IHTTPRequestHandler *VHTTPServerProject::RetainMatchingHTTPRequestHandler (const XBOX::VString& inURL)
{
IHTTPRequestHandler *resultHandler = NULL;
XBOX::VTaskLock lock (&fRegexCacheLock);
XBOX::VString urlString (inURL);
/*
// URL Start with project pattern ?
if (!fSettings->GetProjectPattern().IsEmpty())
{
sLONG pos = HTTPServerTools::FindASCIIVString (urlString, fSettings->GetProjectPattern());
if (pos == 2) // Takes the starting CHAR_SOLIDUS into account
inURL.GetSubString (pos + fSettings->GetProjectPattern().GetLength(), inURL.GetLength() - fSettings->GetProjectPattern().GetLength() - 1, urlString);
}
*/
resultHandler = RetainProcessingHandler<IHTTPRequestHandler> (fRegexCache, urlString, false);
/* YT 18-Jan-2012 - ACI0075015, ACI0074936 & ACI0074300
When no requestHandler match and the URL ends by SOLIDUS '/', try to find a requestHandler matching the URL +
the index page name (typically for 4D: /index.shtml have to be handled by a specific requestHandler)
*/
if ((NULL == resultHandler) && (urlString.GetUniChar (urlString.GetLength()) == CHAR_SOLIDUS))
{
urlString.AppendString (fSettings->GetIndexPageName());
resultHandler = RetainProcessingHandler<IHTTPRequestHandler> (fRegexCache, urlString, false);
}
return resultHandler;
}
XBOX::VError VVirtualFolder::GetFilePathFromURL (const XBOX::VString& inURL, XBOX::VString& outLocationPath)
{
if (!fLocalFolder)
{
XBOX::VString URL (inURL);
sLONG pos = HTTPServerTools::FindASCIIVString (URL, fName);
if (pos > 0)
URL.Remove (1, pos + fName.GetLength() - 1);
if ((URL.GetLength() == 1) && (URL.GetUniChar (1) == CHAR_SOLIDUS) && (!fIndexFileName.IsEmpty()))
URL.AppendString (fIndexFileName);
outLocationPath.FromString (fLocationPath);
if (outLocationPath.GetUniChar (outLocationPath.GetLength()) == CHAR_SOLIDUS)
outLocationPath.Truncate (outLocationPath.GetLength() - 1);
outLocationPath.AppendString (URL);
return VE_HTTP_PROTOCOL_FOUND;
}
XBOX::VError error = XBOX::VE_FILE_NOT_FOUND;
XBOX::VFilePath path (fFolder->GetPath());
XBOX::VString pathString (inURL);
XBOX::VString folder;
XBOX::VString docName;
if ((pathString.GetLength() == 1) && (pathString.GetUniChar (1) == CHAR_SOLIDUS))
{
docName.FromString (fIndexFileName);
}
else
{
bool notDone = true;
sLONG folderLen = 0;
sLONG pos = 0;
sLONG curPos = 0;
// YT 16-Nov-2011 - ACI0073914
if (pathString.FindUniChar (CHAR_COLON) > 0) // ':'
pathString.ExchangeAll (CHAR_COLON, CHAR_SOLIDUS);
if (pathString.FindUniChar (CHAR_REVERSE_SOLIDUS) > 0) // '\'
pathString.ExchangeAll (CHAR_REVERSE_SOLIDUS, CHAR_SOLIDUS);
while (notDone)
{
if ((pos = pathString.FindUniChar (CHAR_SOLIDUS, curPos + 1)) > 0) // '/'
{
HTTPServerTools::GetSubString (pathString, curPos, pos - 2, folder);
folderLen = folder.GetLength();
if (folderLen > 0)
{
/* If URL first folder equals Virtual Folder Name or Project Pattern... Do nothing... */
if ((curPos == 1) && !fName.IsEmpty() && HTTPServerTools::EqualASCIIVString (fName, folder))
;
/* YT 24-Feb-2011 - ACI0069901 - Project Pattern is already removed from URL in VHTTPResponse::_UpdateRequestURL()
else if ((curPos == 1) && !fProjectPattern.IsEmpty() && HTTPServerTools::EqualASCIIVString (fProjectPattern, folder))
{
pathString.SubString (curPos + fProjectPattern.GetLength() + 1, pathString.GetLength() - fProjectPattern.GetLength() + 1); // YT 24-Nov-2010 - ACI0068942 - Remove Project Pattern from URL...
folderLen = 0;
curPos = -1;
}
*/
else if ((folderLen == 2) && (folder[0] == CHAR_FULL_STOP) && (folder[1] == CHAR_FULL_STOP)) // ".."
path = path.ToParent();
else if ((folderLen == 1) && (folder[0] == CHAR_FULL_STOP)) // "."
; // unchanged
else
path = path.ToSubFolder (folder);
curPos += (folderLen + 1);
}
else
curPos += 1;
}
else
notDone = false;
if (curPos >= pathString.GetLength())
break;
}
if (curPos < pathString.GetLength())
HTTPServerTools::GetSubString (pathString, curPos, pathString.GetLength() - 1, docName);
}
/* if URL does not include a filename, try using the index file name set in prefs */
if (docName.IsEmpty())
docName.FromString (fIndexFileName);
path = path.ToSubFile (docName);
/*
at this stage path should contain a full path pointing to the wanted file
check that this is inside the web folder (if it's a web connection)
*/
// SECURITY CHECK - change it with great care
if (path.GetPath().BeginsWith (fFolder->GetPath().GetPath()))
{
outLocationPath.FromString (path.GetPath());
error = VE_OK;
}
else
{
// UNDER ATTACK !!!
path.Clear();
error = VE_HTTP_PROTOCOL_FORBIDDEN;
}
return error;
}
