--- parser3/src/classes/file.C 2009/09/08 09:12:47 1.201 +++ parser3/src/classes/file.C 2010/09/08 02:57:10 1.211 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2009/09/08 09:12:47 $"; +static const char * const IDENT_FILE_C="$Date: 2010/09/08 02:57:10 $"; #include "pa_config_includes.h" @@ -25,6 +25,7 @@ static const char * const IDENT_FILE_C=" #include "pa_sql_connection.h" #include "pa_md5.h" #include "pa_vregex.h" +#include "pa_version.h" // defines @@ -115,7 +116,7 @@ static bool is_valid_mode (const String& return (mode==text_mode_name || mode==binary_mode_name); } -static bool is_text_mode(const String& mode) { +bool is_text_mode(const String& mode) { if(mode==text_mode_name) return true; if(mode==binary_mode_name) @@ -132,15 +133,13 @@ static void _save(Request& r, MethodPara Charset* asked_charset=0; if(params.count()>2) if(HashStringValue* options=params.as_no_junction(2, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ - size_t valid_options=0; + int valid_options=0; if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); valid_options++; } if(valid_options != options->count()) - throw Exception(PARSER_RUNTIME, - 0, - INVALID_OPTION_PASSED); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } // save @@ -289,9 +288,31 @@ static void _create(Request& r, MethodPa params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC); const String& content=params.as_string(2, "content must be string"); - const String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes + String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes + + VString* vcontent_type=0; + if(params.count()>3) + if(HashStringValue* options=params.as_hash(3)){ + Charset* asked_charset=0; + + int valid_options=0; + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ + asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); + valid_options++; + } + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); - VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); + if(asked_charset) + content_body=Charset::transcode(content_body, r.charsets.source(), *asked_charset); + } + + if(!vcontent_type) + vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); VFile& self=GET_SELF(r, VFile); self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type); @@ -327,6 +348,7 @@ static bool is_safe_env_key(const char* if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) return false; } +#ifdef PA_SAFE_MODE if(strncasecmp(key, "HTTP_", 5)==0) return true; if(strncasecmp(key, "CGI_", 4)==0) @@ -336,6 +358,9 @@ static bool is_safe_env_key(const char* return true; } return false; +#else + return true; +#endif } #ifndef DOXYGEN struct Append_env_pair_info { @@ -424,6 +449,7 @@ static void _exec_cgi(Request& r, Method // const ECSTR(GATEWAY_INTERFACE, "CGI/1.1"); + ECSTR(PARSER_VARSION, PARSER_VERSION); // from Request.info ECSTR(DOCUMENT_ROOT, r.request_info.document_root); ECSTR(PATH_TRANSLATED, r.request_info.path_translated); @@ -688,21 +714,6 @@ static void _lock(Request& r, MethodPara &info); } -static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { - size_t size=0; // just to calm down compiler - if(beforelast) - size=s.length(); - size_t at; - while((at=s.pos(String::Body(substr), after))!=STRING_NOT_FOUND) { - size_t newafter=at+substr_size/*skip substr*/; - if(beforelast && newafter==size) - break; - after=newafter; - } - - return after; -} - static void _find(Request& r, MethodParams& params) { const String& file_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE).as_string(); const String* file_spec; @@ -842,7 +853,7 @@ public: user_content_type=new String(str, String::L_TAINTED); break; default: - error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); + error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three columns"); return true; } return false; @@ -885,9 +896,7 @@ static void _sql(Request& r, MethodParam offset=(ulong)r.process_to_value(*voffset).as_double(); } if(valid_options!=options->count()) - throw Exception(PARSER_RUNTIME, - 0, - "called with invalid option"); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } @@ -916,17 +925,58 @@ static void _sql(Request& r, MethodParam } static void _base64(Request& r, MethodParams& params) { - bool dynamic = !(&r.get_self() == file_class); - if(dynamic){ + bool dynamic=!(&r.get_self() == file_class); + if(dynamic) { VFile& self=GET_SELF(r, VFile); if(params.count()) { - // decode: ^file::base64[encoded] - const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded[;$.content-type[...]]] + bool is_text=false; + VString* vcontent_type=0; + const char* user_file_name_cstr=0; + size_t param_index=0; + + if(params.count() > 1) { + if(params.count() < 3) + throw Exception(PARSER_RUNTIME, + 0, + "constructor can't have less then 3 parameters (has %d parameters)", + params.count()); // actually it accepts 1 parameter (backward) + + is_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); + user_file_name_cstr=params.as_string(1, FILE_NAME_MUST_BE_STRING).taint_cstr(String::L_FILE_SPEC); + + if(params.count() == 4) + if(HashStringValue* options=params.as_hash(3)) { + int valid_options=0; + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + + if(!vcontent_type) + vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); + + param_index=2; + } + + const char* encoded=params.as_string(param_index, PARAMETER_MUST_BE_STRING).cstr(); + char* decoded=0; size_t length=0; - pa_base64_decode(cstr, strlen(cstr), decoded, length); - if(decoded && length) - self.set(true/*tainted*/, decoded, length); + pa_base64_decode(encoded, strlen(encoded), decoded, length); + + if(length && is_text) + fix_line_breaks(decoded, length); + + self.set(true/*tainted*/, decoded, length, user_file_name_cstr, vcontent_type); + + if(params.count() > 1) + self.set_mode(is_text); } else { // encode: ^f.base64[] const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); @@ -1027,8 +1077,10 @@ static void _md5(Request& r, MethodParam MFile::MFile(): Methoded("file") { // ^file::create[text;user-name;string] + // ^file::create[text;user-name;string;options hash] // ^file::create[binary;user-name;SOMEDAY SOMETHING] - add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3); + // ^file::create[binary;user-name;SOMEDAY SOMETHING;options hash] + add_native_method("create", Method::CT_DYNAMIC, _create, 3, 4); // ^file.save[mode;file-name] // ^file.save[mode;file-name;$.charset[...]] @@ -1085,13 +1137,18 @@ MFile::MFile(): Methoded("file") { // ^file.sql-string[] add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); + // ^file::sql{} // ^file::sql{}[options hash] add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); - // ^file::base64[string] << decode - // ^file.base64[] << encode - // ^file:base64[file-name] << encode - add_native_method("base64", Method::CT_ANY, _base64, 0, 1); + // encode: + // ^file.base64[] + // ^file:base64[file-name] + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded] + // ^file::base64[mode;user-file-name;encoded;$.content-type[...]] + add_native_method("base64", Method::CT_ANY, _base64, 0, 4); // ^file.crc32[] // ^file:crc32[file-name]