Software /
code /
prosody
Annotate
plugins/mod_httpserver.lua @ 1770:3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 11 Sep 2009 03:12:09 +0100 |
parent | 1552:334b66f614a6 |
child | 1771:39e6b986ef01 |
child | 1812:e32593074602 |
rev | line source |
---|---|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
1 -- Prosody IM |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
2 -- Copyright (C) 2008-2009 Matthew Wild |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
3 -- Copyright (C) 2008-2009 Waqas Hussain |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
4 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
6 -- COPYING file in the source package for more information. |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
7 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
8 |
696
b35faad717f2
mod_httpserver: Add require 'net.httpserver'
Matthew Wild <mwild1@gmail.com>
parents:
635
diff
changeset
|
9 |
b35faad717f2
mod_httpserver: Add require 'net.httpserver'
Matthew Wild <mwild1@gmail.com>
parents:
635
diff
changeset
|
10 local httpserver = require "net.httpserver"; |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local open = io.open; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local t_concat = table.concat; |
1770
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
14 local check_http_path; |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local http_base = "www_files"; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
1770
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
18 local response_403 = { status = "403 Forbidden", body = "<h1>Invalid URL</h1>Sorry, we couldn't find what you were looking for :(" }; |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" }; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local http_path = { http_base }; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 local function handle_request(method, body, request) |
1770
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
23 local path = check_http_path(request.url.path:gsub("^/[^/]+%.*", "")); |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
24 if not path then |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
25 return response_403; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
26 end |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 http_path[2] = path; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 local f, err = open(t_concat(http_path), "r"); |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 if not f then return response_404; end |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local data = f:read("*a"); |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 f:close(); |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 return data; |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 end |
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
1384
2f7403d47cf1
mod_httpserver: Allow configuration of ports and base path, like mod_bosh
Matthew Wild <mwild1@gmail.com>
parents:
696
diff
changeset
|
35 local ports = config.get(module.host, "core", "http_ports") or { 5280 }; |
1552
334b66f614a6
mod_httpserver: Update to use new new_from_config() too
Matthew Wild <mwild1@gmail.com>
parents:
1538
diff
changeset
|
36 httpserver.new_from_config(ports, "files", handle_request); |
1770
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
37 |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
38 function check_http_path(url) |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
39 if url:sub(1,1) ~= "/" then |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
40 url = "/"..url; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
41 end |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
42 |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
43 local level = 0; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
44 for part in url:gmatch("%/([^/]+)") do |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
45 if part == ".." then |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
46 level = level - 1; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
47 elseif part ~= "." then |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
48 level = level + 1; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
49 end |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
50 if level < 0 then |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
51 return nil; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
52 end |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
53 end |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
54 return url; |
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
55 end |