--- parser3/src/classes/file.C 2002/04/15 13:17:03 1.78 +++ parser3/src/classes/file.C 2002/08/01 11:41:12 1.92 @@ -3,10 +3,10 @@ Copyright (c) 2001, 2002 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) - - $Id: file.C,v 1.78 2002/04/15 13:17:03 paf Exp $ */ +static const char* IDENT_FILE_C="$Date: 2002/08/01 11:41:12 $"; + #include "pa_config_includes.h" #include "pcre.h" @@ -22,13 +22,56 @@ #include "pa_vtable.h" #include "pa_charset.h" -// consts - // defines -#define FILE_CLASS_NAME "file" - #define TEXT_MODE_NAME "text" +#define STDIN_EXEC_PARAM_NAME "stdin" + +// consts + +/// from apache-1.3|src|support|suexec.c +static const char *suexec_safe_env_lst[]={ + "AUTH_TYPE", + "CONTENT_LENGTH", + "CONTENT_TYPE", + "DATE_GMT", + "DATE_LOCAL", + "DOCUMENT_NAME", + "DOCUMENT_PATH_INFO", + "DOCUMENT_ROOT", + "DOCUMENT_URI", + "FILEPATH_INFO", + "GATEWAY_INTERFACE", + "LAST_MODIFIED", + "PATH_INFO", + "PATH_TRANSLATED", + "QUERY_STRING", + "QUERY_STRING_UNESCAPED", + "REMOTE_ADDR", + "REMOTE_HOST", + "REMOTE_IDENT", + "REMOTE_PORT", + "REMOTE_USER", + "REDIRECT_QUERY_STRING", + "REDIRECT_STATUS", + "REDIRECT_URL", + "REQUEST_METHOD", + "REQUEST_URI", + "SCRIPT_FILENAME", + "SCRIPT_NAME", + "SCRIPT_URI", + "SCRIPT_URL", + "SERVER_ADMIN", + "SERVER_NAME", + "SERVER_ADDR", + "SERVER_PORT", + "SERVER_PROTOCOL", + "SERVER_SOFTWARE", + "UNIQUE_ID", + "USER_NAME", + "TZ", + NULL +}; // class @@ -45,10 +88,6 @@ public: }; -// consts - -const int FIND_MONKEY_MAX_HOPS=10; - // methods static void _save(Request& r, const String&, MethodParams *params) { @@ -77,37 +116,6 @@ static void _move(Request& r, const Stri r.absolute(vto_file_name.as_string())); } -static void _find(Request& r, const String& method_name, MethodParams *params) { - Pool& pool=r.pool(); - Value& vfile_name=params->as_no_junction(0, "file name must not be code"); - - const String &lfile_name=vfile_name.as_string(); - - // passed file name simply exists in current dir - if(file_readable(r.absolute(lfile_name))) { - r.write_no_lang(lfile_name); - return; - } - - // scan .. dirs for result - for(int i=0; isize()==2) { - Value& not_found_code=params->as_junction(1, "not-found param must be code"); - r.write_pass_lang(r.process(not_found_code)); - } -} - static void _load(Request& r, const String& method_name, MethodParams *params) { Pool& pool=r.pool(); Value& vmode_name=params-> as_no_junction(0, "mode must not be code"); @@ -147,11 +155,37 @@ static void _stat(Request& r, const Stri ff.put(*new(pool) String(pool, "cdate"), new(pool) VDate(pool, ctime)); } -static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) { - Hash& hash=*static_cast(info); - hash.put(key, &static_cast(value)->as_string()); +static bool is_safe_env_key(const char *key) { + if(strncasecmp(key, "HTTP_", 5)==0) + return true; + if(strncasecmp(key, "CGI_", 4)==0) + return true; + for(int i=0; suexec_safe_env_lst[i]; i++) { + if(strcasecmp(key, suexec_safe_env_lst[i])==0) + return true; + } + return false; } +#ifndef DOXYGEN +struct Append_env_pair_info { + Hash* hash; + const String* sstdin; +}; +#endif +static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) { + Append_env_pair_info& pi=*static_cast(info); + const String& svalue=static_cast(value)->as_string(); + if(key==STDIN_EXEC_PARAM_NAME) { + pi.sstdin=&svalue; + } else { + if(!is_safe_env_key(key.cstr())) + throw Exception("parser.runtime", + &key, + "not safe environment variable"); + pi.hash->put(key, &svalue); + } +} static void pass_cgi_header_attribute(Array::Item *value, void *info) { String& string=*static_cast(value); Hash& hash=*static_cast(info); @@ -160,9 +194,7 @@ static void pass_cgi_header_attribute(Ar hash.put(string.mid(0, colon_pos), new(string.pool()) VString(string.mid(colon_pos+1, string.size()))); } -/** @todo fix `` in perl - they produced flipping consoles and no output to perl - @test EPASS, ECSTR [touched them when optimized hash] -*/ +/// @todo fix `` in perl - they produced flipping consoles and no output to perl static void _exec_cgi(Request& r, const String& method_name, MethodParams *params, bool cgi) { Pool& pool=r.pool(); @@ -179,13 +211,15 @@ static void _exec_cgi(Request& r, const name##value.APPEND_CONST(value_cstr); \ env.put(name##key, &name##value); \ } - #define EPASS(name) \ - String name##key(pool, #name); \ - String name##value(pool); \ - if(const char *value_cstr=SAPI::get_env(pool, #name)) { \ - name##value.APPEND_CONST(value_cstr); \ - env.put(name##key, &name##value); \ - } + // passing SAPI::environment + if(const char *const *pairs=SAPI::environment(pool)) { + while(const char *pair=*pairs++) + if(const char *eq_at=strchr(pair, '=')) { + String& key=*new(pool) String(pool, pair, eq_at-pair); + String& value=*new(pool) String(pool, eq_at+1); + env.put(key, &value); + } + } // const ECSTR(GATEWAY_INTERFACE, "CGI/1.1"); @@ -200,29 +234,23 @@ static void _exec_cgi(Request& r, const snprintf(content_length_cstr, MAX_NUMBER, "%u", r.info.content_length); String content_length(pool, content_length_cstr); ECSTR(CONTENT_LENGTH, content_length_cstr); - ECSTR(HTTP_COOKIE, r.info.cookie); - ECSTR(HTTP_USER_AGENT, r.info.user_agent); - // passing some SAPI:get_env-s - EPASS(SERVER_PROTOCOL); - EPASS(SERVER_NAME); - EPASS(SERVER_PORT); - EPASS(HTTP_REFERER); - EPASS(REMOTE_ADDR); - EPASS(REMOTE_HOST); - EPASS(REMOTE_USER); - // SCRIPT_NAME + // SCRIPT_* env.put(*new(pool) String(pool, "SCRIPT_NAME"), &script_name); -#ifdef WIN32 - // WIN32 shell - EPASS(COMSPEC); -#endif + //env.put(*new(pool) String(pool, "SCRIPT_FILENAME"), ??&script_name); + // environment & stdin from param + String in(pool); if(params->size()>1) { Value& venv=params->as_no_junction(1, "env must not be code"); - if(Hash *user_env=venv.get_hash(&method_name)) - user_env->for_each(append_env_pair, &env); + if(Hash *user_env=venv.get_hash(&method_name)) { + Append_env_pair_info info={&env}; + user_env->for_each(append_env_pair, &info); + if(info.sstdin) + in.append(*info.sstdin, String::UL_CLEAN, true); + } } + // argv from params Array *argv=0; if(params->size()>2) { argv=new(pool) Array(pool, params->size()-2); @@ -230,11 +258,12 @@ static void _exec_cgi(Request& r, const *argv+=¶ms->as_string(i, "parameter must be string"); } - String in(pool); - in.APPEND(r.post_data, r.post_size, String::UL_CLEAN, "passing post data", 0); + // passing POST data + if(in.is_empty()) // if $.stdin[...] not specified + in.APPEND(r.post_data, r.post_size, String::UL_CLEAN, "POST data (passed)", 0); + + // exec! String out(pool); - //out.APPEND_CONST("content-type:text/plain\nheader:test-header\n\ntest-body"); - //out<size()>1) { regexp=¶ms->as_no_junction(1, "regexp must not be code").as_string(); @@ -317,8 +347,6 @@ static void _list(Request& r, const Stri throw Exception(0, ®exp->mid(erroffset, regexp->size()), "regular expression syntax error - %s", errptr); - - ovector=(int *)pool.malloc(sizeof(int)*(ovecsize=(1/*match*/)*3)); } else regexp_code=0; @@ -367,7 +395,6 @@ static void _list(Request& r, const Stri // write out result VTable& result=*new(pool) VTable(pool, &table); - result.set_name(method_name); r.write_no_lang(result); } @@ -391,12 +418,97 @@ static void _lock(Request& r, const Stri file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); } -// constructor +static int lastposafter(const String& s, int after, const char *substr, size_t substr_size, bool beforelast=false) { + size_t size; + if(beforelast) + size=s.size(); + int at; + while((at=s.pos(substr, substr_size, after))>=0) { + size_t newafter=at+substr_size/*skip substr*/; + if(beforelast && newafter==size) + break; + after=newafter; + } + + return after; +} + +static void _find(Request& r, const String& method_name, MethodParams *params) { + Pool& pool=r.pool(); + const String &file_name=params->as_no_junction(0, "file name must not be code").as_string(); + const String *file_spec; + if(file_name.first_char()=='/') + file_spec=&file_name; + else + file_spec=&r.relative(r.info.uri, file_name); + + // easy way + if(file_readable(r.absolute(*file_spec))) { + r.write_no_lang(*file_spec); + return; + } + + // monkey way + int after_base_slash=lastposafter(*file_spec, 0, "/", 1); + const String *dirname=&file_spec->mid(0, after_base_slash); + const String& basename=file_spec->mid(after_base_slash, file_spec->size()); + + int after_monkey_slash; + while((after_monkey_slash=lastposafter(*dirname, 0, "/", 1, true))>0) { + String local_test_name(pool); + local_test_name<<*(dirname=&dirname->mid(0, after_monkey_slash)); + local_test_name<size()==2) { + Value& not_found_code=params->as_junction(1, "not-found param must be code"); + r.write_pass_lang(r.process(not_found_code)); + } +} +static void _dirname(Request& r, const String& method_name, MethodParams *params) { + Pool& pool=r.pool(); + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > /a + // /a/b/ > /a + int afterslash=lastposafter(file_spec, 0, "/", 1, true); + if(afterslash>0) + r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); + else + r.write_assign_lang(*new(pool) String(pool, ".", 1)); +} + +static void _basename(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > some.tar.gz + int afterslash=lastposafter(file_spec, 0, "/", 1); + r.write_assign_lang(file_spec.mid(afterslash, file_spec.size())); +} + +static void _justname(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > some.tar + int afterslash=lastposafter(file_spec, 0, "/", 1); + int afterdot=lastposafter(file_spec, afterslash, ".", 1); + r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.size())); +} +static void _justext(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > gz + int afterdot=lastposafter(file_spec, 0, ".", 1); + if(afterdot>0) + r.write_assign_lang(file_spec.mid(afterdot, file_spec.size())); +} + +// constructor + +MFile::MFile(Pool& apool) : Methoded(apool, "file") { // ^save[mode;file-name] add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); @@ -406,10 +518,6 @@ MFile::MFile(Pool& apool) : Methoded(apo // ^move[from-file-name;to-file-name] add_native_method("move", Method::CT_STATIC, _move, 2, 2); - // ^find[file-name] - // ^find[file-name]{when-not-found} - add_native_method("find", Method::CT_STATIC, _find, 1, 2); - // ^load[mode;disk-name] // ^load[mode;disk-name;user-name] add_native_method("load", Method::CT_DYNAMIC, _load, 2, 3); @@ -434,6 +542,19 @@ MFile::MFile(Pool& apool) : Methoded(apo // ^file:lock[path]{code} add_native_method("lock", Method::CT_STATIC, _lock, 2, 2); + // ^find[file-name] + // ^find[file-name]{when-not-found} + add_native_method("find", Method::CT_STATIC, _find, 1, 2); + + // ^file:dirname[/a/some.tar.gz]=/a + // ^file:dirname[/a/b/]=/a + add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1); + // ^file:basename[/a/some.tar.gz]=some.tar.gz + add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); + // ^file:justname[/a/some.tar.gz]=some.tar + add_native_method("justname", Method::CT_STATIC, _justname, 1, 1); + // ^file:justext[/a/some.tar.gz]=gz + add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); } // global variable