--- parser3/src/classes/file.C 2010/08/04 13:31:07 1.209 +++ parser3/src/classes/file.C 2010/11/15 23:37:08 1.213 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2010/08/04 13:31:07 $"; +static const char * const IDENT_FILE_C="$Date: 2010/11/15 23:37:08 $"; #include "pa_config_includes.h" @@ -43,15 +43,9 @@ extern String sql_offset_name; class MFile: public Methoded { public: // VStateless_class - Value* create_new_value(Pool&) { return new VFile(); } - -public: // Methoded - bool used_directly() { return true; } - public: MFile(); - }; // global variable @@ -290,24 +284,29 @@ static void _create(Request& r, MethodPa const String& content=params.as_string(2, "content must be string"); String::Body content_body=content.cstr_to_string_body_untaint(String::L_AS_IS); // explode content, honor tainting changes - if(params.count()>3){ - Charset* asked_charset=0; + VString* vcontent_type=0; + if(params.count()>3) + if(HashStringValue* options=params.as_hash(3)){ + Charset* asked_charset=0; - if(HashStringValue* options=params.as_no_junction(3, OPTIONS_MUST_NOT_BE_CODE).get_hash()){ int valid_options=0; if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); valid_options++; } + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } if(valid_options != options->count()) throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); - } - if(asked_charset != 0) - content_body=Charset::transcode(content_body, r.charsets.source(), *asked_charset); - } + if(asked_charset) + content_body=Charset::transcode(content_body, r.charsets.source(), *asked_charset); + } - VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); + if(!vcontent_type) + vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); VFile& self=GET_SELF(r, VFile); self.set(true/*tainted*/, content_body.cstr(), content_body.length(), user_file_name_cstr, vcontent_type); @@ -457,7 +456,6 @@ static void _exec_cgi(Request& r, Method env.put(String::Body("SCRIPT_NAME"), script_name); //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); - bool stdin_specified=false; // environment & stdin from param String *in=new String(); Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed @@ -479,9 +477,9 @@ static void _exec_cgi(Request& r, Method } // $.stdin if(info.vstdin) { - stdin_specified=true; if(const String* sstdin=info.vstdin->get_string()) { - in->append(*sstdin, String::L_CLEAN, true); + // untaint stdin + in = new String(sstdin->cstr_to_string_body_untaint(String::L_AS_IS), String::L_AS_IS); } else if(VFile* vfile=static_cast(info.vstdin->as("file"))) in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); @@ -848,7 +846,7 @@ public: user_content_type=new String(str, String::L_TAINTED); break; default: - error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); + error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three columns"); return true; } return false;