Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
PSG
/
civetweb
spogulis no https://github.com/civetweb/civetweb.git
5
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Document local_uri_raw and format code

bel2125 4 gadi atpakaļ
vecāks
a0d9a6c02f
revīzija
7600670c4b
3 mainītis faili ar 28 papildinājumiem un 19 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 2 1
      docs/api/mg_request_info.md
  2. 2 2
      include/civetweb.h
  3. 24 16
      src/civetweb.c

+ 2 - 1
docs/api/mg_request_info.md
Parādīt failu 

@@ -8,7 +8,8 @@
 
 | :--- | :--- | :--- |
 
 |**`request_method`**|`const char *`| The request method used by the client for the connection this can be **GET**, **POST** or one of the other common HTTP request methods |
 
 |**`request_uri`**|`const char *`| The absolute, relative or URL-encoded URI as it was sent in the request.  Example: "http://mydomain.com:8080/path/to/file.ext" or "/path/to/file.ext", depending on the client. |
 
-|**`local_uri`**|`const char *`| The relative URL-encoded URI as it references the local resource. If the request URI does not reference a resource on the local server, this field is NULL.  Example: "/path/to/file.ext" (even if the client used "http://mydomain.com:8080/path/to/file.ext" in the request) |
 
+|**`local_uri_raw`**|`const char *`| The relative URL-encoded URI as it references the local resource. If the request URI does not reference a resource on the local server, this field is NULL.  Example: "/path/to/file.ext" (even if the client used "http://mydomain.com:8080/path/to/file.ext" in the request) |
 
+|**`local_uri`**|`const char *`| The `local_uri_raw` cleaned, so it does not allow a path like "allowed_dir/../forbidden_file". Files served by CivetWeb are selected based on this `local_uri`. |
 
 |~~`uri`~~|`const char *`| *Deprecated. Use* `local_uri` *instead* |
 
 |**`http_version`**|`const char *`| The HTTP version as mentioned in the client request. This can be "1.0", "1.1", etc. |
 
 |**`query_string`**|`const char *`| The HTTP query string, defined as URL part after the first '?' character, not including '?'. NULL if there is no '?'. |

+ 2 - 2
include/civetweb.h
Parādīt failu 

@@ -154,10 +154,10 @@ struct mg_request_info {
 
 	const char *local_uri_raw;   /* URL-decoded URI (relative). Can be NULL
 
 	                              * if the request_uri does not address a
 
 	                              * resource at the server host. */
 
-	char *local_uri;             /* Same as local_uri_raw, however, cleaned
 
+	const char *local_uri;       /* Same as local_uri_raw, however, cleaned
 
 	                              * so a path like
 
 	                              *   allowed_dir/../forbidden_file
 
-	                              * is not possible */
 
+	                              * is not possible. */
 
 #if defined(MG_LEGACY_INTERFACE) /* 2017-02-04, deprecated 2014-09-14 */
 
 	const char *uri;             /* Deprecated: use local_uri instead */
 
 #endif

+ 24 - 16
src/civetweb.c
Parādīt failu 

@@ -3677,9 +3677,11 @@ mg_get_request_info(const struct mg_connection *conn)
 
 		}
 
 
 		((struct mg_connection *)conn)->request_info.local_uri =
 
-		    ((struct mg_connection *)conn)->request_info.local_uri_raw =
 
-		        ((struct mg_connection *)conn)->request_info.request_uri =
 
-		            tls->txtbuf; /* use thread safe buffer */
 
+		    tls->txtbuf; /* use thread safe buffer */
 
+		((struct mg_connection *)conn)->request_info.local_uri_raw =
 
+		    tls->txtbuf; /* use the same thread safe buffer */
 
+		((struct mg_connection *)conn)->request_info.request_uri =
 
+		    tls->txtbuf; /* use  the same thread safe buffer */
 
 
 		((struct mg_connection *)conn)->request_info.num_headers =
 
 		    conn->response_info.num_headers;
 
@@ -14041,6 +14043,7 @@ handle_request(struct mg_connection *conn)
 
 	int handler_type;
 
 	time_t curtime = time(NULL);
 
 	char date[64];
 
+	char *tmp;
 
 
 	path[0] = 0;
 
 
@@ -14092,8 +14095,13 @@ handle_request(struct mg_connection *conn)
 
 	 * ri->local_uri_raw still points to memory allocated in
 
 	 * worker_thread_run(). ri->local_uri is private to the request so we
 
 	 * don't have to use preallocated memory here. */
 
-	ri->local_uri = mg_strdup(ri->local_uri_raw);
 
-	remove_dot_segments(ri->local_uri);
 
+	tmp = mg_strdup(ri->local_uri_raw);
 
+	if (!tmp) {
 
+		/* Out of memory. We cannot do anything reasonable here. */
 
+		return;
 
+	}
 
+	remove_dot_segments(tmp);
 
+	ri->local_uri = tmp;
 
 
 	/* step 1. completed, the url is known now */
 
 	uri_len = (int)strlen(ri->local_uri);
 
@@ -16823,9 +16831,8 @@ reset_per_request_attributes(struct mg_connection *conn)
 
 	conn->request_info.request_uri = NULL;
 
 
 	/* Free cleaned local URI (if any) */
 
-	if(conn->request_info.local_uri != conn->request_info.local_uri_raw)
 
-	{
 
-		mg_free(conn->request_info.local_uri);
 
+	if (conn->request_info.local_uri != conn->request_info.local_uri_raw) {
 
+		mg_free((void *)conn->request_info.local_uri);
 
 		conn->request_info.local_uri = NULL;
 
 	}
 
 	conn->request_info.local_uri = NULL;
 
@@ -17922,7 +17929,7 @@ mg_get_response(struct mg_connection *conn,
 
 	conn->request_info.uri = conn->request_info.request_uri;
 
 #endif
 
 	conn->request_info.local_uri_raw = conn->request_info.request_uri;
 
-	conn->request_info.local_uri = (char*)conn->request_info.local_uri_raw;
 
+	conn->request_info.local_uri = conn->request_info.local_uri_raw;
 
 
 	/* TODO (mid): Define proper return values - maybe return length?
 
 	 * For the first test use <0 for error and >0 for OK */
 
@@ -17972,7 +17979,7 @@ mg_download(const char *host,
 
 			 *       2) here, ri.uri is the http response code */
 
 			conn->request_info.uri = conn->request_info.request_uri;
 
 #endif
 
-			conn->request_info.local_uri = (char*)conn->request_info.request_uri;
 
+			conn->request_info.local_uri = conn->request_info.request_uri;
 
 		}
 
 	}
 
 
@@ -18182,7 +18189,7 @@ mg_connect_websocket_client_impl(const struct mg_client_options *client_options,
 
 		return NULL;
 
 	}
 
 	conn->request_info.local_uri_raw = conn->request_info.request_uri;
 
-	conn->request_info.local_uri = (char*)conn->request_info.local_uri_raw;
 
+	conn->request_info.local_uri = conn->request_info.local_uri_raw;
 
 
 #if defined(__clang__)
 
 #pragma clang diagnostic pop
 
@@ -18478,7 +18485,8 @@ process_new_connection(struct mg_connection *conn)
 
 				break;
 
 			case 2:
 
 				/* relative uri */
 
-				conn->request_info.local_uri_raw = conn->request_info.request_uri;
 
+				conn->request_info.local_uri_raw =
 
+				    conn->request_info.request_uri;
 
 				break;
 
 			case 3:
 
 			case 4:
 
@@ -18501,7 +18509,8 @@ process_new_connection(struct mg_connection *conn)
 
 				conn->request_info.local_uri_raw = NULL;
 
 				break;
 
 			}
 
-			conn->request_info.local_uri = (char*)conn->request_info.local_uri_raw;
 
+			conn->request_info.local_uri =
 
+			    (char *)conn->request_info.local_uri_raw;
 
 
 #if defined(MG_LEGACY_INTERFACE)
 
 			/* Legacy before split into local_uri and request_uri */
 
@@ -18991,9 +19000,8 @@ worker_thread_run(struct mg_connection *conn)
 
 	conn->buf = NULL;
 
 
 	/* Free cleaned URI (if any) */
 
-	if(conn->request_info.local_uri != conn->request_info.local_uri_raw)
 
-	{
 
-		mg_free(conn->request_info.local_uri);
 
+	if (conn->request_info.local_uri != conn->request_info.local_uri_raw) {
 
+		mg_free((void *)conn->request_info.local_uri);
 
 		conn->request_info.local_uri = NULL;
 
 	}