46 |
my $relPath=shift; |
my $relPath=shift; |
47 |
my $client=shift; |
my $client=shift; |
48 |
|
|
49 |
|
&::syslog('debug',"Meteor::Document: Request received for '%s'",$relPath); |
50 |
|
|
51 |
my $doc=$class->documentForPath($relPath); |
my $doc=$class->documentForPath($relPath); |
52 |
|
|
53 |
unless(defined($doc)) |
unless(defined($doc)) |
59 |
|
|
60 |
$doc->serveTo($client); |
$doc->serveTo($client); |
61 |
|
|
62 |
|
$::Statistics->{'documents_served'}++; |
63 |
|
|
64 |
$doc; |
$doc; |
65 |
} |
} |
66 |
|
|
137 |
$relPath=~s/^[\/]*//; |
$relPath=~s/^[\/]*//; |
138 |
$relPath=~s/[\/]*$//; |
$relPath=~s/[\/]*$//; |
139 |
|
|
|
# split into path components |
|
|
my @pathComponents=split(/[\/]+/,$relPath); |
|
140 |
|
|
141 |
# Check components |
# NOTE: With the right strings the code below triggers a bug in |
142 |
foreach (@pathComponents) |
# perl (5.8.6 currently) that will result in messages like |
143 |
|
# |
144 |
|
# Attempt to free unreferenced scalar |
145 |
|
# |
146 |
|
# and an eventual crash. |
147 |
|
# |
148 |
|
# So it was replaced with the more naive code following this |
149 |
|
# commented out code. |
150 |
|
# |
151 |
|
# # split into path components |
152 |
|
# my @pathComponents=split(/[\/]+/,$relPath); |
153 |
|
# |
154 |
|
# # Check components |
155 |
|
# foreach (@pathComponents) |
156 |
|
# { |
157 |
|
# # Very strict: We only allow alphanumeric characters, dash and |
158 |
|
# # underscore, followed by any number of extensions that also |
159 |
|
# # only allow the above characters. |
160 |
|
# unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
161 |
|
# { |
162 |
|
# &::syslog('debug', |
163 |
|
# "Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
164 |
|
# $relPath,$_ |
165 |
|
# ); |
166 |
|
# |
167 |
|
# return undef; |
168 |
|
# } |
169 |
|
# } |
170 |
|
# |
171 |
|
#my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
172 |
|
|
173 |
|
# |
174 |
|
# Check for all alphanumeric or dash, underscore, dot and slash |
175 |
|
# |
176 |
|
unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i) |
177 |
{ |
{ |
178 |
# Very strict: We only allow alphanumric characters, dash and |
&::syslog('debug', |
179 |
# underscore, followed by any number of extensions that also |
"Meteor::Document: Rejecting path '%s' due to invalid characters", |
180 |
# only allow the above characters. |
$relPath |
181 |
unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
); |
182 |
{ |
|
183 |
&::syslog('debug', |
return undef; |
184 |
"Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
} |
185 |
$relPath,$_ |
# |
186 |
); |
# Don't allow '..' |
187 |
|
# |
188 |
return undef; |
if(index($relPath,'..')>=0) |
189 |
} |
{ |
190 |
|
&::syslog('debug', |
191 |
|
"Meteor::Document: Rejecting path '%s' due to invalid sequence '..'", |
192 |
|
$relPath |
193 |
|
); |
194 |
|
|
195 |
|
return undef; |
196 |
} |
} |
197 |
|
|
198 |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath; |
199 |
|
|
200 |
# If it is a directory, append DirectoryIndex config value |
# If it is a directory, append DirectoryIndex config value |
201 |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
259 |
} |
} |
260 |
|
|
261 |
1; |
1; |
|
############################################################################EOF |
|
262 |
|
############################################################################EOF |