
| }else{ | return hex_string(digest, sizeof(digest), false); |
| const char *fname = c_from_file_name; | } |
| const char *p1 = strrchr(fname, '/'); | |
| const char *p2 = strrchr(fname, '\\'); | |
| if(p1 || p2) | |
| fname = max(p1, p2)+1; | |
| } | |
| snprintf((char*)buf, BUFSIZE, "%s; filename=\"%s\"", disposition, fname); | static void _md5(Request& r, MethodParams& params) { |
| SAPI::add_header_attribute(r.sapi_info, "Content-Disposition", (char*)buf); | const char* md5; |
| } | if(&r.get_self() == file_class) { |
| if(info.add_content_type) | // ^file:md5[file-name] |
| SAPI::add_header_attribute(r.sapi_info, "Content-Type", r.mime_type_of(c_from_file_name).cstr()); | if(params.count()) { |
| if(info.add_last_modified){ | const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); |
| if(date == 0){ | md5=pa_md5(r.absolute(file_spec)); |
| struct stat st; | } else { |
| if(stat(c_from_file_name, &st)!=0) throw Exception("parser.runtime", 0, "can't get file stat"); | throw Exception(PARSER_RUNTIME, |
| date = new VDate(st.st_mtime); | 0, |
| "file name must be defined"); | |
| } | } |
| const String &s = attributed_meaning_to_string(*date, String::L_AS_IS, true); | } else { |
| SAPI::add_header_attribute(r.sapi_info, "Last-Modified", s.cstr()); | // ^file.md5[] |
| } | VFile& self=GET_SELF(r, VFile); |
| r.cookie.output_result(r.sapi_info); | md5=pa_md5(self.value_ptr(), self.value_size()); |
| SAPI::send_header(r.sapi_info); | |
| const char* request_method=getenv("REQUEST_METHOD"); | |
| bool header_only=request_method && strcasecmp(request_method, "HEAD")==0; | |
| size_t sent = 0; | |
| if(!header_only){ | |
| size_t to_read = 0; | |
| size_t size = 0; | |
| do{ | |
| to_read = part_length<BUFSIZE?part_length:BUFSIZE; | |
| to_read = fread(buf, 1, to_read, f); | |
| if(to_read == 0) | |
| break; | |
| size = SAPI::send_body(r.sapi_info, buf, to_read); | |
| sent += size; | |
| if(size != to_read) | |
| break; | |
| part_length -= to_read; | |
| }while(part_length); | |
| } | } |
| // set flag to bypass other outputs | r.write_no_lang(*new String(md5)); |
| r.response.fields().put("ignore", new VString(*new String("y"))); | |
| r.write_no_lang(*new VInt(sent)); | |
| } | |
| user_file_name=handlers.user_file_name; | |
| const char* user_file_name_cstr=user_file_name? user_file_name->cstr(): 0; | |
| VString* vcontent_type=handlers.user_content_type? | |
| new VString(*handlers.user_content_type) | |
| : user_file_name_cstr? | |
| new VString(r.mime_type_of(user_file_name_cstr)) | |
| : 0; | |
| VFile& self=GET_SELF(r, VFile); | |
| self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); | |
| } | } |
| // constructor | // constructor |
| MFile::MFile(): Methoded("file") { | MFile::MFile(): Methoded("file") { |
| // ^save[mode;file-name] | // ^file::create[text;user-name;string] |
| add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); | // ^file::create[binary;user-name;SOMEDAY SOMETHING] |
| add_native_method("create", Method::CT_DYNAMIC, _create, 3, 4); | |
| // ^file.save[mode;file-name] | |
| // ^file.save[mode;file-name;$.charset[...]] | |
| add_native_method("save", Method::CT_DYNAMIC, _save, 2, 3); | |
| // ^delete[file-name] | // ^file:delete[file-name] |
| add_native_method("delete", Method::CT_STATIC, _delete, 1, 1); | add_native_method("delete", Method::CT_STATIC, _delete, 1, 1); |
| // ^move[from-file-name;to-file-name] | // ^file:move[from-file-name;to-file-name] |
| add_native_method("move", Method::CT_STATIC, _move, 2, 2); | add_native_method("move", Method::CT_STATIC, _move, 2, 2); |
| // ^load[mode;disk-name] | // ^file::load[mode;disk-name] |
| // ^load[mode;disk-name;user-name] | // ^file::load[mode;disk-name;user-name] |
| add_native_method("load", Method::CT_DYNAMIC, _load, 2, 3); | // ^file::load[mode;disk-name;user-name;options hash] |
| // ^file::load[mode;disk-name;options hash] | |
| add_native_method("load", Method::CT_DYNAMIC, _load, 2, 4); | |
| // ^stat[disk-name] | // ^file::stat[disk-name] |
| add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1); | add_native_method("stat", Method::CT_DYNAMIC, _stat, 1, 1); |
| // ^cgi[file-name] | // ^file::cgi[mode;file-name] |
| // ^cgi[file-name;env hash] | // ^file::cgi[mode;file-name;env hash] |
| // ^cgi[file-name;env hash;1cmd;2line;3ar;4g;5s] | // ^file::cgi[mode;file-name;env hash;1cmd;2line;3ar;4g;5s] |
| add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+10); | add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 3+50); |
| // ^exec[file-name] | // ^file::exec[mode;file-name] |
| // ^exec[file-name;env hash] | // ^file::exec[mode;file-name;env hash] |
| // ^exec[file-name;env hash;1cmd;2line;3ar;4g;5s] | // ^file::exec[mode;file-name;env hash;1cmd;2line;3ar;4g;5s] |
| add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+10); | add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 3+50); |
| // ^file:list[path] | // ^file:list[path] |
| // ^file:list[path][regexp] | // ^file:list[path][regexp] |
| Line 1017 MFile::MFile(): Methoded("file") { | Line 1072 MFile::MFile(): Methoded("file") { |
| // ^file:lock[path]{code} | // ^file:lock[path]{code} |
| add_native_method("lock", Method::CT_STATIC, _lock, 2, 2); | add_native_method("lock", Method::CT_STATIC, _lock, 2, 2); |
| // ^find[file-name] | // ^file:find[file-name] |
| // ^find[file-name]{when-not-found} | // ^file:find[file-name]{when-not-found} |
| add_native_method("find", Method::CT_STATIC, _find, 1, 2); | add_native_method("find", Method::CT_STATIC, _find, 1, 2); |
| // ^file:dirname[/a/some.tar.gz]=/a | // ^file:dirname[/a/some.tar.gz]=/a |
| // ^file:dirname[/a/b/]=/a | // ^file:dirname[/a/b/]=/a |
| add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1); | add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1); |
| // ^file:basename[/a/some.tar.gz]=some.tar.gz | // ^file:basename[/a/some.tar.gz]=some.tar.gz |
| add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); | |
| // ^file:send[filename] | // ^file:justname[/a/some.tar.gz]=some.tar |
| // ^file:send[filename;options hash] | |
| // ^file:send[filename;new_filename] | |
| // ^file:send[filename;new_filename;options hash] | |
| add_native_method("send", Method::CT_STATIC, _send, 1, 3); | |
| add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); | |
| // ^file:justname[/a/some.tar.gz]=some.tar | |
| add_native_method("justname", Method::CT_STATIC, _justname, 1, 1); | add_native_method("justname", Method::CT_STATIC, _justname, 1, 1); |
| // ^file:justext[/a/some.tar.gz]=gz | // ^file:justext[/a/some.tar.gz]=gz |
| add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); | add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); |
| // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif | // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif |
| add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); | add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); |
| // ^file.sql-string[] | // ^file.sql-string[] |
| add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); | add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); |
| // ^file::sql[[alt_name]]{} | // ^file::sql{}[options hash] |
| add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); | add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); |
| // ^file::base64[string] << decode | |
| // ^file.base64[] << encode | |
| // ^file:base64[file-name] << encode | |
| add_native_method("base64", Method::CT_ANY, _base64, 0, 1); | |
| // ^file.crc32[] | |
| // ^file:crc32[file-name] | |
| add_native_method("crc32", Method::CT_ANY, _crc32, 0, 1); | |
| // ^file.md5[] | |
| // ^file:md5[file-name] | |
| add_native_method("md5", Method::CT_ANY, _md5, 0, 1); | |
| // ^file:copy[from-file-name;to-file-name] | |
| add_native_method("copy", Method::CT_STATIC, _copy, 2, 2); | |
| } | } |