45 |
my $class=shift; |
my $class=shift; |
46 |
my $relPath=shift; |
my $relPath=shift; |
47 |
my $client=shift; |
my $client=shift; |
48 |
|
|
49 |
&::syslog('debug',"Meteor::Document: Request received for '%s'",$relPath); |
&::syslog('debug',"Meteor::Document: Request received for '%s'",$relPath); |
50 |
|
|
51 |
my $doc=$class->documentForPath($relPath); |
my $doc=$class->documentForPath($relPath); |
59 |
|
|
60 |
$doc->serveTo($client); |
$doc->serveTo($client); |
61 |
|
|
62 |
|
$::Statistics->{'documents_served'}++; |
63 |
|
|
64 |
$doc; |
$doc; |
65 |
} |
} |
66 |
|
|
68 |
my $self=shift; |
my $self=shift; |
69 |
my $client=shift; |
my $client=shift; |
70 |
my $status=shift; |
my $status=shift; |
71 |
|
my $length=shift; |
72 |
|
my $contenttype=shift; |
73 |
|
$length = 0 unless ($length); |
74 |
|
$contenttype = "text/html" unless ($contenttype); |
75 |
|
|
76 |
my $header=$::CONF{'DocumentHeaderTemplate'}; |
my $header="HTTP/1.1 ".$status."\r\nServer: ".$::PGM."\r\nContent-Type: ".$contenttype."; charset=utf-8\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: Thu, 1 Jan 1970 00:00:00 GMT\r\nContent-length: ".$length."\r\n\r\n"; |
|
|
|
|
$header=~s/~([^~]+)~/ |
|
|
if(!defined($1) || $1 eq '') |
|
|
{ |
|
|
'~'; |
|
|
} |
|
|
elsif($1 eq 'server') |
|
|
{ |
|
|
$::PGM; |
|
|
} |
|
|
elsif($1 eq 'status') |
|
|
{ |
|
|
$status; |
|
|
} |
|
|
else |
|
|
{ |
|
|
''; |
|
|
} |
|
|
/gex; |
|
77 |
|
|
78 |
$client->write($header); |
$client->write($header); |
79 |
} |
} |
122 |
$relPath=~s/^[\/]*//; |
$relPath=~s/^[\/]*//; |
123 |
$relPath=~s/[\/]*$//; |
$relPath=~s/[\/]*$//; |
124 |
|
|
|
# split into path components |
|
|
my @pathComponents=split(/[\/]+/,$relPath); |
|
125 |
|
|
126 |
# Check components |
# NOTE: With the right strings the code below triggers a bug in |
127 |
foreach (@pathComponents) |
# perl (5.8.6 currently) that will result in messages like |
128 |
|
# |
129 |
|
# Attempt to free unreferenced scalar |
130 |
|
# |
131 |
|
# and an eventual crash. |
132 |
|
# |
133 |
|
# So it was replaced with the more naive code following this |
134 |
|
# commented out code. |
135 |
|
# |
136 |
|
# # split into path components |
137 |
|
# my @pathComponents=split(/[\/]+/,$relPath); |
138 |
|
# |
139 |
|
# # Check components |
140 |
|
# foreach (@pathComponents) |
141 |
|
# { |
142 |
|
# # Very strict: We only allow alphanumeric characters, dash and |
143 |
|
# # underscore, followed by any number of extensions that also |
144 |
|
# # only allow the above characters. |
145 |
|
# unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
146 |
|
# { |
147 |
|
# &::syslog('debug', |
148 |
|
# "Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
149 |
|
# $relPath,$_ |
150 |
|
# ); |
151 |
|
# |
152 |
|
# return undef; |
153 |
|
# } |
154 |
|
# } |
155 |
|
# |
156 |
|
#my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
157 |
|
|
158 |
|
# |
159 |
|
# Check for all alphanumeric or dash, underscore, dot and slash |
160 |
|
# |
161 |
|
unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i) |
162 |
{ |
{ |
163 |
# Very strict: We only allow alphanumric characters, dash and |
&::syslog('debug', |
164 |
# underscore, followed by any number of extensions that also |
"Meteor::Document: Rejecting path '%s' due to invalid characters", |
165 |
# only allow the above characters. |
$relPath |
166 |
unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
); |
167 |
{ |
|
168 |
&::syslog('debug', |
return undef; |
169 |
"Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
} |
170 |
$relPath,$_ |
# |
171 |
); |
# Don't allow '..' |
172 |
|
# |
173 |
return undef; |
if(index($relPath,'..')>=0) |
174 |
} |
{ |
175 |
|
&::syslog('debug', |
176 |
|
"Meteor::Document: Rejecting path '%s' due to invalid sequence '..'", |
177 |
|
$relPath |
178 |
|
); |
179 |
|
|
180 |
|
return undef; |
181 |
} |
} |
182 |
|
|
183 |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath; |
184 |
|
|
185 |
# If it is a directory, append DirectoryIndex config value |
# If it is a directory, append DirectoryIndex config value |
186 |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
233 |
sub serveTo { |
sub serveTo { |
234 |
my $self=shift; |
my $self=shift; |
235 |
my $client=shift; |
my $client=shift; |
236 |
|
my $ct = "text/html"; |
237 |
|
if ($self->{'path'} =~/\.(js)$/) { |
238 |
|
$ct = "text/javascript"; |
239 |
|
} |
240 |
|
|
241 |
$self->emitHeaderToClient($client,'200 OK'); |
$self->emitHeaderToClient($client,'200 OK',$self->{'size'}, $ct); |
242 |
|
|
243 |
$client->write($self->{'document'}); |
$client->write($self->{'document'}); |
244 |
|
|
245 |
} |
} |
246 |
|
|
247 |
sub path { |
sub path { |