--- parser3/src/classes/file.C 2009/09/08 09:12:47 1.201 +++ parser3/src/classes/file.C 2012/03/03 00:21:47 1.217 @@ -1,11 +1,11 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2012 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2009/09/08 09:12:47 $"; +static const char * const IDENT_FILE_C="$Date: 2012/03/03 00:21:47 $"; #include "pa_config_includes.h" @@ -25,6 +25,7 @@ static const char * const IDENT_FILE_C=" #include "pa_sql_connection.h" #include "pa_md5.h" #include "pa_vregex.h" +#include "pa_version.h" // defines @@ -42,15 +43,9 @@ extern String sql_offset_name; class MFile: public Methoded { public: // VStateless_class - Value* create_new_value(Pool&) { return new VFile(); } - -public: // Methoded - bool used_directly() { return true; } - public: MFile(); - }; // global variable @@ -111,36 +106,20 @@ static const String::Body cdate_name("cd // methods -static bool is_valid_mode (const String& mode) { - return (mode==text_mode_name || mode==binary_mode_name); -} - -static bool is_text_mode(const String& mode) { - if(mode==text_mode_name) - return true; - if(mode==binary_mode_name) - return false; - throw Exception(PARSER_RUNTIME, - &mode, - "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); -} - static void _save(Request& r, MethodParams& params) { - bool is_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); + bool is_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); Value& vfile_name=params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE); Charset* asked_charset=0; if(params.count()>2) - if(HashStringValue* options=params.as_no_junction(2, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ - size_t valid_options=0; + if(HashStringValue* options=params.as_hash(2)){ + int valid_options=0; if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); valid_options++; } if(valid_options != options->count()) - throw Exception(PARSER_RUNTIME, - 0, - INVALID_OPTION_PASSED); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } // save @@ -148,10 +127,10 @@ static void _save(Request& r, MethodPara } static void _delete(Request& r, MethodParams& params) { - Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); + const String& file_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); // unlink - file_delete(r.absolute(vfile_name.as_string())); + file_delete(r.absolute(file_name)); } static void _move(Request& r, MethodParams& params) { @@ -211,14 +190,14 @@ static void _load_pass_param( } static void _load(Request& r, MethodParams& params) { - bool as_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); - const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); + bool as_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); + const String& lfile_name=r.absolute(params.as_string(1, FILE_NAME_MUST_NOT_BE_CODE)); size_t param_index=params.count()-1; - Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "filename or options must not be code"):0; + Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "file name or options must not be code"):0; HashStringValue* options=0; - const char *user_file_name=0; + const String* user_file_name=0; if(param_value){ options=param_value->get_hash(); @@ -227,11 +206,11 @@ static void _load(Request& r, MethodPara if(param_index>1){ const String& luser_file_name=params.as_string(param_index, FILE_NAME_MUST_BE_STRING); if(!luser_file_name.is_empty()) - user_file_name=luser_file_name.taint_cstr(String::L_FILE_SPEC); + user_file_name=&luser_file_name; } } if(!user_file_name) - user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); + user_file_name=&lfile_name; size_t offset=0; size_t limit=0; @@ -255,11 +234,9 @@ static void _load(Request& r, MethodPara if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER)) vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); } - if(!vcontent_type) - vcontent_type=new VString(r.mime_type_of(user_file_name)); VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); + self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type, &r); self.set_mode(as_text); @@ -279,30 +256,78 @@ static void _load(Request& r, MethodPara } static void _create(Request& r, MethodParams& params) { - const String& mode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string(); - if(!is_text_mode(mode_name)) - throw Exception(PARSER_RUNTIME, - 0, - "only text mode is currently supported"); + const String* mode=0; + const String* file_name=0; + bool is_text=true; + + // new format: ^file::create[string-or-file-content[;$.mode[text|binary] $.name[...] $.content-type[...] $.charset[...] ]] + size_t content_index=0; + size_t options_index=1; + bool extended_options=true; + + if(params.count()>=3){ + // old format: ^file::create[text|binary;file-name;string-or-file-content[;options]] + mode=¶ms.as_string(0, MODE_MUST_NOT_BE_CODE); + is_text=VFile::is_text_mode(*mode); + file_name=¶ms.as_string(1, FILE_NAME_MUST_NOT_BE_CODE); + content_index=2; + options_index=3; + extended_options=false; + } - const char* user_file_name_cstr=r.absolute( - params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).taint_cstr(String::L_FILE_SPEC); + VString* vcontent_type=0; + Charset* asked_charset=0; + if(params.count()>options_index) + if(HashStringValue* options=params.as_hash(options_index)) { + int valid_options=0; + if(extended_options) { + if(Value* vmode=options->get(MODE_NAME)) { + mode=&vmode->as_string(); + is_text=VFile::is_text_mode(*mode); + valid_options++; + } + if(Value* vfile_name=options->get(NAME_NAME)) { + file_name=&vfile_name->as_string(); + valid_options++; + } + } + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { + asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); + valid_options++; + } + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } - const String& content=params.as_string(2, "content must be string"); - const String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes + Value& vcontent=params.as_no_junction(content_index, "content must be string or file"); - VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); - VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type); - self.set_mode(true/*as_text*/); + if(const String* content_str=vcontent.get_string()){ + String::Body body=content_str->cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes + if(asked_charset && is_text) + body=Charset::transcode(body, r.charsets.source(), *asked_charset); + self.set(true/*tainted*/, body.cstr(), body.length()); + self.set_mode(is_text); + } else { + if(asked_charset) + throw Exception(PARSER_RUNTIME, 0, "charset option can not be used with file-content"); + self.set(*vcontent.as_vfile(String::L_AS_IS)); + if(mode) + self.set_mode(is_text); + } + + self.set_name(file_name); + + self.set_content_type(vcontent_type, file_name, &r); } static void _stat(Request& r, MethodParams& params) { - Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); - - const String& lfile_name=vfile_name.as_string(); + const String& lfile_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); size_t size; time_t atime, mtime, ctime; @@ -310,11 +335,9 @@ static void _stat(Request& r, MethodPara size, atime, mtime, ctime); - const char* user_file_name=lfile_name.taint_cstr(String::L_FILE_SPEC); - VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, 0/*no bytes*/, size, user_file_name, new VString(r.mime_type_of(user_file_name))); + self.set(true/*tainted*/, 0/*no bytes*/, size, &lfile_name, 0, &r); HashStringValue& ff=self.fields(); ff.put(adate_name, new VDate(atime)); ff.put(mdate_name, new VDate(mtime)); @@ -327,6 +350,7 @@ static bool is_safe_env_key(const char* if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) return false; } +#ifdef PA_SAFE_MODE if(strncasecmp(key, "HTTP_", 5)==0) return true; if(strncasecmp(key, "CGI_", 4)==0) @@ -336,6 +360,9 @@ static bool is_safe_env_key(const char* return true; } return false; +#else + return true; +#endif } #ifndef DOXYGEN struct Append_env_pair_info { @@ -388,23 +415,18 @@ static void append_to_argv(Request& r, A /// @todo fix `` in perl - they produced flipping consoles and no output to perl static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { - bool as_text=true; + bool is_text=true; size_t param_index=0; - const String& mode_name=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE).as_string(); - if(is_valid_mode(mode_name)){ - as_text=is_text_mode(mode_name); + const String& mode=params.as_string(0, FIRST_ARG_MUST_NOT_BE_CODE); + if(VFile::is_valid_mode(mode)) { + is_text=VFile::is_text_mode(mode); param_index++; } if(param_index>=params.count()) - throw Exception(PARSER_RUNTIME, - 0, - "file name must be specified"); - - - Value& vfile_name=params.as_no_junction(param_index++, FILE_NAME_MUST_NOT_BE_CODE); + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); - const String& script_name=r.absolute(vfile_name.as_string()); + const String& script_name=r.absolute(params.as_string(param_index++, FILE_NAME_MUST_NOT_BE_CODE)); HashStringString env; #define ECSTR(name, value_cstr) \ @@ -424,6 +446,7 @@ static void _exec_cgi(Request& r, Method // const ECSTR(GATEWAY_INTERFACE, "CGI/1.1"); + ECSTR("PARSER_VERSION", PARSER_VERSION); // from Request.info ECSTR(DOCUMENT_ROOT, r.request_info.document_root); ECSTR(PATH_TRANSLATED, r.request_info.path_translated); @@ -436,7 +459,6 @@ static void _exec_cgi(Request& r, Method env.put(String::Body("SCRIPT_NAME"), script_name); //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); - bool stdin_specified=false; // environment & stdin from param String *in=new String(); Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed @@ -458,9 +480,9 @@ static void _exec_cgi(Request& r, Method } // $.stdin if(info.vstdin) { - stdin_specified=true; if(const String* sstdin=info.vstdin->get_string()) { - in->append(*sstdin, String::L_CLEAN, true); + // untaint stdin + in = new String(sstdin->cstr_to_string_body_untaint(String::L_AS_IS), String::L_AS_IS); } else if(VFile* vfile=static_cast(info.vstdin->as("file"))) in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); @@ -519,7 +541,7 @@ static void _exec_cgi(Request& r, Method if(charset) real_err=&Charset::transcode(*real_err, *charset, r.charsets.source()); - if(file_out->length && as_text){ + if(file_out->length && is_text){ fix_line_breaks(file_out->str, file_out->length); // treat output as string String *real_out = new String(file_out->str); @@ -603,7 +625,7 @@ static void _exec_cgi(Request& r, Method self.set(false/*not tainted*/, file_out->str, file_out->length); } - self.set_mode(as_text); + self.set_mode(is_text); // $status self.fields().put(file_status_name, new VInt(execution.status)); @@ -688,23 +710,10 @@ static void _lock(Request& r, MethodPara &info); } -static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { - size_t size=0; // just to calm down compiler - if(beforelast) - size=s.length(); - size_t at; - while((at=s.pos(String::Body(substr), after))!=STRING_NOT_FOUND) { - size_t newafter=at+substr_size/*skip substr*/; - if(beforelast && newafter==size) - break; - after=newafter; - } - - return after; -} - static void _find(Request& r, MethodParams& params) { - const String& file_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE).as_string(); + const String& file_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); + Value* not_found_code=(params.count()==2)?¶ms.as_junction(1, "not-found param must be code"):0; + const String* file_spec; if(file_name.first_char()=='/') file_spec=&file_name; @@ -734,10 +743,8 @@ static void _find(Request& r, MethodPara } // no way, not found - if(params.count()==2) { - Value& not_found_code=params.as_junction(1, "not-found param must be code"); - r.write_pass_lang(r.process(not_found_code)); - } + if(not_found_code) + r.write_pass_lang(r.process(*not_found_code)); } static void _dirname(Request& r, MethodParams& params) { @@ -842,7 +849,7 @@ public: user_content_type=new String(str, String::L_TAINTED); break; default: - error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); + error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three columns"); return true; } return false; @@ -866,7 +873,7 @@ static void _sql(Request& r, MethodParam ulong offset=0; if(params.count()>1) - if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(1)){ int valid_options=0; if(Value* vfilename=options->get(NAME_NAME)) { valid_options++; @@ -885,9 +892,7 @@ static void _sql(Request& r, MethodParam offset=(ulong)r.process_to_value(*voffset).as_double(); } if(valid_options!=options->count()) - throw Exception(PARSER_RUNTIME, - 0, - "called with invalid option"); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } @@ -903,30 +908,69 @@ static void _sql(Request& r, MethodParam 0, "produced no result"); - const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0; - - VString* vcontent_type=handlers.user_content_type? - new VString(*handlers.user_content_type) - : user_file_name_cstr? - new VString(r.mime_type_of(user_file_name_cstr)) - : 0; VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); + + self.set(true/*tainted*/, handlers.value.str, handlers.value.length, handlers.user_file_name + , handlers.user_content_type ? new VString(*handlers.user_content_type) : 0 + , &r); self.set_mode(false/*binary*/); } static void _base64(Request& r, MethodParams& params) { - bool dynamic = !(&r.get_self() == file_class); - if(dynamic){ + bool dynamic=!(&r.get_self() == file_class); + if(dynamic) { VFile& self=GET_SELF(r, VFile); if(params.count()) { - // decode: ^file::base64[encoded] - const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded[;$.content-type[...] $.strict(true|false)]] + bool is_text=false; + bool strict=false; + VString* vcontent_type=0; + const String* user_file_name=0; + size_t param_index=0; + + if(params.count() > 1) { + if(params.count() < 3) + throw Exception(PARSER_RUNTIME, + 0, + "constructor can not have less then 3 parameters (has %d parameters)", + params.count()); // actually it accepts 1 parameter (backward) + + is_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); + user_file_name=¶ms.as_string(1, FILE_NAME_MUST_BE_STRING); + + if(params.count() == 4) + if(HashStringValue* options=params.as_hash(3)) { + int valid_options=0; + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(Value* vstrict=options->get(BASE64_STRICT_OPTION_NAME)) { + strict=r.process_to_value(*vstrict).as_bool(); + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + + param_index=2; + } + + const char* encoded=params.as_string(param_index, PARAMETER_MUST_BE_STRING).cstr(); + char* decoded=0; size_t length=0; - pa_base64_decode(cstr, strlen(cstr), decoded, length); - if(decoded && length) - self.set(true/*tainted*/, decoded, length); + pa_base64_decode(encoded, strlen(encoded), decoded, length, strict); + + if(length && is_text) + fix_line_breaks(decoded, length); + + self.set(true/*tainted*/, decoded, length, user_file_name, vcontent_type, &r); + + if(params.count() > 1) + self.set_mode(is_text); } else { // encode: ^f.base64[] const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); @@ -948,9 +992,7 @@ static void _crc32(Request& r, MethodPar const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); crc32=pa_crc32(r.absolute(file_spec)); } else { - throw Exception(PARSER_RUNTIME, - 0, - "file name must be defined"); + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); } } else { // ^file.crc32[] @@ -1010,9 +1052,7 @@ static void _md5(Request& r, MethodParam const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); md5=pa_md5(r.absolute(file_spec)); } else { - throw Exception(PARSER_RUNTIME, - 0, - "file name must be defined"); + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); } } else { // ^file.md5[] @@ -1026,9 +1066,9 @@ static void _md5(Request& r, MethodParam // constructor MFile::MFile(): Methoded("file") { - // ^file::create[text;user-name;string] - // ^file::create[binary;user-name;SOMEDAY SOMETHING] - add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3); + // ^file::create[text|binary;file-name;string-or-file[;options hash]] + // ^file::create[string-or-file[;options hash]] + add_native_method("create", Method::CT_DYNAMIC, _create, 1, 4); // ^file.save[mode;file-name] // ^file.save[mode;file-name;$.charset[...]] @@ -1085,13 +1125,18 @@ MFile::MFile(): Methoded("file") { // ^file.sql-string[] add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); + // ^file::sql{} // ^file::sql{}[options hash] add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); - // ^file::base64[string] << decode - // ^file.base64[] << encode - // ^file:base64[file-name] << encode - add_native_method("base64", Method::CT_ANY, _base64, 0, 1); + // encode: + // ^file.base64[] + // ^file:base64[file-name] + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded] + // ^file::base64[mode;user-file-name;encoded;$.content-type[...]] + add_native_method("base64", Method::CT_ANY, _base64, 0, 4); // ^file.crc32[] // ^file:crc32[file-name]