--- parser3/src/classes/file.C 2019/11/23 23:48:40 1.271 +++ parser3/src/classes/file.C 2024/09/28 14:02:25 1.280 @@ -1,8 +1,8 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001-2017 Art. Lebedev Studio (http://www.artlebedev.com) - Author: Alexandr Petrosian (http://paf.design.ru) + Copyright (c) 2001-2023 Art. Lebedev Studio (http://www.artlebedev.com) + Authors: Konstantin Morshnev , Alexandr Petrosian */ #include "pa_config_includes.h" @@ -26,7 +26,7 @@ #include "pa_vregex.h" #include "pa_version.h" -volatile const char * IDENT_FILE_C="$Id: file.C,v 1.271 2019/11/23 23:48:40 moko Exp $"; +volatile const char * IDENT_FILE_C="$Id: file.C,v 1.280 2024/09/28 14:02:25 moko Exp $"; // defines @@ -143,7 +143,7 @@ static void _save(Request& r, MethodPara } // save - GET_SELF(r, VFile).save(r.charsets, r.absolute(vfile_name.as_string()), is_text, asked_charset); + GET_SELF(r, VFile).save(r.charsets, r.full_disk_path(vfile_name.as_string()), is_text, asked_charset); } static void _delete(Request& r, MethodParams& params) { @@ -167,7 +167,7 @@ static void _delete(Request& r, MethodPa } // unlink - file_delete(r.absolute(file_name), fail_on_problem, keep_empty_dirs); + file_delete(r.full_disk_path(file_name), fail_on_problem, keep_empty_dirs); } static void _move(Request& r, MethodParams& params) { @@ -188,8 +188,8 @@ static void _move(Request& r, MethodPara // move file_move( - r.absolute(vfrom_file_name.as_string()), - r.absolute(vto_file_name.as_string()), + r.full_disk_path(vfrom_file_name.as_string()), + r.full_disk_path(vto_file_name.as_string()), keep_empty_dirs); } @@ -230,8 +230,8 @@ static void _copy(Request& r, MethodPara throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } - String from_spec = r.absolute(vfrom_file_name.as_string()); - const String& to_spec = r.absolute(vto_file_name.as_string()); + String from_spec = r.full_disk_path(vfrom_file_name.as_string()); + const String& to_spec = r.full_disk_path(vto_file_name.as_string()); file_write_action_under_lock( to_spec, @@ -251,7 +251,7 @@ static void _load_pass_param( static void _load(Request& r, MethodParams& params) { bool as_text=VFile::is_text_mode(params.as_string(0, MODE_MUST_NOT_BE_CODE)); - const String& lfile_name=r.absolute(params.as_string(1, FILE_NAME_MUST_NOT_BE_CODE)); + const String& lfile_name=r.full_disk_path(params.as_string(1, FILE_NAME_MUST_NOT_BE_CODE)); size_t param_index=params.count()-1; Value* param_value=param_index>1?¶ms.as_no_junction(param_index, "file name or options must not be code"):0; @@ -365,7 +365,7 @@ static void _create(Request& r, MethodPa String::Body body=content_str->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes self.set(true/*tainted*/, is_text, body.cstrm(), body.length(), file_name, vcontent_type, &r); } else { - VFile& fcontent=*vcontent.as_vfile(String::L_AS_IS); // can't be null + VFile& fcontent=*vcontent.as_vfile(); // can't be null if(mode){ self.set(fcontent, &is_text, file_name, vcontent_type, &r); if(is_text && !fcontent.is_text_mode()) @@ -388,7 +388,7 @@ static void _stat(Request& r, MethodPara uint64_t size; time_t atime, mtime, ctime; - file_stat(r.absolute(lfile_name), size, atime, mtime, ctime); + file_stat(r.full_disk_path(lfile_name), size, atime, mtime, ctime); VFile& self=GET_SELF(r, VFile); @@ -482,7 +482,7 @@ static void _exec_cgi(Request& r, Method if(param_index>=params.count()) throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); - const String& script_name=r.absolute(params.as_string(param_index++, FILE_NAME_MUST_NOT_BE_CODE)); + const String& script_name=r.full_disk_path(params.as_string(param_index++, FILE_NAME_MUST_NOT_BE_CODE)); HashStringString env; #define ECSTR(name, value_cstr) if(value_cstr) env.put(#name, value_cstr); @@ -528,7 +528,7 @@ static void _exec_cgi(Request& r, Method // untaint stdin in = String::C(sstdin->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets)); } else - if(VFile* vfile=static_cast(info.vstdin->as("file"))){ + if(VFile* vfile=dynamic_cast(info.vstdin)){ in = String::C((const char* )vfile->value_ptr(), vfile->value_size()); in_is_text_mode = vfile->is_text_mode(); } else @@ -706,8 +706,8 @@ static void _list(Request& r, MethodPara vfilter=&voption; } if(vfilter) { - if(Value* value=vfilter->as(VREGEX_TYPE)) { - vregex=static_cast(value); + if(VRegex* value=dynamic_cast(vfilter)) { + vregex=value; } else if(vfilter->is_string()) { if(!vfilter->get_string()->trim().is_empty()) { vregex=new VRegex(r.charsets.source(), &vfilter->as_string(), 0/*options*/); @@ -721,7 +721,7 @@ static void _list(Request& r, MethodPara } } - const char* absolute_path_cstr=r.absolute(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC); + const char* absolute_path_cstr=r.full_disk_path(relative_path.as_string()).taint_cstr(String::L_FILE_SPEC); Table::Action_options table_options; Table& table=*new Table(file_list_table_template, table_options); @@ -736,12 +736,12 @@ static void _list(Request& r, MethodPara if(!vregex || vregex->exec(file_name_cstr, file_name_size, ovector, ovector_size)>=0) { Table::element_type row(new ArrayString); *row+=new String(pa_strdup(file_name_cstr, file_name_size), String::L_TAINTED); - *row+=new String(String::Body::Format(ffblk.is_dir(stat) ? 1 : 0), String::L_CLEAN); + *row+=new String(ffblk.is_dir(stat) ? "1" : "0", String::L_CLEAN); if(stat) { *row+=VDouble(ffblk.size()).get_string(); - *row+=new String(String::Body::Format((int)ffblk.c_timestamp()), String::L_CLEAN); - *row+=new String(String::Body::Format((int)ffblk.m_timestamp()), String::L_CLEAN); - *row+=new String(String::Body::Format((int)ffblk.a_timestamp()), String::L_CLEAN); + *row+=new String(pa_uitoa(ffblk.c_timestamp()), String::L_CLEAN); + *row+=new String(pa_uitoa(ffblk.m_timestamp()), String::L_CLEAN); + *row+=new String(pa_uitoa(ffblk.a_timestamp()), String::L_CLEAN); } table+=row; } @@ -765,7 +765,7 @@ static void lock_execute_body(int , void } static void _lock(Request& r, MethodParams& params) { - const String& file_spec=r.absolute(params.as_string(0, FILE_NAME_MUST_BE_STRING)); + const String& file_spec=r.full_disk_path(params.as_string(0, FILE_NAME_MUST_BE_STRING)); Lock_execute_body_info info={ &r, ¶ms.as_junction(1, "body must be code") @@ -800,7 +800,7 @@ static void _find(Request& r, MethodPara file_spec=&r.relative(r.request_info.uri, file_name); // easy way - if(file_exist(r.absolute(*file_spec))) { + if(file_exist(r.full_disk_path(*file_spec))) { r.write(*file_spec); return; } @@ -818,7 +818,7 @@ static void _find(Request& r, MethodPara String test_name; test_name << dirname.mid(0, slash+1); test_name << basename; - if(file_exist(r.absolute(test_name))) { + if(file_exist(r.full_disk_path(test_name))) { r.write(test_name); return; } @@ -917,7 +917,7 @@ static void _fullpath(Request& r, Method result=&file_spec; else { // /some/page.html: ^file:fullpath[a.gif] => /some/a.gif - const String& full_disk_path=r.absolute(file_spec); + const String& full_disk_path=r.full_disk_path(file_spec); size_t document_root_length=strlen(r.request_info.document_root); if(document_root_length>0) { @@ -941,6 +941,7 @@ static void _sql_string(Request& r, Meth class File_sql_event_handlers: public SQL_Driver_query_event_handlers { int got_columns; int got_cells; + bool got_row; public: String::C value; const String* user_file_name; @@ -949,18 +950,26 @@ public: File_sql_event_handlers(): got_columns(0), got_cells(0), + got_row(false), user_file_name(0), user_content_type(0) {} bool add_column(SQL_Error& error, const char* /*str*/, size_t /*length*/) { if(got_columns++==3) { - error=SQL_Error("result must contain not more then 3 columns"); + error=SQL_Error("result must contain no more than 3 columns"); return true; } return false; } bool before_rows(SQL_Error& /*error*/ ) { /* ignore */ return false; } - bool add_row(SQL_Error& /*error*/) { /* ignore */ return false; } + bool add_row(SQL_Error& error) { + if(got_row) { + error=SQL_Error("result must contain no more than 1 row"); + return true; + } + got_row=true; + return false; + } bool add_row_cell(SQL_Error& error, const char* str, size_t length) { try { switch(got_cells++) { @@ -976,7 +985,7 @@ public: user_content_type=new String(str, String::L_TAINTED); break; default: - error=SQL_Error("result must not contain more then one row, three columns"); + error=SQL_Error("result must contain no more than 1 row and 3 columns"); return true; } return false; @@ -1107,20 +1116,25 @@ static void _base64(Request& r, MethodPa } } else { // encode: ^file:base64[filespec[;options]] + if(params.count() > 2) + throw Exception(PARSER_RUNTIME, 0, "accepts maximum 2 parameter(s) (has %d parameters)", params.count()); + const String& file_spec = params.as_string(0, FILE_NAME_MUST_BE_STRING); + File_read_result data = file_read_binary(r.full_disk_path(file_spec), true /*fail on problem*/); + Base64Options options = base64_encode_options(r, params.count() > 1 ? params.as_hash(1) : NULL); - const char* encoded = pa_base64_encode(r.absolute(file_spec), options); + const char* encoded = pa_base64_encode(data.str, data.length, options); r.write(*new String(encoded, String::L_TAINTED /*once ?param=base64(something) was needed*/ )); } } static void _crc32(Request& r, MethodParams& params) { - unsigned long crc32 = 0; + uint crc32 = 0; if(&r.get_self() == file_class) { // ^file:crc32[file-name] if(params.count()) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - crc32=pa_crc32(r.absolute(file_spec)); + crc32=pa_crc32(r.full_disk_path(file_spec)); } else { throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); } @@ -1129,7 +1143,7 @@ static void _crc32(Request& r, MethodPar VFile& self=GET_SELF(r, VFile); crc32=pa_crc32(self.value_ptr(), self.value_size()); } - r.write(*new VInt(crc32)); + r.write(*new VDouble(crc32)); } @@ -1176,7 +1190,7 @@ static void _md5(Request& r, MethodParam // ^file:md5[file-name] if(params.count()) { const String& file_spec=params.as_string(0, FILE_NAME_MUST_BE_STRING); - md5=pa_md5(r.absolute(file_spec)); + md5=pa_md5(r.full_disk_path(file_spec)); } else { throw Exception(PARSER_RUNTIME, 0, FILE_NAME_MUST_BE_SPECIFIED); }