首页 发现 帮助
注册 登录
PSG
/
civetweb
镜像自地址 https://github.com/civetweb/civetweb.git
5
0
派生 0
文件 工单管理 0 Wiki
浏览代码

C++ wrapper: add POST example and add limits for parameter size

bel2125 7 年之前
父节点
8fd069f6de
当前提交
82c03a22f4
共有 2 个文件被更改,包括 30 次插入4 次删除
合并视图 显示文件统计
  1. 9 2
      examples/embedded_cpp/embedded_cpp.cpp
  2. 21 2
      src/CivetServer.cpp

+ 9 - 2
examples/embedded_cpp/embedded_cpp.cpp
查看文件 

@@ -36,8 +36,15 @@ class ExampleHandler : public CivetHandler
 
 		          "<p>To see a page from the A handler <a "
 
 		          "<p>To see a page from the A handler <a "
 
 		          "href=\"a\">click here</a></p>\r\n");
 
 		          "href=\"a\">click here</a></p>\r\n");
 
 		mg_printf(conn,
 
 		mg_printf(conn,
 
-		          "<p>To see a page from the A handler with a parameter "
 
-		          "<a href=\"a?param=1\">click here</a></p>\r\n");
 
+                  "<form action=\"a\" method=\"get\">"
 
+                  "To see a page from the A handler with a parameter "
 
+                  "<input type=\"submit\" value=\"click here\" "
 
+                  "name=\"param\" \\> (GET)</form>\r\n");
 
+        mg_printf(conn,
 
+                  "<form action=\"a\" method=\"post\">"
 
+                  "To see a page from the A handler with a parameter "
 
+                  "<input type=\"submit\" value=\"click here\" "
 
+                  "name=\"param\" \\> (POST)</form>\r\n");
 
 		mg_printf(conn,
 
 		mg_printf(conn,
 
 		          "<p>To see a page from the A/B handler <a "
 
 		          "<p>To see a page from the A/B handler <a "
 
 		          "href=\"a/b\">click here</a></p>\r\n");
 
 		          "href=\"a/b\">click here</a></p>\r\n");

+ 21 - 2
src/CivetServer.cpp
查看文件 

@@ -15,6 +15,11 @@
 
 #define UNUSED_PARAMETER(x) (void)(x)
 
 #define UNUSED_PARAMETER(x) (void)(x)
 
 #endif
 
 #endif
 
 
 
+#ifndef MAX_PARAM_BODY_LENGTH
 
+// Set a default limit for parameters in a form body: 10 kB
 
+#define MAX_PARAM_BODY_LENGTH (1024 * 10)
 
+#endif
 
+
 
 bool
 
 bool
 
 CivetHandler::handleGet(CivetServer *server, struct mg_connection *conn)
 
 CivetHandler::handleGet(CivetServer *server, struct mg_connection *conn)
 
 {
 
 {
 
@@ -471,12 +476,22 @@ CivetServer::getParam(struct mg_connection *conn,
 
 	mg_unlock_context(me->context);
 
 	mg_unlock_context(me->context);
 
 
 
 	if (conobj.postData != NULL) {
 
 	if (conobj.postData != NULL) {
 
+		// check if form parameter are already stored
 
 		formParams = conobj.postData;
 
 		formParams = conobj.postData;
 
 	} else {
 
 	} else {
 
+		// otherwise, check if there is a request body
 
 		const char *con_len_str = mg_get_header(conn, "Content-Length");
 
 		const char *con_len_str = mg_get_header(conn, "Content-Length");
 
 		if (con_len_str) {
 
 		if (con_len_str) {
 
-			unsigned long con_len = atoi(con_len_str);
 
-			if (con_len > 0) {
 
+			char *end = 0;
 
+			unsigned long con_len = strtoul(con_len_str, &end, 10);
 
+			if ((end == NULL) || (*end != 0)) {
 
+				// malformed header
 
+				return false;
 
+			}
 
+			if ((con_len > 0) && (con_len <= MAX_PARAM_BODY_LENGTH)) {
 
+				// Body is within a reasonable range
 
+
 
+				// Allocate memory:
 
 				// Add one extra character: in case the post-data is a text, it
 
 				// Add one extra character: in case the post-data is a text, it
 
 				// is required as 0-termination.
 
 				// is required as 0-termination.
 
 				// Do not increment con_len, since the 0 terminating is not part
 
 				// Do not increment con_len, since the 0 terminating is not part
 
@@ -490,6 +505,10 @@ CivetServer::getParam(struct mg_connection *conn,
 
 					conobj.postDataLen = con_len;
 
 					conobj.postDataLen = con_len;
 
 				}
 
 				}
 
 			}
 
 			}
 
+			if (conobj.postData == NULL) {
 
+				// we cannot store the body
 
+				return false;
 
+			}
 
 		}
 
 		}
 
 	}
 
 	}
 
 	if (formParams == NULL) {
 
 	if (formParams == NULL) {