--- parser3/src/classes/file.C 2009/04/22 04:41:32 1.185 +++ parser3/src/classes/file.C 2016/07/21 18:30:10 1.243 @@ -1,12 +1,10 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2015 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_FILE_C="$Date: 2009/04/22 04:41:32 $"; - #include "pa_config_includes.h" #include "classes.h" @@ -25,39 +23,52 @@ static const char * const IDENT_FILE_C=" #include "pa_sql_connection.h" #include "pa_md5.h" #include "pa_vregex.h" +#include "pa_version.h" + +volatile const char * IDENT_FILE_C="$Id: file.C,v 1.243 2016/07/21 18:30:10 moko Exp $"; // defines -#define TEXT_MODE_NAME "text" -#define BINARY_MODE_NAME "binary" #define STDIN_EXEC_PARAM_NAME "stdin" #define CHARSET_EXEC_PARAM_NAME "charset" #define NAME_NAME "name" +#define KEEP_EMPTY_DIRS_NAME "keep-empty-dirs" +#define SUPPRESS_EXCEPTION_NAME "exception" // externs extern String sql_limit_name; extern String sql_offset_name; +// helpers + +class File_list_table_template_columns: public ArrayString { +public: + File_list_table_template_columns() { + *this+=new String("name"); + *this+=new String("dir"); + *this+=new String("size"); + *this+=new String("cdate"); + *this+=new String("mdate"); + *this+=new String("adate"); + } +}; + +Table file_list_table_template(new File_list_table_template_columns); + // class class MFile: public Methoded { public: // VStateless_class - - Value* create_new_value(Pool&, HashStringValue&) { return new VFile(); } - -public: // Methoded - bool used_directly() { return true; } - + Value* create_new_value(Pool&) { return new VFile(); } public: MFile(); - }; // global variable -DECLARE_CLASS_VAR(file, new MFile, 0); +DECLARE_CLASS_VAR(file, new MFile); // consts @@ -113,51 +124,74 @@ static const String::Body cdate_name("cd // methods -static bool is_valid_mode (const String& mode) { - return (mode==TEXT_MODE_NAME || mode==BINARY_MODE_NAME); -} - -static bool is_text_mode(const String& mode) { - if(mode==TEXT_MODE_NAME) - return true; - if(mode==BINARY_MODE_NAME) - return false; - throw Exception(PARSER_RUNTIME, - &mode, - "is invalid mode, must be either '"TEXT_MODE_NAME"' or '"BINARY_MODE_NAME"'"); -} - static void _save(Request& r, MethodParams& params) { - Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE); + bool is_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); Value& vfile_name=params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE); + Charset* asked_charset=0; + if(params.count()>2) + if(HashStringValue* options=params.as_hash(2)){ + int valid_options=0; + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)){ + asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + // save - GET_SELF(r, VFile).save(r.absolute(vfile_name.as_string()), - is_text_mode(vmode_name.as_string())); + GET_SELF(r, VFile).save(r.charsets, r.absolute(vfile_name.as_string()), is_text, asked_charset); } static void _delete(Request& r, MethodParams& params) { - Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); + const String& file_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); + bool keep_empty_dirs=false; + bool fail_on_problem=true; + + if(params.count()>1) + if(HashStringValue* options=params.as_hash(1)){ + int valid_options=0; + if(Value* vkeep_empty_dirs=options->get(KEEP_EMPTY_DIRS_NAME)){ + keep_empty_dirs=r.process_to_value(*vkeep_empty_dirs).as_bool(); + valid_options++; + } + if(Value* vsuppress_exception=options->get(SUPPRESS_EXCEPTION_NAME)){ + fail_on_problem=r.process_to_value(*vsuppress_exception).as_bool(); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } // unlink - file_delete(r.absolute(vfile_name.as_string())); + file_delete(r.absolute(file_name), fail_on_problem, keep_empty_dirs); } static void _move(Request& r, MethodParams& params) { Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); Value& vto_file_name=params.as_no_junction(1, "to file name must not be code"); + bool keep_empty_dirs=false; + + if(params.count()>2) + if(HashStringValue* options=params.as_hash(2)){ + int valid_options=0; + if(Value* vkeep_empty_dirs=options->get(KEEP_EMPTY_DIRS_NAME)){ + keep_empty_dirs=r.process_to_value(*vkeep_empty_dirs).as_bool(); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } // move file_move( r.absolute(vfrom_file_name.as_string()), - r.absolute(vto_file_name.as_string())); + r.absolute(vto_file_name.as_string()), + keep_empty_dirs); } -static void copy_process_source( - struct stat& , - int from_file, - const String& , const char* /*fname*/, bool, - void *context) { +static void copy_process_source(struct stat& , int from_file, const String&, void *context) { int& to_file=*static_cast(context); int nCount=0; @@ -176,7 +210,7 @@ static void copy_process_source( static void copy_open_target(int f, void *from_spec) { String& file_spec=*static_cast(from_spec); file_read_action_under_lock(file_spec, "copy", copy_process_source, &f); -}; +} static void _copy(Request& r, MethodParams& params) { Value& vfrom_file_name=params.as_no_junction(0, "from file name must not be code"); @@ -200,14 +234,14 @@ static void _load_pass_param( } static void _load(Request& r, MethodParams& params) { - bool as_text=is_text_mode(params.as_no_junction(0, MODE_MUST_NOT_BE_CODE).as_string()); - const String& lfile_name=r.absolute(params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()); + bool as_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); + const String& lfile_name=r.absolute(params.as_string(1, FILE_NAME_MUST_NOT_BE_CODE)); size_t param_index=params.count()-1; - Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "filename or options must not be code"):0; + Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "file name or options must not be code"):0; HashStringValue* options=0; - const char *user_file_name=0; + const String* user_file_name=0; if(param_value){ options=param_value->get_hash(); @@ -216,11 +250,11 @@ static void _load(Request& r, MethodPara if(param_index>1){ const String& luser_file_name=params.as_string(param_index, FILE_NAME_MUST_BE_STRING); if(!luser_file_name.is_empty()) - user_file_name=luser_file_name.cstr(String::L_FILE_SPEC); + user_file_name=&luser_file_name; } } if(!user_file_name) - user_file_name=lfile_name.cstr(String::L_FILE_SPEC); + user_file_name=&lfile_name; size_t offset=0; size_t limit=0; @@ -244,11 +278,9 @@ static void _load(Request& r, MethodPara if(Value* remote_content_type=file.headers->get(HTTP_CONTENT_TYPE_UPPER)) vcontent_type=new VString(*new String(remote_content_type->as_string().cstr())); } - if(!vcontent_type) - vcontent_type=new VString(r.mime_type_of(user_file_name)); - + VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, file.str, file.length, user_file_name, vcontent_type); + self.set(true/*tainted*/, as_text, file.str, file.length, user_file_name, vcontent_type, &r); if(file.headers){ file.headers->for_each(_load_pass_param, &self.fields()); @@ -259,36 +291,79 @@ static void _load(Request& r, MethodPara file_stat(lfile_name, size, atime, mtime, ctime); HashStringValue& ff=self.fields(); - ff.put(adate_name, new VDate(atime)); - ff.put(mdate_name, new VDate(mtime)); - ff.put(cdate_name, new VDate(ctime)); + ff.put(adate_name, new VDate((pa_time_t)atime)); + ff.put(mdate_name, new VDate((pa_time_t)mtime)); + ff.put(cdate_name, new VDate((pa_time_t)ctime)); } - } static void _create(Request& r, MethodParams& params) { - Value& vmode_name=params.as_no_junction(0, MODE_MUST_NOT_BE_CODE); - if(!is_text_mode(vmode_name.as_string())) - throw Exception(PARSER_RUNTIME, - 0, - "only text mode is currently supported"); - - const char* user_file_name_cstr=r.absolute( - params.as_no_junction(1, FILE_NAME_MUST_NOT_BE_CODE).as_string()).cstr(String::L_FILE_SPEC); + const String* mode=0; + const String* file_name=0; + bool is_text=true; + + // new format: ^file::create[string-or-file-content[;$.mode[text|binary] $.name[...] $.content-type[...] $.charset[...] ]] + size_t content_index=0; + size_t options_index=1; + bool extended_options=true; + + if(params.count()>=3){ + // old format: ^file::create[text|binary;file-name;string-or-file-content[;options]] + mode=¶ms.as_string(0, MODE_MUST_NOT_BE_CODE); + is_text=VFile::is_text_mode(*mode); + file_name=¶ms.as_string(1, FILE_NAME_MUST_NOT_BE_CODE); + content_index=2; + options_index=3; + extended_options=false; + } + + VString* vcontent_type=0; + Charset* asked_charset=0; + if(params.count()>options_index) + if(HashStringValue* options=params.as_hash(options_index)) { + int valid_options=0; + if(extended_options) { + if(Value* vmode=options->get(MODE_NAME)) { + mode=&vmode->as_string(); + is_text=VFile::is_text_mode(*mode); + valid_options++; + } + if(Value* vfile_name=options->get(NAME_NAME)) { + file_name=&vfile_name->as_string(); + valid_options++; + } + } + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { + asked_charset=&::charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); + valid_options++; + } + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } - const String& content=params.as_string(2, "content must be string"); - const char* content_cstr=content.cstr(String::L_UNSPECIFIED); // explode content, honor tainting changes + Value& vcontent=params.as_no_junction(content_index, "content must be string or file"); - VString* vcontent_type=new VString(r.mime_type_of(user_file_name_cstr)); - VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, content_cstr, strlen(content_cstr), user_file_name_cstr, vcontent_type); + + if(const String* content_str=vcontent.get_string()){ + String::Body body=content_str->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes + if(asked_charset && is_text) + body=Charset::transcode(body, r.charsets.source(), *asked_charset); + self.set(true/*tainted*/, is_text, body.cstrm(), body.length(), file_name, vcontent_type, &r); + } else { + if(asked_charset) + throw Exception(PARSER_RUNTIME, 0, "charset option can not be used with file-content"); + self.set(*vcontent.as_vfile(String::L_AS_IS), mode != 0, is_text, file_name, vcontent_type, &r); + } + } static void _stat(Request& r, MethodParams& params) { - Value& vfile_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); - - const String& lfile_name=vfile_name.as_string(); + const String& lfile_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); size_t size; time_t atime, mtime, ctime; @@ -296,23 +371,22 @@ static void _stat(Request& r, MethodPara size, atime, mtime, ctime); - const char* user_file_name=lfile_name.cstr(String::L_FILE_SPEC); - VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, 0/*no bytes*/, size, user_file_name, new VString(r.mime_type_of(user_file_name))); + self.set_binary(true/*tainted*/, 0/*no bytes*/, size, &lfile_name, 0, &r); HashStringValue& ff=self.fields(); - ff.put(adate_name, new VDate(atime)); - ff.put(mdate_name, new VDate(mtime)); - ff.put(cdate_name, new VDate(ctime)); + ff.put(adate_name, new VDate((pa_time_t)atime)); + ff.put(mdate_name, new VDate((pa_time_t)mtime)); + ff.put(cdate_name, new VDate((pa_time_t)ctime)); } static bool is_safe_env_key(const char* key) { for(const char* validator=key; *validator; validator++) { char c=*validator; - if(!(c>='A' && c<='Z' || c>='0' && c<='9' || c=='_' || c=='-')) + if(!( (c>='A' && c<='Z') || (c>='0' && c<='9') || (c=='_' || c=='-') )) return false; } +#ifdef PA_SAFE_MODE if(strncasecmp(key, "HTTP_", 5)==0) return true; if(strncasecmp(key, "CGI_", 4)==0) @@ -322,6 +396,9 @@ static bool is_safe_env_key(const char* return true; } return false; +#else + return true; +#endif } #ifndef DOXYGEN struct Append_env_pair_info { @@ -343,7 +420,7 @@ static void append_env_pair( throw Exception(PARSER_RUNTIME, new String(akey, String::L_TAINTED), "not safe environment variable"); - info->env->put(akey, avalue->as_string().cstr_to_string_body(String::L_UNSPECIFIED, 0, info->charsets)); + info->env->put(akey, avalue->as_string().cstr_to_string_body_untaint(String::L_AS_IS, 0, info->charsets)); } } #ifndef DOXYGEN @@ -368,53 +445,34 @@ static void pass_cgi_header_attribute( } static void append_to_argv(Request& r, ArrayString& argv, const String* str){ - if( str->length() ){ - argv+=new String(str->cstr_to_string_body(String::L_UNSPECIFIED, 0, &r.charsets), String::L_AS_IS); - } + if(!str->is_empty()) + argv+=new String(str->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets), String::L_AS_IS); } /// @todo fix `` in perl - they produced flipping consoles and no output to perl -static void _exec_cgi(Request& r, MethodParams& params, - bool cgi) { - - Value& first_param=params.as_no_junction(0, FIRST_ARG_MUST_NOT_BE_CODE); - - bool is_mode_specified=is_valid_mode(first_param.as_string()); - const String& mode_name=(is_mode_specified) ? first_param.as_string() : *new String(TEXT_MODE_NAME); - - size_t param_index=1; - if(!is_mode_specified){ - --param_index; +static void _exec_cgi(Request& r, MethodParams& params, bool cgi) { + bool is_text=true; + size_t param_index=0; + const String& mode=params.as_string(0, FIRST_ARG_MUST_NOT_BE_CODE); + if(VFile::is_valid_mode(mode)) { + is_text=VFile::is_text_mode(mode); + param_index++; } if(param_index>=params.count()) - throw Exception(PARSER_RUNTIME, - 0, - "file name must be specified"); - + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); - Value& vfile_name=params.as_no_junction(param_index++, FILE_NAME_MUST_NOT_BE_CODE); - - const String& script_name=r.absolute(vfile_name.as_string()); + const String& script_name=r.absolute(params.as_string(param_index++, FILE_NAME_MUST_NOT_BE_CODE)); HashStringString env; - #define ECSTR(name, value_cstr) \ - if(value_cstr) \ - env.put( \ - String::Body(#name), \ - String::Body(value_cstr, 0)); \ - // passing SAPI::environment - if(const char *const *pairs=SAPI::environment(r.sapi_info)) { - while(const char* pair=*pairs++) - if(const char* eq_at=strchr(pair, '=')) - if(eq_at[1]) // has value - env.put( - pa_strdup(pair, eq_at-pair), - pa_strdup(eq_at+1, 0)); - } + #define ECSTR(name, value_cstr) if(value_cstr) env.put(#name, value_cstr); + // passing environment + for(SAPI::Env::Iterator i(r.sapi_info); i; i.next() ) + env.put(i.key(), i.value() ); // const ECSTR(GATEWAY_INTERFACE, "CGI/1.1"); + ECSTR(PARSER_VERSION, PARSER_VERSION); // from Request.info ECSTR(DOCUMENT_ROOT, r.request_info.document_root); ECSTR(PATH_TRANSLATED, r.request_info.path_translated); @@ -422,21 +480,15 @@ static void _exec_cgi(Request& r, Method ECSTR(QUERY_STRING, r.request_info.query_string); ECSTR(REQUEST_URI, r.request_info.uri); ECSTR(CONTENT_TYPE, r.request_info.content_type); - char content_length_cstr[MAX_NUMBER]; - snprintf(content_length_cstr, MAX_NUMBER, "%u", r.request_info.content_length); - //String content_length(content_length_cstr); - ECSTR(CONTENT_LENGTH, content_length_cstr); + ECSTR(CONTENT_LENGTH, format(r.request_info.content_length, "%u")); // SCRIPT_* - env.put(String::Body("SCRIPT_NAME"), script_name); - //env.put(String::Body("SCRIPT_FILENAME"), ??&script_name); + env.put("SCRIPT_NAME", script_name); - bool stdin_specified=false; // environment & stdin from param String *in=new String(); Charset *charset=0; // default script works raw_in 'source' charset = no transcoding needed if(param_index < params.count()) { - Value& venv=params.as_no_junction(param_index++, "env must not be code"); - if(HashStringValue* user_env=venv.get_hash()) { + if(HashStringValue* user_env=params.as_hash(param_index++, "env")) { // $.charset [previewing to handle URI pieces] if(Value* vcharset=user_env->get(CHARSET_EXEC_PARAM_NAME)) charset=&charsets.get(vcharset->as_string() @@ -452,11 +504,11 @@ static void _exec_cgi(Request& r, Method } // $.stdin if(info.vstdin) { - stdin_specified=true; if(const String* sstdin=info.vstdin->get_string()) { - in->append(*sstdin, String::L_CLEAN, true); + // untaint stdin + in = new String(sstdin->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets), String::L_AS_IS); } else - if(VFile* vfile=static_cast(info.vstdin->as("file", false))) + if(VFile* vfile=static_cast(info.vstdin->as("file"))) in->append_know_length((const char* )vfile->value_ptr(), vfile->value_size(), String::L_TAINTED); else throw Exception(PARSER_RUNTIME, @@ -470,7 +522,6 @@ static void _exec_cgi(Request& r, Method ArrayString argv; if(param_index < params.count()) { // influence tainting - // main target -- URLencoding of tainted pieces to String::L_URI lang Temp_client_charset temp(r.charsets, charset? *charset: r.charsets.source()); for(size_t i=param_index; ilength && is_text_mode(mode_name)){ + if(file_out->length && is_text){ fix_line_breaks(file_out->str, file_out->length); // treat output as string - String *real_out = new String(file_out->str, file_out->length); + String *real_out = new String(file_out->str); // transcode out if necessary if(charset) @@ -556,8 +607,8 @@ static void _exec_cgi(Request& r, Method "output does not contain CGI header; " "exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", execution.status, - (size_t)file_out->length, (file_out->length) ? (file_out->str) : "", - (size_t)real_err->length(), real_err->cstr()); + file_out->length, (file_out->length) ? (file_out->str) : "", + real_err->length(), real_err->cstr()); break; //never reached } @@ -573,16 +624,16 @@ static void _exec_cgi(Request& r, Method } file_out->str[header_break_pos] = 0; - String *header=new String(file_out->str, header_break_pos); + String *header=new String(file_out->str); unsigned long headersize = header_break_pos+eol_marker_size*2; file_out->str += headersize; file_out->length -= headersize; // $body - self.set(false/*not tainted*/, file_out->str, file_out->length); + self.set(false/*not tainted*/, is_text, file_out->str, file_out->length); // $fields << header - if(header && eol_marker) { + if(header) { ArrayString rows; size_t pos_after=0; header->split(rows, pos_after, eol_marker); @@ -595,17 +646,15 @@ static void _exec_cgi(Request& r, Method } } else { // ^file::exec // $body - self.set(false/*not tainted*/, file_out->str, file_out->length); + self.set(false/*not tainted*/, is_text, file_out->str, file_out->length); } // $status self.fields().put(file_status_name, new VInt(execution.status)); // $stderr - if(real_err->length()) - self.fields().put( - String::Body("stderr"), - new VString(*real_err)); + if(!real_err->is_empty()) + self.fields().put("stderr", new VString(*real_err)); } static void _exec(Request& r, MethodParams& params) { _exec_cgi(r, params, false); @@ -617,26 +666,49 @@ static void _cgi(Request& r, MethodParam static void _list(Request& r, MethodParams& params) { Value& relative_path=params.as_no_junction(0, "path must not be code"); - VRegex* vregex; + bool stat=false; + VRegex* vregex=0; VRegexCleaner vrcleaner; + if(params.count()>1){ - Value& regexp=params.as_no_junction(1, "regexp must not be code"); - if(Value* value=regexp.as(VREGEX_TYPE, false)){ - vregex=static_cast(value); - } else { - vregex=new VRegex(r.charsets.source(), ®exp.as_string(), 0/*options*/); - vrcleaner.vregex=vregex; + Value& voption=params.as_no_junction(1, "option must not be code"); + if(voption.is_defined()) { + Value* vfilter=0; + if(HashStringValue* options=voption.get_hash()) { + int valid_options=0; + if(Value* vstat=options->get("stat")) { + stat=r.process_to_value(*vstat).as_bool(); + valid_options++; + } + if(Value* value=options->get("filter")) { + vfilter=value; + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } else { + vfilter=&voption; + } + if(vfilter) { + if(Value* value=vfilter->as(VREGEX_TYPE)) { + vregex=static_cast(value); + } else if(vfilter->is_string()) { + if(!vfilter->get_string()->trim().is_empty()) { + vregex=new VRegex(r.charsets.source(), &vfilter->as_string(), 0/*options*/); + vregex->study(); + vrcleaner.vregex=vregex; + } + } else { + throw Exception(PARSER_RUNTIME, 0, "filter must be regex or string"); + } + } } - vregex->study(); - } else { - vregex=0; } - const char* absolute_path_cstr=r.absolute(relative_path.as_string()).cstr(String::L_FILE_SPEC); + const char* absolute_path_cstr=r.absolute(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC); - Table::columns_type columns(new ArrayString); - *columns+=new String("name"); - Table& table=*new Table(columns); + Table::Action_options table_options; + Table& table=*new Table(file_list_table_template, table_options); const int ovector_size=(1/*match*/)*3; int ovector[ovector_size]; @@ -647,7 +719,14 @@ static void _list(Request& r, MethodPara if(!vregex || vregex->exec(ffblk.ff_name, file_name_size, ovector, ovector_size)>=0) { Table::element_type row(new ArrayString); - *row+=new String(pa_strdup(file_name_cstr, file_name_size), file_name_size, true/*tainted*/); + *row+=new String(pa_strdup(file_name_cstr, file_name_size), String::L_TAINTED); + *row+=new String(String::Body::Format(ffblk.is_dir(stat) ? 1 : 0), String::L_CLEAN); + if(stat) { + *row+=VDouble(ffblk.size()).get_string(); + *row+=new String(String::Body::Format((int)ffblk.c_timestamp()), String::L_CLEAN); + *row+=new String(String::Body::Format((int)ffblk.m_timestamp()), String::L_CLEAN); + *row+=new String(String::Body::Format((int)ffblk.a_timestamp()), String::L_CLEAN); + } table+=row; } ); @@ -662,11 +741,13 @@ struct Lock_execute_body_info { Value* body_code; }; #endif + static void lock_execute_body(int , void *ainfo) { Lock_execute_body_info& info=*static_cast(ainfo); // execute body info.r->write_assign_lang(info.r->process(*info.body_code)); -}; +} + static void _lock(Request& r, MethodParams& params) { const String& file_spec=r.absolute(params.as_string(0, FILE_NAME_MUST_BE_STRING)); Lock_execute_body_info info={ @@ -681,23 +762,21 @@ static void _lock(Request& r, MethodPara &info); } -static int lastposafter(const String& s, size_t after, const char* substr, size_t substr_size, bool beforelast=false) { - size_t size=0; // just to calm down compiler - if(beforelast) - size=s.length(); - size_t at; - while((at=s.pos(String::Body(substr, substr_size), after))!=STRING_NOT_FOUND) { - size_t newafter=at+substr_size/*skip substr*/; - if(beforelast && newafter==size) - break; - after=newafter; - } +static size_t afterlastslash(const String& str) { + size_t pos=str.strrpbrk("/\\"); + return pos!=STRING_NOT_FOUND?pos+1:0; +} - return after; +static size_t afterlastslash(const String& str, size_t right) { + size_t pos=str.strrpbrk("/\\", 0, right); + return pos!=STRING_NOT_FOUND?pos+1:0; } static void _find(Request& r, MethodParams& params) { - const String& file_name=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE).as_string(); + const String& file_name=params.as_string(0, FILE_NAME_MUST_NOT_BE_CODE); + + Value* not_found_code=(params.count()==2)?¶ms.as_junction(1, "not-found param must be code"):0; + const String* file_spec; if(file_name.first_char()=='/') file_spec=&file_name; @@ -711,59 +790,108 @@ static void _find(Request& r, MethodPara } // monkey way - int after_base_slash=lastposafter(*file_spec, 0, "/", 1); - const String* dirname=&file_spec->mid(0, after_base_slash); - const String& basename=file_spec->mid(after_base_slash, file_spec->length()); - - int after_monkey_slash; - while((after_monkey_slash=lastposafter(*dirname, 0, "/", 1, true))>0) { + size_t last_slash=file_spec->strrpbrk("/\\"); + const String& dirname=file_spec->mid(0, last_slash!=STRING_NOT_FOUND?last_slash:0); + const String& basename=file_spec->mid(last_slash!=STRING_NOT_FOUND?last_slash+1:0, file_spec->length()); + + size_t rpos=dirname.is_empty()?0:dirname.length()-1; + while((rpos=dirname.rskipchars("/\\", 0, rpos))!=STRING_NOT_FOUND){ + size_t slash=dirname.strrpbrk("/\\", 0, rpos); + if(slash==STRING_NOT_FOUND) + break; String test_name; - test_name<<*(dirname=&dirname->mid(0, after_monkey_slash)); - test_name< . + // / > / + // /a > / + // /a/ > / // /a/some.tar.gz > /a - // /a/b/ > /a - int afterslash=lastposafter(file_spec, 0, "/", 1, true); - if(afterslash>0) - r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); - else - r.write_assign_lang(String(".", 1)); + // /a/b/ > /a + // /a///b/ > /a + // /a/b/// > /a + // file > . + + if(file_spec.is_empty()) { + r.write_assign_lang(String(".")); + return; + } + + size_t p; + size_t slash; + if((p=file_spec.rskipchars("/\\"))==STRING_NOT_FOUND) + r.write_assign_lang(String("/")); + else { + if((slash=file_spec.strrpbrk("/\\", 0, p))!=STRING_NOT_FOUND) { + if((p=file_spec.rskipchars("/\\", 0, slash))==STRING_NOT_FOUND) + p=slash; + r.write_assign_lang(file_spec.mid(0, p+1)); + return; + } + r.write_assign_lang(String(".")); + } } static void _basename(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); + // works as *nix basename + + // empty > . + // / > / + // /a > a + // /a/ > a // /a/some.tar.gz > some.tar.gz - int afterslash=lastposafter(file_spec, 0, "/", 1); - r.write_assign_lang(file_spec.mid(afterslash, file_spec.length())); + // /a/b/ > b + // /a///b/ > b + // /a/b/// > b + // file > file + + if(file_spec.is_empty()) { + r.write_assign_lang(String(".")); + return; + } + + size_t p=file_spec.rskipchars("/\\"); + if(p==STRING_NOT_FOUND) + r.write_assign_lang(String("/")); + else + r.write_assign_lang(file_spec.mid(afterlastslash(file_spec, p), p+1)); } static void _justname(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); // /a/some.tar.gz > some.tar - int afterslash=lastposafter(file_spec, 0, "/", 1); - int afterdot=lastposafter(file_spec, afterslash, ".", 1); - r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.length())); + // /a/b.c/ > empty + // /a/b.c > b + size_t pos=afterlastslash(file_spec); + size_t dotpos=file_spec.strrpbrk(".", pos); + r.write_assign_lang(file_spec.mid(pos, dotpos!=STRING_NOT_FOUND?dotpos:file_spec.length())); } + static void _justext(Request& r, MethodParams& params) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); // /a/some.tar.gz > gz - int afterdot=lastposafter(file_spec, 0, ".", 1); - if(afterdot>0) - r.write_assign_lang(file_spec.mid(afterdot, file_spec.length())); + // /a/b.c/ > empty + size_t pos=afterlastslash(file_spec); + size_t dotpos=file_spec.strrpbrk(".", pos); + if(dotpos!=STRING_NOT_FOUND) + r.write_assign_lang(file_spec.mid(dotpos+1, file_spec.length())); } static void _fullpath(Request& r, MethodParams& params) { @@ -828,14 +956,14 @@ public: break; case 1: if(!user_file_name) // user not specified? - user_file_name=new String(str, length, true); + user_file_name=new String(str, String::L_TAINTED); break; case 2: if(!user_content_type) // user not specified? - user_content_type=new String(str, length, true); + user_content_type=new String(str, String::L_TAINTED); break; default: - error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three rows"); + error=SQL_Error(PARSER_RUNTIME, "result must not contain more then one row, three columns"); return true; } return false; @@ -851,15 +979,15 @@ static void _sql(Request& r, MethodParam Temp_lang temp_lang(r, String::L_SQL); const String& statement_string=r.process_to_string(statement); - const char* statement_cstr= - statement_string.cstr(String::L_UNSPECIFIED, r.connection()); + const char* statement_cstr=statement_string.untaint_cstr(r.flang, r.connection()); + File_sql_event_handlers handlers(statement_string, statement_cstr); ulong limit=SQL_NO_LIMIT; ulong offset=0; if(params.count()>1) - if(HashStringValue* options=params.as_no_junction(1, PARAM_MUST_NOT_BE_CODE).get_hash()){ + if(HashStringValue* options=params.as_hash(1, "sql options")) { int valid_options=0; if(Value* vfilename=options->get(NAME_NAME)) { valid_options++; @@ -878,9 +1006,7 @@ static void _sql(Request& r, MethodParam offset=(ulong)r.process_to_value(*voffset).as_double(); } if(valid_options!=options->count()) - throw Exception(PARSER_RUNTIME, - 0, - "called with invalid option"); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } @@ -891,44 +1017,75 @@ static void _sql(Request& r, MethodParam handlers, statement_string); - if(!handlers.value) - throw Exception(PARSER_RUNTIME, - 0, - "produced no result"); - - const char* user_file_name_cstr=handlers.user_file_name? handlers.user_file_name->cstr(): 0; - - VString* vcontent_type=handlers.user_content_type? - new VString(*handlers.user_content_type) - : user_file_name_cstr? - new VString(r.mime_type_of(user_file_name_cstr)) - : 0; + if(!handlers.value.str) + throw Exception(PARSER_RUNTIME, 0, "produced no result"); + VFile& self=GET_SELF(r, VFile); - self.set(true/*tainted*/, handlers.value.str, handlers.value.length, user_file_name_cstr, vcontent_type); + + self.set_binary(true/*tainted*/, handlers.value.str, handlers.value.length, handlers.user_file_name + , handlers.user_content_type ? new VString(*handlers.user_content_type) : 0 + , &r); } static void _base64(Request& r, MethodParams& params) { - bool dynamic = !(&r.get_self() == file_class); - if(dynamic){ + bool dynamic=!(&r.get_self() == file_class); + if(dynamic) { VFile& self=GET_SELF(r, VFile); if(params.count()) { - // decode: ^file::base64[encoded] - const char* cstr=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded[;$.content-type[...] $.strict(true|false)]] + bool is_text=false; + bool strict=false; + VString* vcontent_type=0; + const String* user_file_name=0; + size_t param_index=0; + + if(params.count() > 1) { + if(params.count() < 3) + throw Exception(PARSER_RUNTIME, + 0, + "constructor can not have less then 3 parameters (has %d parameters)", + params.count()); // actually it accepts 1 parameter (backward) + + is_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); + user_file_name=¶ms.as_string(1, FILE_NAME_MUST_BE_STRING); + + if(params.count() == 4) + if(HashStringValue* options=params.as_hash(3)) { + int valid_options=0; + if(Value* value=options->get(CONTENT_TYPE_NAME)) { + vcontent_type=new VString(value->as_string()); + valid_options++; + } + if(Value* vstrict=options->get(BASE64_STRICT_OPTION_NAME)) { + strict=r.process_to_value(*vstrict).as_bool(); + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + + param_index=2; + } + + const char* encoded=params.as_string(param_index, PARAMETER_MUST_BE_STRING).cstr(); + char* decoded=0; size_t length=0; - pa_base64_decode(cstr, strlen(cstr), decoded, length); - if(decoded && length) - self.set(true/*tainted*/, decoded, length); + pa_base64_decode(encoded, strlen(encoded), decoded, length, strict); + + self.set(true/*tainted*/, is_text, decoded, length, user_file_name, vcontent_type, &r); } else { // encode: ^f.base64[] const char* encoded=pa_base64_encode(self.value_ptr(), self.value_size()); - r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed**/)); + r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed**/)); } } else { // encode: ^file:base64[filespec] const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); const char* encoded=pa_base64_encode(r.absolute(file_spec)); - r.write_assign_lang(*new String(encoded, 0, true/*tainted. once ?param=base64(something) was needed*/)); + r.write_assign_lang(*new String(encoded, String::L_TAINTED/*once ?param=base64(something) was needed*/)); } } @@ -940,9 +1097,7 @@ static void _crc32(Request& r, MethodPar const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); crc32=pa_crc32(r.absolute(file_spec)); } else { - throw Exception(PARSER_RUNTIME, - 0, - "file name must be defined"); + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); } } else { // ^file.crc32[] @@ -953,11 +1108,7 @@ static void _crc32(Request& r, MethodPar } -static void file_md5_file_action( - struct stat& finfo, - int f, - const String& , const char* /*fname*/, bool, - void *context) +static void file_md5_file_action(struct stat& finfo, int f, const String&, void *context) { PA_MD5_CTX& md5context=*static_cast(context); if(finfo.st_size) { @@ -1002,9 +1153,7 @@ static void _md5(Request& r, MethodParam const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); md5=pa_md5(r.absolute(file_spec)); } else { - throw Exception(PARSER_RUNTIME, - 0, - "file name must be defined"); + throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); } } else { // ^file.md5[] @@ -1018,21 +1167,26 @@ static void _md5(Request& r, MethodParam // constructor MFile::MFile(): Methoded("file") { - // ^file::create[text;user-name;string] - // ^file::create[binary;user-name;SOMEDAY SOMETHING] - add_native_method("create", Method::CT_DYNAMIC, _create, 3, 3); + // ^file::create[text|binary;file-name;string-or-file[;options hash]] + // ^file::create[string-or-file[;options hash]] + add_native_method("create", Method::CT_DYNAMIC, _create, 1, 4); // ^file.save[mode;file-name] - add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); + // ^file.save[mode;file-name;$.charset[...]] + add_native_method("save", Method::CT_DYNAMIC, _save, 2, 3); // ^file:delete[file-name] - add_native_method("delete", Method::CT_STATIC, _delete, 1, 1); + // ^file:delete[file-name;$.keep-empty-dir(true)$.exception(false)] + add_native_method("delete", Method::CT_STATIC, _delete, 1, 2); // ^file:move[from-file-name;to-file-name] - add_native_method("move", Method::CT_STATIC, _move, 2, 2); + // ^file:move[from-file-name;to-file-name;$.keep-empty-dir(true)] + add_native_method("move", Method::CT_STATIC, _move, 2, 3); // ^file::load[mode;disk-name] // ^file::load[mode;disk-name;user-name] + // ^file::load[mode;disk-name;user-name;options hash] + // ^file::load[mode;disk-name;options hash] add_native_method("load", Method::CT_DYNAMIC, _load, 2, 4); // ^file::stat[disk-name] @@ -1050,6 +1204,7 @@ MFile::MFile(): Methoded("file") { // ^file:list[path] // ^file:list[path][regexp] + // ^file:list[path][$.filter[regexp] $.stat(true)] add_native_method("list", Method::CT_STATIC, _list, 1, 2); // ^file:lock[path]{code} @@ -1059,28 +1214,33 @@ MFile::MFile(): Methoded("file") { // ^file:find[file-name]{when-not-found} add_native_method("find", Method::CT_STATIC, _find, 1, 2); - // ^file:dirname[/a/some.tar.gz]=/a + // ^file:dirname[/a/some.tar.gz]=/a // ^file:dirname[/a/b/]=/a add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1); - // ^file:basename[/a/some.tar.gz]=some.tar.gz - add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); - // ^file:justname[/a/some.tar.gz]=some.tar + // ^file:basename[/a/some.tar.gz]=some.tar.gz + add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); + // ^file:justname[/a/some.tar.gz]=some.tar add_native_method("justname", Method::CT_STATIC, _justname, 1, 1); - // ^file:justext[/a/some.tar.gz]=gz + // ^file:justext[/a/some.tar.gz]=gz add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); - // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif + // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif add_native_method("fullpath", Method::CT_STATIC, _fullpath, 1, 1); - // ^file.sql-string[] + // ^file.sql-string[] add_native_method("sql-string", Method::CT_DYNAMIC, _sql_string, 0, 0); - // ^file::sql[[alt_name]]{} + // ^file::sql{} + // ^file::sql{}[options hash] add_native_method("sql", Method::CT_DYNAMIC, _sql, 1, 2); - // ^file::base64[string] << decode - // ^file.base64[] << encode - // ^file:base64[file-name] << encode - add_native_method("base64", Method::CT_ANY, _base64, 0, 1); + // encode: + // ^file.base64[] + // ^file:base64[file-name] + // decode: + // ^file::base64[encoded] // backward + // ^file::base64[mode;user-file-name;encoded] + // ^file::base64[mode;user-file-name;encoded;$.content-type[...]] + add_native_method("base64", Method::CT_ANY, _base64, 0, 4); // ^file.crc32[] // ^file:crc32[file-name]