void HttpServer::processRequest(const HttpMessage& request, HttpMessage*& response, OsConnectionSocket* connection ) { UtlString method; response = NULL; if(true) // used to be authorization check, but I don't want to change all indenting { request.getRequestMethod(&method); method.toUpper(); UtlString uri; request.getRequestUri(&uri); UtlString uriFileName(uri); ssize_t fileNameEnd = -1; if(method.compareTo(HTTP_GET_METHOD) == 0) { fileNameEnd = uriFileName.first('?'); if(fileNameEnd > 0) { uriFileName.remove(fileNameEnd); } } UtlString mappedUriFileName; if (uriFileName.contains("..")) { OsSysLog::add(FAC_SIP, PRI_ERR, "HttpServer::processRequest " "Disallowing URI: '%s' because it contains '..'", uriFileName.data()); // Disallow relative path names going up for security reasons mappedUriFileName.append("/"); } else { OsSysLog::add(FAC_SIP, PRI_INFO, "HttpServer::processRequest " "%s '%s'", method.data(), uriFileName.data()); // Map the file name mapUri(mUriMaps, uriFileName.data(), mappedUriFileName); } // Build the request context HttpRequestContext requestContext(method.data(), uri.data(), mappedUriFileName.data(), NULL, NULL, // was userid connection ); if(requestContext.methodIs(HTTP_POST_METHOD)) { //Need to get the CGI/form variables from the body. const HttpBody* body = request.getBody(); if(body && !body->isMultipart()) { requestContext.extractPostCgiVariables(*body); } } RequestProcessor* requestProcessorPtr = NULL; HttpService* pService = NULL; if( ( requestContext.methodIs(HTTP_GET_METHOD) || requestContext.methodIs(HTTP_POST_METHOD) ) && findRequestProcessor(uriFileName.data(), requestProcessorPtr)) { // There is a request processor for this URI requestProcessorPtr(requestContext, request, response); } else if ( ( requestContext.methodIs(HTTP_GET_METHOD) || requestContext.methodIs(HTTP_POST_METHOD) || requestContext.methodIs(HTTP_PUT_METHOD) || requestContext.methodIs(HTTP_DELETE_METHOD) ) && findHttpService(uriFileName.data(), pService)) { pService->processRequest(requestContext, request, response); } else { processNotSupportedRequest(requestContext, request, response); } } }