135 |
$relPath=~s/^[\/]*//; |
$relPath=~s/^[\/]*//; |
136 |
$relPath=~s/[\/]*$//; |
$relPath=~s/[\/]*$//; |
137 |
|
|
|
# split into path components |
|
|
my @pathComponents=split(/[\/]+/,$relPath); |
|
138 |
|
|
139 |
# Check components |
# NOTE: With the right strings the code below triggers a bug in |
140 |
foreach (@pathComponents) |
# perl (5.8.6 currently) that will result in messages like |
141 |
|
# |
142 |
|
# Attempt to free unreferenced scalar |
143 |
|
# |
144 |
|
# and an eventual crash. |
145 |
|
# |
146 |
|
# So it was replaced with the more naive code following this |
147 |
|
# commented out code. |
148 |
|
# |
149 |
|
# # split into path components |
150 |
|
# my @pathComponents=split(/[\/]+/,$relPath); |
151 |
|
# |
152 |
|
# # Check components |
153 |
|
# foreach (@pathComponents) |
154 |
|
# { |
155 |
|
# # Very strict: We only allow alphanumeric characters, dash and |
156 |
|
# # underscore, followed by any number of extensions that also |
157 |
|
# # only allow the above characters. |
158 |
|
# unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
159 |
|
# { |
160 |
|
# &::syslog('debug', |
161 |
|
# "Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
162 |
|
# $relPath,$_ |
163 |
|
# ); |
164 |
|
# |
165 |
|
# return undef; |
166 |
|
# } |
167 |
|
# } |
168 |
|
# |
169 |
|
#my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
170 |
|
|
171 |
|
# |
172 |
|
# Check for all alphanumeric or dash, underscore, dot and slash |
173 |
|
# |
174 |
|
unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i) |
175 |
|
{ |
176 |
|
&::syslog('debug', |
177 |
|
"Meteor::Document: Rejecting path '%s' due to invalid characters", |
178 |
|
$relPath |
179 |
|
); |
180 |
|
|
181 |
|
return undef; |
182 |
|
} |
183 |
|
# |
184 |
|
# Don't allow '..' |
185 |
|
# |
186 |
|
if(index($relPath,'..')>=0) |
187 |
{ |
{ |
188 |
# Very strict: We only allow alphanumric characters, dash and |
&::syslog('debug', |
189 |
# underscore, followed by any number of extensions that also |
"Meteor::Document: Rejecting path '%s' due to invalid sequence '..'", |
190 |
# only allow the above characters. |
$relPath |
191 |
unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
); |
192 |
{ |
|
193 |
&::syslog('debug', |
return undef; |
|
"Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
|
|
$relPath,$_ |
|
|
); |
|
|
|
|
|
return undef; |
|
|
} |
|
194 |
} |
} |
195 |
|
|
196 |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath; |
197 |
|
|
198 |
# If it is a directory, append DirectoryIndex config value |
# If it is a directory, append DirectoryIndex config value |
199 |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |