| 46 |
my $relPath=shift; |
my $relPath=shift; |
| 47 |
my $client=shift; |
my $client=shift; |
| 48 |
|
|
| 49 |
|
&::syslog('debug',"Meteor::Document: Request received for '%s'",$relPath); |
| 50 |
|
|
| 51 |
my $doc=$class->documentForPath($relPath); |
my $doc=$class->documentForPath($relPath); |
| 52 |
|
|
| 53 |
unless(defined($doc)) |
unless(defined($doc)) |
| 59 |
|
|
| 60 |
$doc->serveTo($client); |
$doc->serveTo($client); |
| 61 |
|
|
| 62 |
|
$::Statistics->{'documents_served'}++; |
| 63 |
|
|
| 64 |
$doc; |
$doc; |
| 65 |
} |
} |
| 66 |
|
|
| 137 |
$relPath=~s/^[\/]*//; |
$relPath=~s/^[\/]*//; |
| 138 |
$relPath=~s/[\/]*$//; |
$relPath=~s/[\/]*$//; |
| 139 |
|
|
|
# split into path components |
|
|
my @pathComponents=split(/[\/]+/,$relPath); |
|
| 140 |
|
|
| 141 |
# Check components |
# NOTE: With the right strings the code below triggers a bug in |
| 142 |
foreach (@pathComponents) |
# perl (5.8.6 currently) that will result in messages like |
| 143 |
|
# |
| 144 |
|
# Attempt to free unreferenced scalar |
| 145 |
|
# |
| 146 |
|
# and an eventual crash. |
| 147 |
|
# |
| 148 |
|
# So it was replaced with the more naive code following this |
| 149 |
|
# commented out code. |
| 150 |
|
# |
| 151 |
|
# # split into path components |
| 152 |
|
# my @pathComponents=split(/[\/]+/,$relPath); |
| 153 |
|
# |
| 154 |
|
# # Check components |
| 155 |
|
# foreach (@pathComponents) |
| 156 |
|
# { |
| 157 |
|
# # Very strict: We only allow alphanumeric characters, dash and |
| 158 |
|
# # underscore, followed by any number of extensions that also |
| 159 |
|
# # only allow the above characters. |
| 160 |
|
# unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
| 161 |
|
# { |
| 162 |
|
# &::syslog('debug', |
| 163 |
|
# "Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
| 164 |
|
# $relPath,$_ |
| 165 |
|
# ); |
| 166 |
|
# |
| 167 |
|
# return undef; |
| 168 |
|
# } |
| 169 |
|
# } |
| 170 |
|
# |
| 171 |
|
#my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
| 172 |
|
|
| 173 |
|
# |
| 174 |
|
# Check for all alphanumeric or dash, underscore, dot and slash |
| 175 |
|
# |
| 176 |
|
unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i) |
| 177 |
{ |
{ |
| 178 |
# Very strict: We only allow alphanumric characters, dash and |
&::syslog('debug', |
| 179 |
# underscore, followed by any number of extensions that also |
"Meteor::Document: Rejecting path '%s' due to invalid characters", |
| 180 |
# only allow the above characters. |
$relPath |
| 181 |
unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i) |
); |
| 182 |
{ |
|
| 183 |
&::syslog('debug', |
return undef; |
| 184 |
"Meteor::Document: Rejecting path '%s' due to invalid component '%s'", |
} |
| 185 |
$relPath,$_ |
# |
| 186 |
); |
# Don't allow '..' |
| 187 |
|
# |
| 188 |
return undef; |
if(index($relPath,'..')>=0) |
| 189 |
} |
{ |
| 190 |
|
&::syslog('debug', |
| 191 |
|
"Meteor::Document: Rejecting path '%s' due to invalid sequence '..'", |
| 192 |
|
$relPath |
| 193 |
|
); |
| 194 |
|
|
| 195 |
|
return undef; |
| 196 |
} |
} |
| 197 |
|
|
| 198 |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents); |
my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath; |
| 199 |
|
|
| 200 |
# If it is a directory, append DirectoryIndex config value |
# If it is a directory, append DirectoryIndex config value |
| 201 |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
$path.='/'.$::CONF{'DirectoryIndex'} if(-d $path); |
| 259 |
} |
} |
| 260 |
|
|
| 261 |
1; |
1; |
|
############################################################################EOF |
|
| 262 |
|
############################################################################EOF |
Parent Directory
| 
Revision Log
| 
Patch