loolwsd/FileServer.hpp | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit 7e67b388328a9a502e56c4395561564e6972ba8b
Author: Jan Holesovsky <ke...@collabora.com>
Date: Wed Apr 13 13:39:33 2016 +0200
Add some paranoia...
diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp
index 06be9ec..250301b 100644
--- a/loolwsd/FileServer.hpp
+++ b/loolwsd/FileServer.hpp
@@ -111,15 +111,20 @@ public:
void preprocessFile(HTTPServerRequest& request, HTTPServerResponse&
response)
{
- Poco::URI requestUri((LOOLWSD::SSLEnabled? "https": "http"),
request.getHost(), request.getURI());
HTMLForm form(request, request.stream());
std::string preprocess;
- const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") +
requestUri.getHost() + ":" + std::to_string(requestUri.getPort());
+ const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") +
request.getHost();
+
+ Poco::URI requestUri(request.getURI());
+ requestUri.normalize(); // avoid .'s and ..'s
const auto path = Poco::Path(LOOLWSD::FileServerRoot,
requestUri.getPath());
+
const auto wopi = form.has("WOPISrc") ?
form.get("WOPISrc") + "?access_token=" +
form.get("access_token","") : "";
+ Log::debug("Preprocessing file: " + path.toString());
+
FileInputStream file(path.toString());
StreamCopier::copyToString(file, preprocess);
file.close();
@@ -145,6 +150,8 @@ public:
try
{
Poco::URI requestUri(request.getURI());
+ requestUri.normalize(); // avoid .'s and ..'s
+
std::vector<std::string> requestSegments;
requestUri.getPathSegments(requestSegments);
if (requestSegments.size() < 1)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
