/*---------------------------------------------------------------------- | PLT_FileMediaServer::ServeFile +---------------------------------------------------------------------*/ NPT_Result PLT_FileMediaServer::ServeFile(NPT_HttpRequest& request, const NPT_HttpRequestContext& context, NPT_HttpResponse& response, const NPT_String& uri_path, const NPT_String& file_path) { NPT_COMPILER_UNUSED(context); // prevent hackers from accessing files outside of our root if ((file_path.Find("/..") >= 0) || (file_path.Find("\\..") >= 0)) { return NPT_FAILURE; } // File requested NPT_String path = m_FileBaseUri.GetPath(); if (path.Compare(uri_path.Left(path.GetLength()), true) == 0) { NPT_Position start, end; PLT_HttpHelper::GetRange(request, start, end); return PLT_FileServer::ServeFile(response, NPT_FilePath::Create(m_Path, file_path), start, end, !request.GetMethod().Compare("HEAD")); } // Album Art requested path = m_AlbumArtBaseUri.GetPath(); if (path.Compare(uri_path.Left(path.GetLength()), true) == 0) { return OnAlbumArtRequest(response, m_Path + file_path); } return NPT_FAILURE; }
/*---------------------------------------------------------------------- | PLT_FileMediaServer::ProcessFileRequest +---------------------------------------------------------------------*/ NPT_Result PLT_FileMediaServer::ProcessFileRequest(NPT_HttpRequest& request, NPT_HttpResponse& response, NPT_SocketInfo& client_info) { NPT_COMPILER_UNUSED(client_info); NPT_LOG_FINE("PLT_FileMediaServer::ProcessFileRequest Received Request:"); PLT_LOG_HTTP_MESSAGE(NPT_LOG_LEVEL_FINE, &request); response.GetHeaders().SetHeader("Accept-Ranges", "bytes"); if (request.GetMethod().Compare("GET") && request.GetMethod().Compare("HEAD")) { response.SetStatus(500, "Internal Server Error"); return NPT_SUCCESS; } // File requested NPT_String path = m_FileBaseUri.GetPath(); NPT_String strUri = NPT_Uri::PercentDecode(request.GetUrl().GetPath()); NPT_HttpUrlQuery query(request.GetUrl().GetQuery()); NPT_String file_path = query.GetField("path"); // hack for XBMC support for 360, we urlencoded the ? to that the 360 doesn't strip out the query // but then the query ends being parsed as part of the path int index = strUri.Find("path="); if (index>0) file_path = strUri.Right(strUri.GetLength()-index-5); if (file_path.GetLength() == 0) goto failure; // HACK for wmp: somehow they inverse our slashes ! // do it only if we're on windows if (m_DirDelimiter == "\\") { file_path.Replace('/', '\\'); } if (path.Compare(strUri.Left(path.GetLength()), true) == 0) { NPT_Integer start, end; PLT_HttpHelper::GetRange(&request, start, end); return PLT_FileServer::ServeFile(m_Path + file_path, &response, start, end, !request.GetMethod().Compare("HEAD")); } // Album Art requested path = m_AlbumArtBaseUri.GetPath(); if (path.Compare(strUri.Left(path.GetLength()), true) == 0) { return OnAlbumArtRequest(m_Path + file_path, response); } failure: response.SetStatus(404, "File Not Found"); return NPT_SUCCESS; }