couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cml...@apache.org
Subject svn commit: r660136 - in /incubator/couchdb/trunk: bin/couchdb.tpl.in src/mochiweb/Makefile.am src/mochiweb/mochiweb.erl src/mochiweb/mochiweb_request.erl src/mochiweb/mochiweb_util.erl
Date Mon, 26 May 2008 09:06:50 GMT
Author: cmlenz
Date: Mon May 26 02:06:49 2008
New Revision: 660136

URL: http://svn.apache.org/viewvc?rev=660136&view=rev
Log:
Updated MochiWeb in trunk to r76. Closes COUCHDB-42.

Modified:
    incubator/couchdb/trunk/bin/couchdb.tpl.in
    incubator/couchdb/trunk/src/mochiweb/Makefile.am
    incubator/couchdb/trunk/src/mochiweb/mochiweb.erl
    incubator/couchdb/trunk/src/mochiweb/mochiweb_request.erl
    incubator/couchdb/trunk/src/mochiweb/mochiweb_util.erl

Modified: incubator/couchdb/trunk/bin/couchdb.tpl.in
URL: http://svn.apache.org/viewvc/incubator/couchdb/trunk/bin/couchdb.tpl.in?rev=660136&r1=660135&r2=660136&view=diff
==============================================================================
--- incubator/couchdb/trunk/bin/couchdb.tpl.in (original)
+++ incubator/couchdb/trunk/bin/couchdb.tpl.in Mon May 26 02:06:49 2008
@@ -220,7 +220,7 @@
     command="`%ICU_CONFIG% --invoke` \
         %ERL% $interactive_option -smp auto -sasl errlog_type error \
         -pa %erlanglibdir%/couch-%version%/ebin \
-            %erlanglibdir%/mochiweb-r73/ebin \
+            %erlanglibdir%/mochiweb-r76/ebin \
         -eval \"application:load(inets)\" \
         -eval \"application:load(crypto)\" \
         -eval \"application:load(couch)\" \

Modified: incubator/couchdb/trunk/src/mochiweb/Makefile.am
URL: http://svn.apache.org/viewvc/incubator/couchdb/trunk/src/mochiweb/Makefile.am?rev=660136&r1=660135&r2=660136&view=diff
==============================================================================
--- incubator/couchdb/trunk/src/mochiweb/Makefile.am (original)
+++ incubator/couchdb/trunk/src/mochiweb/Makefile.am Mon May 26 02:06:49 2008
@@ -12,7 +12,7 @@
 
 datarootdir = @prefix@/share
 
-mochiwebebindir = $(erlanglibdir)/mochiweb-r73/ebin
+mochiwebebindir = $(erlanglibdir)/mochiweb-r76/ebin
 
 mochiweb_file_collection = \
     mochifmt.erl \

Modified: incubator/couchdb/trunk/src/mochiweb/mochiweb.erl
URL: http://svn.apache.org/viewvc/incubator/couchdb/trunk/src/mochiweb/mochiweb.erl?rev=660136&r1=660135&r2=660136&view=diff
==============================================================================
--- incubator/couchdb/trunk/src/mochiweb/mochiweb.erl (original)
+++ incubator/couchdb/trunk/src/mochiweb/mochiweb.erl Mon May 26 02:06:49 2008
@@ -77,6 +77,14 @@
                          Method,
                          Uri,
                          Version,
+                         mochiweb_headers:make(Headers));
+%% Request-URI is "*"
+%% From http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
+new_request({Socket, {Method, '*'=Uri, Version}, Headers}) ->
+    mochiweb_request:new(Socket,
+                         Method,
+                         Uri,
+                         Version,
                          mochiweb_headers:make(Headers)).
 
 %% @spec new_response({Request, integer(), Headers}) -> MochiWebResponse

Modified: incubator/couchdb/trunk/src/mochiweb/mochiweb_request.erl
URL: http://svn.apache.org/viewvc/incubator/couchdb/trunk/src/mochiweb/mochiweb_request.erl?rev=660136&r1=660135&r2=660136&view=diff
==============================================================================
--- incubator/couchdb/trunk/src/mochiweb/mochiweb_request.erl (original)
+++ incubator/couchdb/trunk/src/mochiweb/mochiweb_request.erl Mon May 26 02:06:49 2008
@@ -325,7 +325,8 @@
                 andalso get_header_value("connection") =/= "Keep-Alive")
         %% unread data left on the socket, can't safely continue
         orelse (DidNotRecv
-                andalso get_header_value("content-length") =/= undefined).
+                andalso get_header_value("content-length") =/= undefined
+                andalso list_to_integer(get_header_value("content-length")) > 0).
 
 %% @spec cleanup() -> ok
 %% @doc Clean up any junk in the process dictionary, required before continuing
@@ -454,15 +455,17 @@
 %% @spec serve_file(Path, DocRoot) -> Response
 %% @doc Serve a file relative to DocRoot.
 serve_file(Path, DocRoot) ->
-    FullPath = filename:join([DocRoot, Path]),
-    File = case filelib:is_dir(FullPath) of
-               true ->
-                   filename:join([FullPath, "index.html"]);
-               false ->
-                   FullPath
-           end,
-    case lists:prefix(DocRoot, File) of
-        true ->
+    case mochiweb_util:safe_relative_path(Path) of
+        undefined ->
+            not_found();
+        RelPath ->
+            FullPath = filename:join([DocRoot, RelPath]),
+            File = case filelib:is_dir(FullPath) of
+                       true ->
+                           filename:join([FullPath, "index.html"]);
+                       false ->
+                           FullPath
+                   end,
             case file:read_file_info(File) of
                 {ok, FileInfo} ->
                     LastModified = httpd_util:rfc1123_date(FileInfo#file_info.mtime),
@@ -482,9 +485,7 @@
                     end;
                 {error, _} ->
                     not_found()
-            end;
-        false ->
-            not_found()
+            end
     end.
 
 

Modified: incubator/couchdb/trunk/src/mochiweb/mochiweb_util.erl
URL: http://svn.apache.org/viewvc/incubator/couchdb/trunk/src/mochiweb/mochiweb_util.erl?rev=660136&r1=660135&r2=660136&view=diff
==============================================================================
--- incubator/couchdb/trunk/src/mochiweb/mochiweb_util.erl (original)
+++ incubator/couchdb/trunk/src/mochiweb/mochiweb_util.erl Mon May 26 02:06:49 2008
@@ -11,6 +11,7 @@
 -export([guess_mime/1, parse_header/1]).
 -export([shell_quote/1, cmd/1, cmd_string/1, cmd_port/2]).
 -export([record_to_proplist/2, record_to_proplist/3]).
+-export([safe_relative_path/1, partition/2]).
 -export([to_lower/1]).
 -export([test/0]).
 
@@ -32,6 +33,69 @@
 unhexdigit(C) when C >= $a, C =< $f -> C - $a + 10;
 unhexdigit(C) when C >= $A, C =< $F -> C - $A + 10.
 
+%% @spec partition(String, Sep) -> {String, [], []} | {Prefix, Sep, Postfix}
+%% @doc Inspired by Python 2.5's str.partition:
+%%      partition("foo/bar", "/") = {"foo", "/", "bar"},
+%%      partition("foo", "/") = {"foo", "", ""}.
+partition(String, Sep) ->
+    case partition(String, Sep, []) of
+        undefined ->
+            {String, "", ""};
+        Result ->
+            Result
+    end.
+
+partition("", _Sep, _Acc) ->
+    undefined;
+partition(S, Sep, Acc) ->
+    case partition2(S, Sep) of
+        undefined ->
+            [C | Rest] = S,
+            partition(Rest, Sep, [C | Acc]);
+        Rest ->
+            {lists:reverse(Acc), Sep, Rest}
+    end.
+
+partition2(Rest, "") ->
+    Rest;
+partition2([C | R1], [C | R2]) ->
+    partition2(R1, R2);
+partition2(_S, _Sep) ->
+    undefined.
+
+
+
+%% @spec safe_relative_path(string()) -> string() | undefined
+%% @doc Return the reduced version of a relative path or undefined if it
+%%      is not safe. safe relative paths can be joined with an absolute path
+%%      and will result in a subdirectory of the absolute path.
+safe_relative_path("/" ++ _) ->
+    undefined;
+safe_relative_path(P) ->
+    safe_relative_path(P, []).
+
+safe_relative_path("", Acc) ->
+    case Acc of
+        [] ->
+            "";
+        _ ->
+            join(lists:reverse(Acc), "/")
+    end;
+safe_relative_path(P, Acc) ->
+    case partition(P, "/") of
+        {"", "/", _} ->
+            %% /foo or foo//bar
+            undefined;
+        {"..", _, _} when Acc =:= [] ->
+            undefined;
+        {"..", _, Rest} ->
+            safe_relative_path(Rest, tl(Acc));
+        {Part, "/", ""} ->
+            safe_relative_path("", ["", Part | Acc]);
+        {Part, _, Rest} ->
+            safe_relative_path(Rest, [Part | Acc])
+    end.
+
 %% @spec shell_quote(string()) -> string()
 %% @doc Quote a string according to UNIX shell quoting rules, returns a string
 %%      surrounded by double quotes.
@@ -400,6 +464,8 @@
     test_shell_quote(),
     test_cmd(),
     test_cmd_string(),
+    test_partition(),
+    test_safe_relative_path(),
     ok.
 
 test_shell_quote() ->
@@ -499,3 +565,25 @@
     [{"foo", "bar"}, {"baz", "wibble \r\n"}, {"z", "1"}] =
         parse_qs("foo=bar&baz=wibble+%0D%0A&z=1"),
     ok.
+
+test_partition() ->
+    {"foo", "", ""} = partition("foo", "/"),
+    {"foo", "/", "bar"} = partition("foo/bar", "/"),
+    {"foo", "/", ""} = partition("foo/", "/"),
+    {"", "/", "bar"} = partition("/bar", "/"),
+    {"f", "oo/ba", "r"} = partition("foo/bar", "oo/ba"),
+    ok.
+
+test_safe_relative_path() ->
+    "foo" = safe_relative_path("foo"),
+    "foo/" = safe_relative_path("foo/"),
+    "foo" = safe_relative_path("foo/bar/.."),
+    "bar" = safe_relative_path("foo/../bar"),
+    "bar/" = safe_relative_path("foo/../bar/"),
+    "" = safe_relative_path("foo/.."),
+    "" = safe_relative_path("foo/../"),
+    undefined = safe_relative_path("/foo"),
+    undefined = safe_relative_path("../foo"),
+    undefined = safe_relative_path("foo/../.."),
+    undefined = safe_relative_path("foo//"),
+    ok.



Mime
View raw message