/[meteor]/googlecode.com/svn/trunk/Meteor/Document.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /googlecode.com/svn/trunk/Meteor/Document.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3 by andrew.betts, Mon Nov 20 17:59:30 2006 UTC revision 12 by knops.gerd, Thu Dec 14 16:58:18 2006 UTC
# Line 45  sub serveFileToClient { Line 45  sub serveFileToClient {
45          my $class=shift;          my $class=shift;
46          my $relPath=shift;          my $relPath=shift;
47          my $client=shift;          my $client=shift;
48    
49            &::syslog('debug',"Meteor::Document: Request received for '%s'",$relPath);
50                    
51          my $doc=$class->documentForPath($relPath);          my $doc=$class->documentForPath($relPath);
52                    
# Line 133  sub pathToAbsolute { Line 135  sub pathToAbsolute {
135          $relPath=~s/^[\/]*//;          $relPath=~s/^[\/]*//;
136          $relPath=~s/[\/]*$//;          $relPath=~s/[\/]*$//;
137                    
         # split into path components  
         my @pathComponents=split(/[\/]+/,$relPath);  
138                    
139          # Check components          # NOTE: With the right strings the code below triggers a bug in
140          foreach (@pathComponents)          # perl (5.8.6 currently) that will result in messages like
141            #
142            #       Attempt to free unreferenced scalar
143            #
144            # and an eventual crash.
145            #
146            # So it was replaced with the more naive code following this
147            # commented out code.
148            #
149            # # split into path components
150            # my @pathComponents=split(/[\/]+/,$relPath);
151            #
152            # # Check components
153            # foreach (@pathComponents)
154            # {
155            #       # Very strict: We only allow alphanumeric characters, dash and
156            #       # underscore, followed by any number of extensions that also
157            #       # only allow the above characters.
158            #       unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i)
159            #       {
160            #               &::syslog('debug',
161            #                       "Meteor::Document: Rejecting path '%s' due to invalid component '%s'",
162            #                       $relPath,$_
163            #               );
164            #              
165            #               return undef;
166            #       }
167            # }
168            #
169            #my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents);
170            
171            #
172            # Check for all alphanumeric or dash, underscore, dot and slash
173            #
174            unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i)
175          {          {
176                  # Very strict: We only allow alphanumric characters, dash and                  &::syslog('debug',
177                  # underscore, followed by any number of extensions that also                          "Meteor::Document: Rejecting path '%s' due to invalid characters",
178                  # only allow the above characters.                          $relPath
179                  unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i)                  );
180                  {                  
181                          &::syslog('debug',                  return undef;
182                                  "Meteor::Document: Rejecting path '%s' due to invalid component '%s'",          }
183                                  $relPath,$_          #
184                          );          # Don't allow '..'
185                                    #
186                          return undef;          if(index($relPath,'..')>=0)
187                  }          {
188                    &::syslog('debug',
189                            "Meteor::Document: Rejecting path '%s' due to invalid sequence '..'",
190                            $relPath
191                    );
192                    
193                    return undef;
194          }          }
195                    
196          my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents);          my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath;
197                    
198          # If it is a directory, append DirectoryIndex config value          # If it is a directory, append DirectoryIndex config value
199          $path.='/'.$::CONF{'DirectoryIndex'} if(-d $path);          $path.='/'.$::CONF{'DirectoryIndex'} if(-d $path);
# Line 217  sub path { Line 257  sub path {
257  }  }
258    
259  1;  1;
 ############################################################################EOF  
260    ############################################################################EOF

Legend:
Removed from v.3  
changed lines
  Added in v.12

  ViewVC Help
Powered by ViewVC 1.1.26