--- parser3/src/classes/file.C	2009/01/12 07:46:13	1.181
+++ parser3/src/classes/file.C	2009/08/08 13:30:20	1.199
@@ -1,11 +1,11 @@
 /** @file
 	Parser: @b file parser class.
 
-	Copyright (c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com)
+	Copyright (c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com)
 	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 */
 
-static const char * const IDENT_FILE_C="$Date: 2009/01/12 07:46:13 $";
+static const char * const IDENT_FILE_C="$Date: 2009/08/08 13:30:20 $";
 
 #include "pa_config_includes.h"
 
@@ -24,11 +24,10 @@ static const char * const IDENT_FILE_C="
 #include "pa_charsets.h"
 #include "pa_sql_connection.h"
 #include "pa_md5.h"
+#include "pa_vregex.h"
 
 // defines
 
-#define TEXT_MODE_NAME "text"
-#define BINARY_MODE_NAME "binary"
 #define STDIN_EXEC_PARAM_NAME "stdin"
 #define CHARSET_EXEC_PARAM_NAME "charset"
 
@@ -44,7 +43,7 @@ extern String sql_offset_name;
 class MFile: public Methoded {
 public: // VStateless_class
 	
-	Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); }
+	Value* create_new_value(Pool&) { return new VFile(); }
 
 public: // Methoded
 	bool used_directly() { return true; }
@@ -113,13 +112,13 @@ static const String::Body cdate_name("cd
 // methods
 
 static bool is_valid_mode (const String& mode) {
-	return (mode==TEXT_MODE_NAME || mode==BINARY_MODE_NAME);
+	return (mode==text_mode_name || mode==binary_mode_name);
 }
 
 static bool is_text_mode(const String& mode) {
-	if(mode==TEXT_MODE_NAME)
+	if(mode==text_mode_name)
 		return true;
-	if(mode==BINARY_MODE_NAME)
+	if(mode==binary_mode_name)
 		return false;
 	throw Exception(PARSER_RUNTIME,
 		&mode,
@@ -203,14 +202,27 @@ static void _load(Request& r, MethodPara
 	const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string());
 
 	size_t param_index=params.count()-1;
-	Value* param_value=param_index>=2?&params.as_no_junction(param_index, "filename or options must not be code"):0;
-	HashStringValue* param_hash=param_value?param_value->get_hash():0;
-	HashStringValue* options=param_hash;
+	Value* param_value=param_index>1?&params.as_no_junction(param_index, "filename or options must not be code"):0;
 
-	param_index--;
+	HashStringValue* options=0;
+	const char *user_file_name=0;
+
+	if(param_value){
+		options=param_value->get_hash();
+		if(options || param_index>2)
+			param_index--;
+		if(param_index>1){
+			const String& luser_file_name=params.as_string(param_index, FILE_NAME_MUST_BE_STRING);
+			if(!luser_file_name.is_empty())
+				user_file_name=luser_file_name.taint_cstr(String::L_FILE_SPEC);
+		}
+	}
+	if(!user_file_name)
+		user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC);
 
 	size_t offset=0;
 	size_t limit=0;
+
 	if(options){
 		options=new HashStringValue(*options);
 		if(Value *voffset=(Value *)options->get(sql_offset_name)){
@@ -221,14 +233,10 @@ static void _load(Request& r, MethodPara
 		}
 		// no check on options count here, see file_read
 	}
-	File_read_result file=file_read(r.charsets, lfile_name,
+	File_read_result file=file_load(r, lfile_name,
 		as_text, options, true, 0, offset, limit
 	);
 
-	const char *user_file_name=(param_index>=2)?
-				params.as_string(param_index, FILE_NAME_MUST_BE_STRING).cstr(String::L_FILE_SPEC)
-				:lfile_name.cstr(String::L_FILE_SPEC);
-
 	Value* vcontent_type=0;
 	if(file.headers){
 		if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER))
@@ -240,6 +248,8 @@ static void _load(Request& r, MethodPara
 	VFile& self=GET_SELF(r, VFile);
 	self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type);
 
+	self.set_mode(as_text);
+
 	if(file.headers){
 		file.headers->for_each<HashStringValue*>(_load_pass_param, &self.fields());
 	} else {
@@ -253,26 +263,27 @@ static void _load(Request& r, MethodPara
 		ff.put(mdate_name, new VDate(mtime));
 		ff.put(cdate_name, new VDate(ctime));
 	}
-
 }
 
 static void _create(Request& r, MethodParams& params) {
-	Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE);
-	if(!is_text_mode(vmode_name.as_string()))
+	const String& mode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string();
+	if(!is_text_mode(mode_name))
 		throw Exception(PARSER_RUNTIME,
 			0,
 			"only text mode is currently supported");
 
 	const char* user_file_name_cstr=r.absolute(
-		params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).cstr(String::L_FILE_SPEC);
+		params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC);
 
 	const String& content=params.as_string(2, "content must be string");
-	const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes
+	const String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes
 
 	VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr));
 	
 	VFile& self=GET_SELF(r, VFile);
-	self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type);
+	self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type);
+
+	self.set_mode(true/*as_text*/);
 }
 
 static void _stat(Request& r, MethodParams& params) {
@@ -286,7 +297,7 @@ static void _stat(Request& r, MethodPara
 		size,
 		atime, mtime, ctime);
 	
-	const char* user_file_name=lfile_name.cstr(String::L_FILE_SPEC);
+	const char* user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC);
 
 	VFile& self=GET_SELF(r, VFile);
 
@@ -333,7 +344,7 @@ static void append_env_pair(
 			throw Exception(PARSER_RUNTIME,
 				new String(akey, String::L_TAINTED),
 				"not safe environment variable");
-		info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets));
+		info->env->put(akey, avalue->as_string().cstr_to_string_body_untaint(String::L_AS_IS, 0, info->charsets));
 	}
 }
 #ifndef DOXYGEN
@@ -358,23 +369,18 @@ static void pass_cgi_header_attribute(
 }
 
 static void append_to_argv(Request& r, ArrayString& argv, const String* str){
-	if( str->length() ){
-		argv+=new String(str->cstr_to_string_body(String::L_UNSPECIFIED, 0, &r.charsets), String::L_AS_IS);
-	}
+	if(!str->is_empty())
+		argv+=new String(str->cstr_to_string_body_untaint(String::L_AS_IS, 0, &r.charsets), String::L_AS_IS);
 }
 
 /// @todo fix `` in perl - they produced flipping consoles and no output to perl
-static void _exec_cgi(Request& r, MethodParams& params,
-					  bool cgi) {
-
-	Value& first_param=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE);			
-	
-	bool is_mode_specified=is_valid_mode(first_param.as_string());
-	const String& mode_name=(is_mode_specified) ? first_param.as_string() : *new String(TEXT_MODE_NAME);
-
-	size_t param_index=1;
-	if(!is_mode_specified){
-		--param_index;
+static void _exec_cgi(Request& r, MethodParams& params, bool cgi) {
+	bool as_text=true;
+	size_t param_index=0;
+	const String& mode_name=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE).as_string();
+	if(is_valid_mode(mode_name)){
+		as_text=is_text_mode(mode_name);
+		param_index++;
 	}
 
 	if(param_index>=params.count())
@@ -392,7 +398,7 @@ static void _exec_cgi(Request& r, Method
 		if(value_cstr) \
 			env.put( \
 				String::Body(#name), \
-				String::Body(value_cstr, 0)); \
+				String::Body(*value_cstr?value_cstr:0)); \
 	// passing SAPI::environment
 	if(const char *const *pairs=SAPI::environment(r.sapi_info)) {
 		while(const char* pair=*pairs++)
@@ -446,7 +452,7 @@ static void _exec_cgi(Request& r, Method
 				if(const String* sstdin=info.vstdin->get_string()) {
 					in->append(*sstdin, String::L_CLEAN, true);
 				} else
-					if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file", false)))
+					if(VFile* vfile=static_cast<VFile *>(info.vstdin->as("file")))
 						in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED);
 					else
 						throw Exception(PARSER_RUNTIME,
@@ -460,7 +466,6 @@ static void _exec_cgi(Request& r, Method
 	ArrayString argv;
 	if(param_index < params.count()) {
 		// influence tainting 
-		// main target -- URLencoding of tainted pieces to String::L_URI lang
 		Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source());
 
 		for(size_t i=param_index; i<params.count(); i++) {
@@ -504,10 +509,10 @@ static void _exec_cgi(Request& r, Method
 	if(charset)
 		real_err=&Charset::transcode(*real_err, *charset, r.charsets.source());
 
-	if(file_out->length && is_text_mode(mode_name)){
+	if(file_out->length && as_text){
 		fix_line_breaks(file_out->str, file_out->length);
 		// treat output as string
-		String *real_out = new String(file_out->str, file_out->length);
+		String *real_out = new String(file_out->str);
 
 		// transcode out if necessary
 		if(charset)
@@ -546,8 +551,8 @@ static void _exec_cgi(Request& r, Method
 					"output does not contain CGI header; "
 					"exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", 
 						execution.status, 
-						(size_t)file_out->length, (file_out->length) ? (file_out->str) : "",
-						(size_t)real_err->length(), real_err->cstr());
+						file_out->length, (file_out->length) ? (file_out->str) : "",
+						real_err->length(), real_err->cstr());
 				break; //never reached
 		}
 
@@ -563,7 +568,7 @@ static void _exec_cgi(Request& r, Method
 		}
 
 		file_out->str[header_break_pos] = 0;
-		String *header=new String(file_out->str, header_break_pos);
+		String *header=new String(file_out->str);
 		unsigned long headersize = header_break_pos+eol_marker_size*2;
 		file_out->str += headersize;
 		file_out->length -= headersize;
@@ -572,7 +577,7 @@ static void _exec_cgi(Request& r, Method
 		self.set(false/*not tainted*/, file_out->str, file_out->length);
 
 		// $fields << header
-		if(header && eol_marker) {
+		if(header) {
 			ArrayString rows;
 			size_t pos_after=0;
 			header->split(rows, pos_after, eol_marker);
@@ -588,11 +593,13 @@ static void _exec_cgi(Request& r, Method
 		self.set(false/*not tainted*/, file_out->str, file_out->length);
 	}
 
+	self.set_mode(as_text);
+
 	// $status
 	self.fields().put(file_status_name, new VInt(execution.status));
 	
 	// $stderr
-	if(real_err->length())
+	if(!real_err->is_empty())
 		self.fields().put(
 			String::Body("stderr"),
 			new VString(*real_err));
@@ -607,70 +614,41 @@ static void _cgi(Request& r, MethodParam
 static void _list(Request& r, MethodParams& params) {
 	Value& relative_path=params.as_no_junction(0, "path must not be code");
 
-	const String* regexp;
-	pcre *regexp_code;
-	const int ovecsize=(1/*match*/)*3;
-	int ovector[ovecsize];
-	if(params.count()>1) {
-		regexp=&params.as_no_junction(1, "regexp must not be code").as_string();
-
-		const char* pattern=regexp->cstr(String::L_UNSPECIFIED);
-		const char* errptr;
-		int erroffset;
-		int options=PCRE_EXTRA | PCRE_DOTALL;
-		if(r.charsets.source().isUTF8())
-			options=options|PCRE_UTF8;
-
-		regexp_code=pcre_compile(pattern, options, 
-			&errptr, &erroffset, 
-			r.charsets.source().pcre_tables);
-
-		if(!regexp_code)
-			throw Exception(PCRE_EXCEPTION_TYPE, 
-				&regexp->mid(erroffset, regexp->length()), 
-				"regular expression syntax error - %s", errptr);
-	} else {
-		regexp=0; // not used, just to calm down compiler
-		regexp_code=0;
+	VRegex* vregex=0;
+	VRegexCleaner vrcleaner;
+	if(params.count()>1){
+		Value& regexp=params.as_no_junction(1, "regexp must not be code");
+		if(regexp.is_defined()){
+			if(Value* value=regexp.as(VREGEX_TYPE)){
+				vregex=static_cast<VRegex*>(value);
+			} else {
+				vregex=new VRegex(r.charsets.source(), &regexp.as_string(), 0/*options*/);
+				vregex->study();
+				vrcleaner.vregex=vregex;
+			}
+		}
 	}
 
-
-	const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC);
+	const char* absolute_path_cstr=r.absolute(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC);
 
 	Table::columns_type columns(new ArrayString);
 	*columns+=new String("name");
 	Table& table=*new Table(columns);
 
+	const int ovector_size=(1/*match*/)*3;
+	int ovector[ovector_size];
+
 	LOAD_DIR(absolute_path_cstr, 
 		const char* file_name_cstr=ffblk.ff_name;
 		size_t file_name_size=strlen(file_name_cstr);
-		bool suits=true;
-		if(regexp_code) {
-			int exec_result=pcre_exec(regexp_code, 0, 
-				ffblk.ff_name, file_name_size, 0, 
-				0, ovector, ovecsize);
-			
-			if(exec_result==PCRE_ERROR_NOMATCH)
-				suits=false;
-			else if(exec_result<0) {
-				(*pcre_free)(regexp_code);
-				throw Exception(PCRE_EXCEPTION_TYPE, 
-					regexp,
-					print_pcre_exec_error_text(exec_result),
-						exec_result);
-			}
-		}
 
-		if(suits) {
+		if(!vregex || vregex->exec(ffblk.ff_name, file_name_size, ovector, ovector_size)>=0) {
 			Table::element_type row(new ArrayString);
-			*row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true);
+			*row+=new String(pa_strdup(file_name_cstr, file_name_size), String::L_TAINTED);
 			table+=row;
 		}
 	);
 
-	if(regexp_code)
-		pcre_free(regexp_code);
-
 	// write out result
 	r.write_no_lang(*new VTable(&table));
 }
@@ -705,7 +683,7 @@ static int lastposafter(const String& s,
 	if(beforelast)
 		size=s.length();
 	size_t at;
-	while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) {
+	while((at=s.pos(String::Body(substr), after))!=STRING_NOT_FOUND) {
 		size_t newafter=at+substr_size/*skip substr*/;
 		if(beforelast && newafter==size)
 			break;
@@ -760,7 +738,7 @@ static void _dirname(Request& r, MethodP
 	if(afterslash>0)
 		r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1));
 	else
-		r.write_assign_lang(String(".", 1));
+		r.write_assign_lang(String("."));
 }
 
 static void _basename(Request& r, MethodParams& params) {
@@ -847,11 +825,11 @@ public:
 					break;
 				case 1:
 					if(!user_file_name) // user not specified?
-						user_file_name=new String(str, length, true);
+						user_file_name=new String(str, String::L_TAINTED);
 					break;
 				case 2:
 					if(!user_content_type) // user not specified?
-						user_content_type=new String(str, length, true);
+						user_content_type=new String(str, String::L_TAINTED);
 					break;
 				default:
 					error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows");
@@ -870,8 +848,8 @@ static void _sql(Request& r, MethodParam
 
 	Temp_lang temp_lang(r, String::L_SQL);
 	const String& statement_string=r.process_to_string(statement);
-	const char* statement_cstr=
-		statement_string.cstr(String::L_UNSPECIFIED, r.connection());
+	const char* statement_cstr=statement_string.untaint_cstr(r.flang, r.connection());
+
 	File_sql_event_handlers handlers(statement_string, statement_cstr);
 
 	ulong limit=SQL_NO_LIMIT;
@@ -924,6 +902,7 @@ static void _sql(Request& r, MethodParam
 			: 0;
 	VFile& self=GET_SELF(r, VFile);
 	self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type);
+	self.set_mode(false/*binary*/);
 }
 
 static void _base64(Request& r, MethodParams& params) {
@@ -941,13 +920,13 @@ static void _base64(Request& r, MethodPa
 		} else {
 			// encode: ^f.base64[]
 			const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size());
-			r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed**/));
+			r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed**/));
 		}
 	} else {
 		// encode: ^file:base64[filespec]
 		const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING);
 		const char* encoded=pa_base64_encode(r.absolute(file_spec));
-		r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed*/));
+		r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed*/));
 	}
 }