static bool is_file_prefix(std::string const &prefix,std::string const &full) { size_t prefix_size = prefix.size(); if(prefix_size > full.size()) return false; if(memcmp(prefix.c_str(),full.c_str(),prefix_size) != 0) return false; if(prefix_size == 0 || is_directory_separator(prefix[prefix_size-1])) return true; if(full.size() > prefix_size && !is_directory_separator(full[prefix_size])) return false; return true; }
astring &core_filename_extract_base(astring &result, const char *name, bool strip_extension) { /* find the start of the name */ const char *start = name + strlen(name); while (start > name && !is_directory_separator(start[-1])) start--; /* copy the rest into an astring */ result.cpy(start); /* chop the extension if present */ if (strip_extension) result.substr(0, result.rchr(0, '.')); return result; }
astring *core_filename_extract_base(astring *result, const char *name, int strip_extension) { /* find the start of the name */ const char *start = name + strlen(name); while (start > name && !is_directory_separator(start[-1])) start--; /* copy the rest into an astring */ astring_cpyc(result, start); /* chop the extension if present */ if (strip_extension) astring_substr(result, 0, astring_rchr(result, 0, '.')); return result; }
bool file_server::check_in_document_root(std::string normal,std::string &real) { // Use only Unix file names for(size_t i=0;i<normal.size();i++) if(is_directory_separator(normal[i])) normal[i]='/'; std::string root = document_root_; for(unsigned i=0;i<alias_.size();i++) { std::string const &ref=alias_[i].first; if(is_file_prefix(ref,normal)) { root = alias_[i].second; normal = normal.substr(ref.size()); if(normal.empty()) normal="/"; break; } } if(normal.empty()) return false; if(normal[0]!='/') return false; // Prevent the access to any valid file below like // detecting that the files placed in /var/www // by providing a path /../../var/www/known.txt // whuch would be valid as known is placed in /var/www // but yet we don't want user to detect that files // exist in /var/www for(size_t pos = 1;pos != std::string::npos; pos = normal.find('/',pos)) { std::string sub_path = normal.substr(0,pos); std::string tmp; if(!is_in_root(sub_path,root,tmp)) return false; pos++; } if(!is_in_root(normal,root,real)) return false; return true; }
static String get_default_file_name(const char *nci_based_name) { // first try to find NCIHOME variable char *ncihome = getenv("NCIHOME"); char *buff = NULL; String filename; if (ncihome == NULL) { // try to incant nci from current directory int len = 64; char *cur_dir = NULL; while ((cur_dir == NULL) && (len < 16536)) { delete buff; len += len; buff = new char[len]; cur_dir = getcwd(buff,len); } if (cur_dir != NULL) { int i = 0; while (cur_dir[i])i++; i--; while (i > 0) { if (is_directory_separator(cur_dir[i])) { cur_dir[i] = 0; i --; } if ((cur_dir[i-2] == 'n') && (cur_dir[i-1] == 'c') && (cur_dir[i] == '0')) { ncihome = cur_dir; break; } while ((i > 0) && !is_directory_separator(cur_dir[i])) i--; } } } // if we could not find ncihome, try a simple file name in our local directory if (ncihome == NULL) { int i = 0; int j = 0; while (nci_based_name[i]) { if (is_directory_separator(nci_based_name[i])) j = i + 1; i ++; } if (nci_based_name[j] != 0) { filename = String(nci_based_name + j); } } else { filename = String(ncihome) + String( #ifndef MSVC "/" #else "\\" #endif ) + String(nci_based_name);; } // ok, we have developed a file name delete buff; return #ifndef MSVC filename; #else String("\\")+filename; #endif }