Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-28 17:38:54 +01:00
Code Releases Activity

Normalize HTTP path (thanks to Justin Kirby)

Browse Source
This commit is contained in:
Badlop 2013-06-25 11:26:44 +02:00
parent 7d678fdd09
commit b524e79f55
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/ejabberd_http.erl
View File

@ -366,7 +366,7 @@ process_request(#state{request_method = Method,
{'EXIT', _} -> {'EXIT', _} ->
make_bad_request(State); make_bad_request(State);
{NPath, Query} -> {NPath, Query} ->
LPath = [path_decode(NPE) || NPE <- str:tokens(NPath, <<"/">>)], LPath = normalize_path([NPE || NPE <- str:tokens(path_decode(NPath), <<"/">>)]),
LQuery = case (catch parse_urlencoded(Query)) of LQuery = case (catch parse_urlencoded(Query)) of
{'EXIT', _Reason} -> {'EXIT', _Reason} ->
[]; [];
@ -435,7 +435,7 @@ process_request(#state{request_method = Method,
{'EXIT', _} -> {'EXIT', _} ->
make_bad_request(State); make_bad_request(State);
{NPath, _Query} -> {NPath, _Query} ->
LPath = [path_decode(NPE) || NPE <- str:tokens(NPath, <<"/">>)], LPath = normalize_path([NPE || NPE <- str:tokens(path_decode(NPath), <<"/">>)]),
LQuery = case (catch parse_urlencoded(Data)) of LQuery = case (catch parse_urlencoded(Data)) of
{'EXIT', _Reason} -> {'EXIT', _Reason} ->
[]; [];
@ -820,5 +820,13 @@ old_integer_to_hex(I) when I >= 16 ->
N = trunc(I / 16), N = trunc(I / 16),
old_integer_to_hex(N) ++ old_integer_to_hex(I rem 16). old_integer_to_hex(N) ++ old_integer_to_hex(I rem 16).
%% strip_spaces(String, left) -> normalize_path(Path) ->
%% drop_spaces(String); normalize_path(Path, []).
normalize_path([], Norm) -> lists:reverse(Norm);
normalize_path([".."|Path], Norm) ->
normalize_path(Path, Norm);
normalize_path([_Parent, ".."|Path], Norm) ->
normalize_path(Path, Norm);
normalize_path([Part | Path], Norm) ->
normalize_path(Path, [Part|Norm]).

3
src/mod_http_fileserver.erl
View File

@ -311,7 +311,7 @@ process(LocalPath, Request) ->
add_to_log(FileSize, Code, Request), add_to_log(FileSize, Code, Request),
{Code, Headers, Contents} {Code, Headers, Contents}
catch catch
exit:{noproc, _} -> exit:{noproc, _} ->
?ERROR_MSG("Received an HTTP request with Host ~p, but couldn't find the related " ?ERROR_MSG("Received an HTTP request with Host ~p, but couldn't find the related "
"ejabberd virtual host", [Request#request.host]), "ejabberd virtual host", [Request#request.host]),
ejabberd_web:error(not_found) ejabberd_web:error(not_found)
@ -321,6 +321,7 @@ serve(LocalPath, DocRoot, DirectoryIndices, CustomHeaders, DefaultContentType, C
FileName = filename:join(filename:split(DocRoot) ++ LocalPath), FileName = filename:join(filename:split(DocRoot) ++ LocalPath),
case file:read_file_info(FileName) of case file:read_file_info(FileName) of
{error, enoent} -> ?HTTP_ERR_FILE_NOT_FOUND; {error, enoent} -> ?HTTP_ERR_FILE_NOT_FOUND;
{error, enotdir} -> ?HTTP_ERR_FILE_NOT_FOUND;
{error, eacces} -> ?HTTP_ERR_FORBIDDEN; {error, eacces} -> ?HTTP_ERR_FORBIDDEN;
{ok, #file_info{type = directory}} -> serve_index(FileName, {ok, #file_info{type = directory}} -> serve_index(FileName,
DirectoryIndices, DirectoryIndices,