diff options
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/webbox/webbox.cpp | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/plugins/webbox/webbox.cpp b/plugins/webbox/webbox.cpp index 78be007..142345a 100644 --- a/plugins/webbox/webbox.cpp +++ b/plugins/webbox/webbox.cpp @@ -56,10 +56,11 @@ namespace { }; std::unordered_map<std::string, std::string> status_map { + { "301", "Moved Permanently" }, { "400", "Bad Request"}, { "403", "Forbidden" }, { "404", "Not Found" }, - { "505", "Internal Server Error" }, + { "500", "Internal Server Error" } }; std::unordered_map<std::string, std::string> ParseQueryString(std::string s) @@ -68,7 +69,7 @@ namespace { size_t pos = s.find('?'); if (pos != s.npos) { - auto list {split(s.substr(pos), "&")}; + auto list {split(s.substr(pos + 1), "&")}; for (auto i: list) { pos = i.find('='); if (pos != i.npos) { @@ -143,14 +144,18 @@ public: // Set parameters from FastCGI request environment m_pathInfo = p.m_GetRequestParam("rel_target"); - if (m_pathInfo == "") { - m_pathInfo = "/"; + size_t pos {m_pathInfo.find('?')}; + if (pos != m_pathInfo.npos) { + m_pathInfo = m_pathInfo.substr(0, pos); } + if (m_pathInfo.find("..") != m_pathInfo.npos) { return HttpStatus("403", "Bad path: "s + m_pathInfo, p); } - m_path = p.webboxPath + m_pathInfo; + m_path = p.webboxPath; + if (!m_pathInfo.empty()) + m_path /= m_pathInfo; return this->start(p); } @@ -173,7 +178,7 @@ protected: // calculated during start of execute() std::string m_pathInfo; // path inside webbox, derived from request - std::string m_path; // complete path, TODO: fs::path + fs::path m_path; // local filesystem path }; class GetCommand: public Command @@ -347,7 +352,7 @@ protected: std::string dirname = tree.get<std::string>("dirname"); try { - if (fs::create_directory(fs::path(m_path) / dirname)) + if (fs::create_directory(m_path / dirname)) return "Successfully created directory"; else return "Error creating directory"; @@ -383,7 +388,7 @@ protected: for (const auto& element: elements) { if (element.first == "file"s) { std::string filename{element.second.data()}; - fs::path path {fs::path(m_path) / filename}; + fs::path path {m_path / filename}; auto filesize {fs::file_size(path)}; @@ -498,7 +503,7 @@ protected: if (element.first == "file"s) { std::string filename{element.second.data()}; - fs::path path{fs::path(m_path) / filename}; + fs::path path{m_path / filename}; if (fs::is_directory(path)) { try { @@ -555,10 +560,10 @@ protected: auto elements {tree.get_child("request")}; for (const auto& element: elements) { if (element.first == "target") { - targetDir = fs::path{m_path} / element.second.data(); + targetDir = m_path / element.second.data(); } else if (element.first == "file") { std::string filename{element.second.data()}; - fs::path old_path{fs::path{m_path} / filename}; + fs::path old_path{m_path / filename}; fs::path new_path{targetDir / filename}; try { fs::rename(old_path, new_path); @@ -604,8 +609,8 @@ protected: std::string oldname{tree.get<std::string>("request.oldname")}; std::string newname{tree.get<std::string>("request.newname")}; - fs::path oldpath{fs::path(m_path) / oldname}; - fs::path newpath{fs::path(m_path) / newname}; + fs::path oldpath{m_path / oldname}; + fs::path newpath{m_path / newname}; try { fs::rename(oldpath, newpath); @@ -683,7 +688,7 @@ protected: } else { filecontent = filecontent.substr(start + "\r\n\r\n"s.size()); - fs::path path{ fs::path{m_path} / filename}; + fs::path path{ m_path / filename}; try { File::setFile(path, filecontent); } catch (const std::exception& ex) { @@ -716,12 +721,12 @@ protected: try { std::string result{File::getFile(m_path)}; - p.m_SetResponseHeader("content_disposition", "attachment; filename=\""s + fs::path{m_path}.filename().string() + "\""s); + p.m_SetResponseHeader("content_disposition", "attachment; filename=\""s + m_path.filename().string() + "\""s); p.m_SetResponseHeader("content_type", "application/octet-stream"); return result; } catch (const std::exception& ex) { - return HttpStatus("500", "Bad file: "s + fs::path{m_path}.filename().string(), p); + return HttpStatus("500", "Bad file: "s + m_path.filename().string(), p); } } }; |