Mercurial > blahgd > fmt4

view static.c @ 1125:9293874827bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
post: don't leak parsed tag and cat names Sadly, the recent commit (37044617c35deabfe8337a049d2da635bb14075a) did not fix all the reference leaks surrounding the tag and category name s-expression processing. Signed-off-by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
author Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
date Sat, 09 Jun 2018 20:06:30 -0400
parents e6975ddad46b
children 76e18831873f
line wrap: on
line source

/*
 * Copyright (c) 2015-2017 Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include <jeffpc/error.h>

#include "static.h"
#include "utils.h"

struct uri_info {
	const char *uri;
	const char *content_type;	/* required for URI_STATIC */
	enum uri_type type;
	bool recurse;
};

static const struct uri_info safe_uris[] = {
	{ "/",			NULL,		URI_DYNAMIC,	false },
	{ "/bug.png",		"image/png",	URI_STATIC,	false },
	{ "/favicon.ico",	"image/png",	URI_STATIC,	false },
	{ "/style.css",		"text/css",	URI_STATIC,	false },
	{ "/wiki.png",		"image/png",	URI_STATIC,	false },
	{ "/math/",		"image/png",	URI_STATIC,	true  },
	{ NULL,			NULL,		URI_BAD,	false },
};

static const struct uri_info *get_uri_info(const char *path)
{
	int i;

	if (!path)
		return NULL;

	if (hasdotdot(path))
		return NULL;

	for (i = 0; safe_uris[i].uri; i++) {
		const char *uri = safe_uris[i].uri;
		bool rec = safe_uris[i].recurse;

		/* recursive paths must begin exactly the same */
		if (rec && !strncmp(uri, path, strlen(uri)))
			return &safe_uris[i];

		/* non-recursive paths must match exactly */
		if (!rec && !strcmp(uri, path))
			return &safe_uris[i];
	}

	return NULL;
}

enum uri_type get_uri_type(struct str *path)
{
	const struct uri_info *info;

	info = get_uri_info(str_cstr(path));

	str_putref(path);

	return info ? info->type : URI_BAD;
}

int blahg_static(struct req *req)
{
	char path[FILENAME_MAX];
	const struct uri_info *info;
	struct str *uri_str;
	const char *uri;

	uri_str = nvl_lookup_str(req->scgi->request.headers, SCGI_DOCUMENT_URI);
	ASSERT(!IS_ERR(uri_str));

	uri = str_cstr(uri_str);

	info = get_uri_info(uri);
	ASSERT(info);

	/* SCGI_DOCUMENT_URI comes with a leading /, remove it. */
	uri++;

	snprintf(path, sizeof(path), "%s/%s", str_cstr(config.web_dir), uri);

	str_putref(uri_str);

	/*
	 * We assume that the URI is relative to the web dir.  Since we
	 * have a whitelist of allowed URIs, whe should be safe here.
	 */
	req->scgi->response.body = read_file_len(path,
						 &req->scgi->response.bodylen);

	if (IS_ERR(req->scgi->response.body))
		return R404(req, NULL);

	req_head(req, "Content-Type", info->content_type);

	return 0;
}