--- parser3/src/classes/file.C 2001/09/13 14:10:54 1.52 +++ parser3/src/classes/file.C 2002/06/20 15:42:28 1.89 @@ -1,13 +1,11 @@ /** @file Parser: @b file parser class. - Copyright (c) 2001 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001, 2002 ArtLebedev Group (http://www.artlebedev.com) + Author: Alexandr Petrosian (http://paf.design.ru) - Author: Alexander Petrosyan (http://design.ru/paf) - - $Id: file.C,v 1.52 2001/09/13 14:10:54 parser Exp $ + $Id: file.C,v 1.89 2002/06/20 15:42:28 paf Exp $ */ -static const char *RCSId="$Id: file.C,v 1.52 2001/09/13 14:10:54 parser Exp $"; #include "pa_config_includes.h" @@ -22,15 +20,58 @@ static const char *RCSId="$Id: file.C,v #include "pa_vdate.h" #include "pa_dir.h" #include "pa_vtable.h" - -// consts +#include "pa_charset.h" // defines -#define FILE_CLASS_NAME "file" - #define TEXT_MODE_NAME "text" +// consts + +/// from apache-1.3|src|support|suexec.c +static const char *suexec_safe_env_lst[]={ + "AUTH_TYPE", + "CONTENT_LENGTH", + "CONTENT_TYPE", + "DATE_GMT", + "DATE_LOCAL", + "DOCUMENT_NAME", + "DOCUMENT_PATH_INFO", + "DOCUMENT_ROOT", + "DOCUMENT_URI", + "FILEPATH_INFO", + "GATEWAY_INTERFACE", + "LAST_MODIFIED", + "PATH_INFO", + "PATH_TRANSLATED", + "QUERY_STRING", + "QUERY_STRING_UNESCAPED", + "REMOTE_ADDR", + "REMOTE_HOST", + "REMOTE_IDENT", + "REMOTE_PORT", + "REMOTE_USER", + "REDIRECT_QUERY_STRING", + "REDIRECT_STATUS", + "REDIRECT_URL", + "REQUEST_METHOD", + "REQUEST_URI", + "SCRIPT_FILENAME", + "SCRIPT_NAME", + "SCRIPT_URI", + "SCRIPT_URL", + "SERVER_ADMIN", + "SERVER_NAME", + "SERVER_ADDR", + "SERVER_PORT", + "SERVER_PROTOCOL", + "SERVER_SOFTWARE", + "UNIQUE_ID", + "USER_NAME", + "TZ", + NULL +}; + // class class MFile : public Methoded { @@ -62,20 +103,18 @@ static void _save(Request& r, const Stri } static void _delete(Request& r, const String&, MethodParams *params) { - Pool& pool=r.pool(); Value& vfile_name=params->as_no_junction(0, "file name must not be code"); // unlink - file_delete(pool, r.absolute(vfile_name.as_string())); + file_delete(r.absolute(vfile_name.as_string())); } static void _move(Request& r, const String&, MethodParams *params) { - Pool& pool=r.pool(); Value& vfrom_file_name=params->as_no_junction(0, "from file name must not be code"); Value& vto_file_name=params->as_no_junction(1, "to file name must not be code"); // move - file_move(pool, + file_move( r.absolute(vfrom_file_name.as_string()), r.absolute(vto_file_name.as_string())); } @@ -88,18 +127,18 @@ static void _find(Request& r, const Stri // passed file name simply exists in current dir if(file_readable(r.absolute(lfile_name))) { - r.write_no_lang(*new(pool) VString(lfile_name)); + r.write_no_lang(lfile_name); return; } // scan .. dirs for result for(int i=0; isize()>2?params->get(2).as_string().cstr() - :lfile_name.cstr(String::UL_FILE_NAME); + char *user_file_name=params->size()>2? + params->as_string(2, "filename must be string").cstr(String::UL_FILE_SPEC) + :lfile_name.cstr(String::UL_FILE_SPEC); static_cast(r.self)->set(true/*tainted*/, data, size, user_file_name, new(pool) VString(r.mime_type_of(user_file_name))); @@ -149,11 +189,25 @@ static void _stat(Request& r, const Stri ff.put(*new(pool) String(pool, "cdate"), new(pool) VDate(pool, ctime)); } +static bool is_safe_env_key(const char *key) { + if(strncasecmp(key, "HTTP_", 5)==0) + return true; + if(strncasecmp(key, "CGI_", 4)==0) + return true; + for(int i=0; suexec_safe_env_lst[i]; i++) { + if(strcasecmp(key, suexec_safe_env_lst[i])==0) + return true; + } + return false; +} static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) { Hash& hash=*static_cast(info); + if(!is_safe_env_key(key.cstr())) + throw Exception("parser.runtime", + &key, + "not safe environment variable"); hash.put(key, &static_cast(value)->as_string()); } - static void pass_cgi_header_attribute(Array::Item *value, void *info) { String& string=*static_cast(value); Hash& hash=*static_cast(info); @@ -162,7 +216,8 @@ static void pass_cgi_header_attribute(Ar hash.put(string.mid(0, colon_pos), new(string.pool()) VString(string.mid(colon_pos+1, string.size()))); } -/// @todo fix `` in perl - they produced flipping consoles and no output to perl +/** @todo fix `` in perl - they produced flipping consoles and no output to perl +*/ static void _exec_cgi(Request& r, const String& method_name, MethodParams *params, bool cgi) { Pool& pool=r.pool(); @@ -172,52 +227,43 @@ static void _exec_cgi(Request& r, const const String& script_name=r.absolute(vfile_name.as_string()); Hash env(pool); - #define PASS(key) \ - String key(pool); \ - if(const char *value=SAPI::get_env(pool, #key)) { \ - key.APPEND_CONST(value); \ - env.put(String(pool, #key), &key); \ - } - #define INFO(key, value) \ - String value(pool); \ - if(r.info.value) { \ - value.APPEND_CONST(r.info.value); \ - env.put(String(pool, key), &value); \ + #define ECSTR(name, value_cstr) \ + String name##key(pool, #name); \ + String name##value(pool); \ + if(value_cstr) { \ + name##value.APPEND_CONST(value_cstr); \ + env.put(name##key, &name##value); \ } + // passing SAPI::environment + if(const char *const *pairs=SAPI::environment(pool)) { + while(const char *pair=*pairs++) + if(const char *eq_at=strchr(pair, '=')) { + String& key=*new(pool) String(pool, pair, eq_at-pair); + String& value=*new(pool) String(pool, eq_at+1); + env.put(key, &value); + } + } // const - String gateway_interface(pool, "CGI/1.1"); - env.put(String(pool, "GATEWAY_INTERFACE"), &gateway_interface); + ECSTR(GATEWAY_INTERFACE, "CGI/1.1"); // from Request.info - INFO("DOCUMENT_ROOT", document_root); - INFO("PATH_TRANSLATED", path_translated); - INFO("SERVER_PROTOCOL", method); - INFO("QUERY_STRING", query_string); - INFO("REQUEST_URI", uri); - INFO("CONTENT_TYPE", content_type); + ECSTR(DOCUMENT_ROOT, r.info.document_root); + ECSTR(PATH_TRANSLATED, r.info.path_translated); + ECSTR(REQUEST_METHOD, r.info.method); + ECSTR(QUERY_STRING, r.info.query_string); + ECSTR(REQUEST_URI, r.info.uri); + ECSTR(CONTENT_TYPE, r.info.content_type); char content_length_cstr[MAX_NUMBER]; snprintf(content_length_cstr, MAX_NUMBER, "%u", r.info.content_length); String content_length(pool, content_length_cstr); - env.put(String(pool, "CONTENT_LENGTH"), &content_length); - INFO("HTTP_COOKIE", cookie); - INFO("HTTP_USER_AGENT", user_agent); - // passing some SAPI:get_env-s - PASS(SERVER_NAME); - PASS(SERVER_PORT); - PASS(HTTP_REFERER); - PASS(REMOTE_ADDR); - PASS(REMOTE_HOST); - PASS(REMOTE_USER); - // SCRIPT_NAME - env.put(String(pool, "SCRIPT_NAME"), &script_name); -#ifdef WIN32 - // WIN32 shell - PASS(COMSPEC); -#endif + ECSTR(CONTENT_LENGTH, content_length_cstr); + // SCRIPT_* + env.put(*new(pool) String(pool, "SCRIPT_NAME"), &script_name); + //env.put(*new(pool) String(pool, "SCRIPT_FILENAME"), ??&script_name); if(params->size()>1) { Value& venv=params->as_no_junction(1, "env must not be code"); - if(Hash *user_env=venv.get_hash()) + if(Hash *user_env=venv.get_hash(&method_name)) user_env->for_each(append_env_pair, &env); } @@ -225,15 +271,16 @@ static void _exec_cgi(Request& r, const if(params->size()>2) { argv=new(pool) Array(pool, params->size()-2); for(int i=2; isize(); i++) - *argv+=¶ms->get(i).as_string(); + *argv+=¶ms->as_string(i, "parameter must be string"); } - const String in(pool, r.post_data, r.post_size); + String in(pool); + in.APPEND(r.post_data, r.post_size, String::UL_CLEAN, "passing post data", 0); String out(pool); //out.APPEND_CONST("content-type:text/plain\nheader:test-header\n\ntest-body"); //out<(r.self); @@ -249,9 +296,9 @@ static void _exec_cgi(Request& r, const } if(pos<0) { delim_size=0; // calm down, compiler - PTHROW(0, 0, + throw Exception(0, &method_name, - "output does not contain CGI header; exit code=%d; outsize=%u; out: \"%s\"; errsize=%u; err: \"%s\"", + "output does not contain CGI header; exit status=%d; stdoutsize=%u; stdout: \"%s\"; stderrsize=%u; stderr: \"%s\"", status, (uint)out.size(), out.cstr(), (uint)err.size(), err.cstr()); @@ -268,7 +315,7 @@ static void _exec_cgi(Request& r, const } } // body - self.set(false/*not tainted*/, body->cstr(String::UL_AS_IS), body->size()); + self.set(false/*not tainted*/, body->cstr(), body->size()); // $status self.fields().put( @@ -298,30 +345,28 @@ static void _list(Request& r, const Stri const String *regexp; pcre *regexp_code; - int ovecsize; - int *ovector; + const int ovecsize=(1/*match*/)*3; + int ovector[ovecsize]; if(params->size()>1) { regexp=¶ms->as_no_junction(1, "regexp must not be code").as_string(); - const char *pattern=regexp->cstr(String::UL_AS_IS); + const char *pattern=regexp->cstr(); const char *errptr; int erroffset; regexp_code=pcre_compile(pattern, PCRE_EXTRA | PCRE_DOTALL, &errptr, &erroffset, - r.pcre_tables); + pool.get_client_charset().pcre_tables); if(!regexp_code) - PTHROW(0, 0, + throw Exception(0, ®exp->mid(erroffset, regexp->size()), "regular expression syntax error - %s", errptr); - - ovector=(int *)pool.malloc(sizeof(int)*(ovecsize=(1/*match*/)*3)); } else regexp_code=0; const char* absolute_path_cstr=r.absolute(relative_path.as_string()) - .cstr(String::UL_FILE_NAME); + .cstr(String::UL_FILE_SPEC); Array& columns=*new(pool) Array(pool); columns+=new(pool) String(pool, "name"); @@ -339,7 +384,7 @@ static void _list(Request& r, const Stri suits=false; else if(exec_result<0) { (*pcre_free)(regexp_code); - PTHROW(0, 0, + throw Exception(0, regexp, "regular expression execute (%d)", exec_result); @@ -350,7 +395,7 @@ static void _list(Request& r, const Stri char *file_name_cstr=(char *)pool.malloc(file_name_size); memcpy(file_name_cstr, ffblk.ff_name, file_name_size); String &file_name=*new(pool) String(pool); - file_name.APPEND(file_name_cstr, file_name_size, String::UL_FILE_NAME, + file_name.APPEND(file_name_cstr, file_name_size, String::UL_FILE_SPEC, method_name.origin().file, method_name.origin().line); Array& row=*new(pool) Array(pool); @@ -362,17 +407,84 @@ static void _list(Request& r, const Stri if(regexp_code) (*pcre_free)(regexp_code); + // write out result VTable& result=*new(pool) VTable(pool, &table); - result.set_name(method_name); r.write_no_lang(result); } -// constructor +#ifndef DOXYGEN +struct Lock_execute_body_info { + Request *r; + Value *body_code; +}; +#endif +static void lock_execute_body(int , void *context) { + Lock_execute_body_info& info=*static_cast(context); + + // execute body + info.r->write_assign_lang(info.r->process(*info.body_code)); +}; +static void _lock(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=r.absolute(params->as_string(0, "file name must be string")); + Value& body_code=params->as_junction(1, "body must be code"); + + Lock_execute_body_info info={&r, &body_code}; + file_write_action_under_lock(file_spec, "lock", lock_execute_body, &info); +} + +static int lastposafter(const String& s, int after, const char *substr, size_t substr_size, bool beforelast=false) { + size_t size; + if(beforelast) + size=s.size(); + int at; + while((at=s.pos(substr, substr_size, after))>=0) { + size_t newafter=at+substr_size/*skip substr*/; + if(beforelast && newafter==size) + break; + after=newafter; + } -MFile::MFile(Pool& apool) : Methoded(apool) { - set_name(*NEW String(pool(), FILE_CLASS_NAME)); + return after; +} +static void _dirname(Request& r, const String& method_name, MethodParams *params) { + Pool& pool=r.pool(); + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > /a + // /a/b/ > /a + int afterslash=lastposafter(file_spec, 0, "/", 1, true); + if(afterslash>0) + r.write_assign_lang(file_spec.mid(0, afterslash==1?1:afterslash-1)); + else + r.write_assign_lang(*new(pool) String(pool, ".", 1)); +} + +static void _basename(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > some.tar.gz + int afterslash=lastposafter(file_spec, 0, "/", 1); + r.write_assign_lang(file_spec.mid(afterslash, file_spec.size())); +} + +static void _justname(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > some.tar + int afterslash=lastposafter(file_spec, 0, "/", 1); + int afterdot=lastposafter(file_spec, afterslash, ".", 1); + r.write_assign_lang(file_spec.mid(afterslash, afterdot!=afterslash?afterdot-1:file_spec.size())); +} +static void _justext(Request& r, const String& method_name, MethodParams *params) { + const String& file_spec=params->as_string(0, "file name must be string"); + // /a/some.tar.gz > gz + int afterdot=lastposafter(file_spec, 0, ".", 1); + if(afterdot>0) + r.write_assign_lang(file_spec.mid(afterdot, file_spec.size())); +} + +// constructor + +MFile::MFile(Pool& apool) : Methoded(apool, "file") { // ^save[mode;file-name] add_native_method("save", Method::CT_DYNAMIC, _save, 2, 2); @@ -407,6 +519,18 @@ MFile::MFile(Pool& apool) : Methoded(apo // ^file:list[path][regexp] add_native_method("list", Method::CT_STATIC, _list, 1, 2); + // ^file:lock[path]{code} + add_native_method("lock", Method::CT_STATIC, _lock, 2, 2); + + // ^file:dirname[/a/some.tar.gz]=/a + // ^file:dirname[/a/b/]=/a + add_native_method("dirname", Method::CT_STATIC, _dirname, 1, 1); + // ^file:basename[/a/some.tar.gz]=some.tar.gz + add_native_method("basename", Method::CT_STATIC, _basename, 1, 1); + // ^file:justname[/a/some.tar.gz]=some.tar + add_native_method("justname", Method::CT_STATIC, _justname, 1, 1); + // ^file:justext[/a/some.tar.gz]=gz + add_native_method("justext", Method::CT_STATIC, _justext, 1, 1); } // global variable