--- parser3/src/classes/file.C	2004/07/07 10:22:28	1.124
+++ parser3/src/classes/file.C	2005/11/24 14:00:34	1.142
@@ -1,11 +1,11 @@
 /** @file
 	Parser: @b file parser class.
 
-	Copyright (c) 2001-2004 ArtLebedev Group (http://www.artlebedev.com)
+	Copyright (c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com)
 	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 */
 
-static const char * const IDENT_FILE_C="$Date: 2004/07/07 10:22:28 $";
+static const char * const IDENT_FILE_C="$Date: 2005/11/24 14:00:34 $";
 
 #include "pa_config_includes.h"
 
@@ -29,15 +29,23 @@ static const char * const IDENT_FILE_C="
 // defines
 
 #define TEXT_MODE_NAME "text"
+#define BINARY_MODE_NAME "binary"
 #define STDIN_EXEC_PARAM_NAME "stdin"
 #define CHARSET_EXEC_PARAM_NAME "charset"
 
+#define NAME_NAME "name"
+
+// externs
+
+extern String sql_limit_name;
+extern String sql_offset_name;
+
 // class
 
 class MFile: public Methoded {
 public: // VStateless_class
 	
-	Value* create_new_value(Pool&) { return new VFile(); }
+	Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); }
 
 public: // Methoded
 	bool used_directly() { return true; }
@@ -105,13 +113,23 @@ static const String::Body cdate_name("cd
 
 // methods
 
+static bool is_text_mode(const String& mode) {
+	if(mode==TEXT_MODE_NAME)
+		return true;
+	if(mode==BINARY_MODE_NAME)
+		return false;
+	throw Exception("parser.runtime",
+		&mode,
+		"is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'");
+}
+
 static void _save(Request& r, MethodParams& params) {
 	Value& vmode_name=params. as_no_junction(0, "mode must not be code");
 	Value& vfile_name=params.as_no_junction(1, "file name must not be code");
 
 	// save
 	GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()),
-		vmode_name.as_string()==TEXT_MODE_NAME);
+		is_text_mode(vmode_name.as_string()));
 }
 
 static void _delete(Request& r, MethodParams& params) {
@@ -147,9 +165,22 @@ static void _load(Request& r, MethodPara
 	if(third_param_hash)
 		alt_filename_param_index++;
 
+	HashStringValue* options=third_param_hash;
+	size_t offset=0;
+	size_t limit=0;
+	if(options) {
+		options=new HashStringValue(*options);
+		if(Value *voffset=(Value *)options->get(sql_offset_name)) {
+			offset=r.process_to_value(*voffset).as_int();
+		}
+		if(Value *vlimit=(Value *)options->get(sql_limit_name)) {
+			limit=r.process_to_value(*vlimit).as_int();
+		}
+		// no check on options count here, see file_read
+	}
 	File_read_result file=file_read(r.charsets, lfile_name,
-		vmode_name.as_string()==TEXT_MODE_NAME,
-		third_param_hash
+		is_text_mode(vmode_name.as_string()),
+		options, true, 0, offset, limit
 	);
 
 	const char *user_file_name=params.count()>alt_filename_param_index?
@@ -158,7 +189,10 @@ static void _load(Request& r, MethodPara
 
 	Value* vcontent_type=0;
 	if(file.headers)
-		vcontent_type=file.headers->get(content_type_name);
+	{
+		if(Value* remote_content_type=file.headers->get("CONTENT-TYPE"))
+			vcontent_type=new VString(*new String(remote_content_type->as_string().cstr()));
+	} 
 	if(!vcontent_type)
 		vcontent_type=new VString(r.mime_type_of(user_file_name));
 	
@@ -168,6 +202,25 @@ static void _load(Request& r, MethodPara
 		file.headers->for_each(_load_pass_param, &self.fields());
 }
 
+static void _create(Request& r, MethodParams& params) {
+	Value& vmode_name=params. as_no_junction(0, "mode must not be code");
+	if(!is_text_mode(vmode_name.as_string()))
+		throw Exception("parser.runtime",
+			0,
+			"only text mode is currently supported");
+
+	const char* user_file_name_cstr=r.absolute(
+		params.as_no_junction(1, "file name must not be code").as_string()).cstr(String::L_FILE_SPEC);
+
+	const String& content=params.as_string(2, "content must be string");
+	const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes
+
+	VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr));
+	
+	VFile& self=GET_SELF(r, VFile);
+	self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type);
+}
+
 static void _stat(Request& r, MethodParams& params) {
 	Value& vfile_name=params.as_no_junction(0, "file name must not be code");
 
@@ -206,9 +259,9 @@ static bool is_safe_env_key(const char*
 }
 #ifndef DOXYGEN
 struct Append_env_pair_info {
+	Request_charsets* charsets;
 	HashStringString* env;
 	Value* vstdin;
-	Value* vcharset;
 };
 #endif
 static void append_env_pair(
@@ -218,13 +271,13 @@ static void append_env_pair(
 	if(akey==STDIN_EXEC_PARAM_NAME) {
 		info->vstdin=avalue;
 	} else if(akey==CHARSET_EXEC_PARAM_NAME) {
-		info->vcharset=avalue;
+		// ignore, already processed
 	} else {
 		if(!is_safe_env_key(akey.cstr()))
 			throw Exception("parser.runtime",
 				new String(akey, String::L_TAINTED),
 				"not safe environment variable");
-		info->env->put(akey, avalue->as_string().cstr(String::L_UNSPECIFIED));
+		info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets));
 	}
 }
 #ifndef DOXYGEN
@@ -238,10 +291,10 @@ static void pass_cgi_header_attribute(
 				      ArrayString::element_type astring, 
 				      Pass_cgi_header_attribute_info* info) {
 	size_t colon_pos=astring->pos(':');
-	if(colon_pos==STRING_NOT_FOUND) {
+	if(colon_pos!=STRING_NOT_FOUND) {
 		const String& key=astring->mid(0, colon_pos).change_case(
 			*info->charset, String::CC_UPPER);
-		Value* value=new VString(astring->mid(colon_pos+1, astring->length()));
+		Value* value=new VString(astring->mid(colon_pos+1, astring->length()).trim());
 		info->fields->put(key, value);
 		if(key=="CONTENT-TYPE")
 			info->content_type=value;
@@ -295,8 +348,19 @@ static void _exec_cgi(Request& r, Method
 	if(params.count()>1) {
 		Value& venv=params.as_no_junction(1, "env must not be code");
 		if(HashStringValue* user_env=venv.get_hash()) {
-			Append_env_pair_info info={&env, 0, 0};
-			user_env->for_each(append_env_pair, &info);
+			// $.charset  [previewing to handle URI pieces]
+			if(Value* vcharset=user_env->get(CHARSET_EXEC_PARAM_NAME))
+				charset=&charsets.get(vcharset->as_string()
+					.change_case(r.charsets.source(), String::CC_UPPER));
+
+			// $.others
+			Append_env_pair_info info={&r.charsets, &env, 0};
+			{
+				// influence URLencoding of tainted pieces to String::L_URI lang
+				// main target -- $.QUERY_STRING
+				Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source());
+				user_env->for_each(append_env_pair, &info);
+			}
 			// $.stdin
 			if(info.vstdin) {
 				stdin_specified=true;
@@ -310,10 +374,6 @@ static void _exec_cgi(Request& r, Method
 							0,
 							STDIN_EXEC_PARAM_NAME " parameter must be string or file");
 			}
-			// $.charset
-			if(info.vcharset)
-				charset=&charsets.get(info.vcharset->as_string()
-					.change_case(r.charsets.source(), String::CC_UPPER));
 		}
 	}
 
@@ -535,7 +595,7 @@ static void _find(Request& r, MethodPara
 		file_spec=&r.relative(r.request_info.uri, file_name);
 
 	// easy way
-	if(file_readable(r.absolute(*file_spec))) {
+	if(file_exist(r.absolute(*file_spec))) {
 		r.write_assign_lang(*file_spec);
 		return;
 	}
@@ -550,7 +610,7 @@ static void _find(Request& r, MethodPara
 		String test_name;
 		test_name<<*(dirname=&dirname->mid(0, after_monkey_slash));
 		test_name<<basename;
-		if(file_readable(r.absolute(test_name))) {
+		if(file_exist(r.absolute(test_name))) {
 			r.write_assign_lang(test_name);
 			return;
 		}
@@ -630,8 +690,8 @@ class File_sql_event_handlers: public SQ
 	int got_cells;
 public:
 	String::C value;
-	String* user_file_name;
-	String* user_content_type;
+	const String* user_file_name;
+	const String* user_content_type;
 public:
 	File_sql_event_handlers(
 		const String& astatement_string, const char* astatement_cstr):
@@ -657,10 +717,12 @@ public:
 					value=String::C(str, length); 
 					break;
 				case 1:
-					user_file_name=new String(str, length, true);
+					if(!user_file_name) // user not specified?
+						user_file_name=new String(str, length, true);
 					break;
 				case 2:
-					user_content_type=new String(str, length, true);
+					if(!user_content_type) // user not specified?
+						user_content_type=new String(str, length, true);
 					break;
 				default:
 					error=SQL_Error("parser.runtime", "result must not contain more then one row, three rows");
@@ -675,17 +737,33 @@ public:
 };
 #endif
 static void _sql(Request& r, MethodParams& params) {
-	const String* user_file_name=0;
-	if(params.get(0)->is_string())
-		user_file_name=&params.get(0)->as_string();
-
-	Value& statement=params.as_junction(params.count()-1, "statement must be code");
+	Value& statement=params.as_junction(0, "statement must be code");
 
 	Temp_lang temp_lang(r, String::L_SQL);
 	const String& statement_string=r.process_to_string(statement);
 	const char* statement_cstr=
 		statement_string.cstr(String::L_UNSPECIFIED, r.connection());
 	File_sql_event_handlers handlers(statement_string, statement_cstr);
+
+	if(params.count()>1)
+		if(HashStringValue* options=
+			params.as_no_junction(1, "param must not be code").get_hash()) {
+			int valid_options=0;
+			if(Value* vfilename=options->get(NAME_NAME)) {
+				valid_options++;
+				handlers.user_file_name=&vfilename->as_string();
+			}
+			if(Value* vcontent_type=options->get(CONTENT_TYPE_NAME)) {
+				valid_options++;
+				handlers.user_content_type=&vcontent_type->as_string();
+			}
+			if(valid_options!=options->count())
+				throw Exception("parser.runtime",
+					0,
+					"called with invalid option");
+		}
+
+
 	r.connection()->query(
 		statement_cstr, 
 		0, 0,
@@ -698,10 +776,7 @@ static void _sql(Request& r, MethodParam
 			0,
 			"produced no result");
 
-	if(!user_file_name)
-		user_file_name=handlers.user_file_name;
-
-	const char* user_file_name_cstr=user_file_name? user_file_name->cstr(): 0;
+	const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0;
 
 	VString* vcontent_type=handlers.user_content_type? 
 		new VString(*handlers.user_content_type)
@@ -712,9 +787,30 @@ static void _sql(Request& r, MethodParam
 	self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type);
 }
 
+static void _base64(Request& r, MethodParams& params) {
+	VFile& self=GET_SELF(r, VFile);
+	if(params.count()) {
+		// decode
+		const char* cstr=params.as_string(0, "parameter must be string").cstr();
+		char* decoded_cstr=0;
+		size_t decoded_size=0;
+		pa_base64_decode(cstr, strlen(cstr), decoded_cstr, decoded_size);
+		if(decoded_cstr && decoded_size)
+			self.set(true/*tainted*/, decoded_cstr, decoded_size);
+	} else {
+		// encode 
+		const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size());
+		r.write_assign_lang(*new String(encoded, 0, true/*once ?param=base64(something) was needed*/));
+	}
+}
+
 // constructor
 
 MFile::MFile(): Methoded("file") {
+	// ^create[text;user-name;string]
+	// ^create[binary;user-name;SOMEDAY SOMETHING]
+	add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3);
+
 	// ^save[mode;file-name]
 	add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2);
 
@@ -734,12 +830,12 @@ MFile::MFile(): Methoded("file") {
 	// ^cgi[file-name]
 	// ^cgi[file-name;env hash]
 	// ^cgi[file-name;env hash;1cmd;2line;3ar;4g;5s]
-	add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+10);
+	add_native_method("cgi", Method::CT_DYNAMIC, _cgi, 1, 2+50);
 
 	// ^exec[file-name]
 	// ^exec[file-name;env hash]
 	// ^exec[file-name;env hash;1cmd;2line;3ar;4g;5s]
-	add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+10);
+	add_native_method("exec", Method::CT_DYNAMIC, _exec, 1, 2+50);
 
 	// ^file:list[path]
 	// ^file:list[path][regexp]
@@ -769,4 +865,8 @@ MFile::MFile(): Methoded("file") {
 
     // ^file::sql[[alt_name]]{}
 	add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2);
+
+	// ^file.base64[] << encode
+	// ^file::base64[string] << decode
+	add_native_method("base64", Method::CT_DYNAMIC, _base64, 0, 1);
 }