96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' && c!='/' ){
zFailReason = "illegal character in path";
break;
}
}
return zFailReason;
}
/*
** WEBPAGE: ext raw-content
**
** Relay an HTTP request to secondary CGI after first checking the
** login credentials and setting auxiliary environment variables
** so that the secondary CGI can be aware of the credentials and
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' && c!='/' ){
zFailReason = "illegal character in path";
break;
}
}
return zFailReason;
}
/*
** The *pzPath input is a pathname obtained from mprintf().
**
** If
**
** (1) zPathname is the name of a directory, and
** (2) the name ends with "/", and
** (3) the directory contains a file named index.html, index.wiki,
** or index.md (in that order)
**
** then replace the input with a revised name that includes the index.*
** file and return non-zero (true). If any condition is not met, return
** zero and leave the input pathname unchanged.
*/
static int isDirWithIndexFile(char **pzPath){
static const char *azIndexNames[] = {
"index.html", "index.wiki", "index.md"
};
int i;
if( file_isdir(*pzPath, ExtFILE)!=1 ) return 0;
if( sqlite3_strglob("*/", *pzPath)!=0 ) return 0;
for(i=0; i<sizeof(azIndexNames)/sizeof(azIndexNames[0]); i++){
char *zNew = mprintf("%s%s", *pzPath, azIndexNames[i]);
if( file_isfile(zNew, ExtFILE) ){
fossil_free(*pzPath);
*pzPath = zNew;
return 1;
}
fossil_free(zNew);
}
return 0;
}
/*
** WEBPAGE: ext raw-content
**
** Relay an HTTP request to secondary CGI after first checking the
** login credentials and setting auxiliary environment variables
** so that the secondary CGI can be aware of the credentials and
|
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
** static content.
**
** The path after the /ext is the path to the CGI script or static file
** relative to DIR. For security, this path may not contain characters
** other than ASCII letters or digits, ".", "-", "/", and "_". If the
** "." or "-" characters are present in the path then they may not follow
** a "/".
*/
void ext_page(void){
const char *zName = P("name"); /* Path information after /ext */
char *zPath = 0; /* Complete path from extroot */
int nRoot; /* Number of bytes in the extroot name */
char *zScript = 0; /* Name of the CGI script */
int nScript = 0; /* Bytes in the CGI script name */
|
>
>
>
>
>
|
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
** static content.
**
** The path after the /ext is the path to the CGI script or static file
** relative to DIR. For security, this path may not contain characters
** other than ASCII letters or digits, ".", "-", "/", and "_". If the
** "." or "-" characters are present in the path then they may not follow
** a "/".
**
** If the path after /ext ends with "/" and is the name of a directory then
** that directory is searched for files named "index.html", "index.wiki",
** and "index.md" (in that order) and if found, those filenames are
** appended to the path.
*/
void ext_page(void){
const char *zName = P("name"); /* Path information after /ext */
char *zPath = 0; /* Complete path from extroot */
int nRoot; /* Number of bytes in the extroot name */
char *zScript = 0; /* Name of the CGI script */
int nScript = 0; /* Bytes in the CGI script name */
|
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
zFailReason = "???";
if( file_isdir(g.zExtRoot,ExtFILE)!=1 ){
zFailReason = "extroot is not a directory";
goto ext_not_found;
}
zPath = mprintf("%s/%s", g.zExtRoot, zName);
nRoot = (int)strlen(g.zExtRoot);
if( file_isfile(zPath, ExtFILE) ){
nScript = (int)strlen(zPath);
zScript = zPath;
}else{
for(i=nRoot+1; zPath[i]; i++){
char c = zPath[i];
if( c=='/' ){
int isDir, isFile;
|
|
|
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
zFailReason = "???";
if( file_isdir(g.zExtRoot,ExtFILE)!=1 ){
zFailReason = "extroot is not a directory";
goto ext_not_found;
}
zPath = mprintf("%s/%s", g.zExtRoot, zName);
nRoot = (int)strlen(g.zExtRoot);
if( file_isfile(zPath, ExtFILE) || isDirWithIndexFile(&zPath) ){
nScript = (int)strlen(zPath);
zScript = zPath;
}else{
for(i=nRoot+1; zPath[i]; i++){
char c = zPath[i];
if( c=='/' ){
int isDir, isFile;
|