httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Some patche I've written to support the PUT-method (fwd)
Date Mon, 19 Aug 1996 05:46:52 GMT

not acked. One for rst I suppose.


----- Forwarded message from Jan Vanhercke -----

Sender: java@java.be
Message-ID: <32176B65.78812B26@java.be>
Date: Sun, 18 Aug 1996 21:13:41 +0200
From: Jan Vanhercke <java@java.be>
X-Mailer: Mozilla 3.0b6Gold (X11; I; Linux 1.2.13 i586)
MIME-Version: 1.0
To: apache-bugs@mail.apache.org
Subject: Some patche I've written to support the PUT-method
Content-Type: multipart/mixed; boundary="------------678D07C335E02B47512A74C"

This is a multi-part message in MIME format.

--------------678D07C335E02B47512A74C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

This is more of a new feature for Apache instead of a bug-report, but I
didn't who to contact within your group.

I've written a very short piece of code supporting, to my knowledge, the
PUT method the way the Netscape Navigator is using it today. It
essentially is a modification to the default_handler in the http_core.c
function.

Note that this patch will allow someone who is using the 'Publish'
function of the Netscape Navigator Gold to upload a file to the Apache
Server that in its turn will store it on the file-system. Hence you will
need to protect agains the use of that method to prevent people altering
the contents of the WEB server.

You can do that by saying:

<Limit PUT>
...some traditional protection rules against updating
</Limit>

It makes sence to disable by default such possibilities. I also need to
look into the caching issues, but I didn't get round to it yet.

The patch is attached to this mail. Please give some feedback if this is
useful.

Cheers,

Jan


-- 
        *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
           Jan Vanhercke, Kruipstraat 14, B-1850 Grimbergen, Belgium
        Tel: +32 2 270 28 06, e-mail: java@java.be jhercke@be.oracle.com
        *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

--------------678D07C335E02B47512A74C
Content-Type: text/plain; charset=us-ascii; name="patch-put"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="patch-put"

diff -r -u apache_1.1.1/src/http_core.c apache_1.1.1+PUT/src/http_core.c
--- apache_1.1.1/src/http_core.c	Wed Jun 12 20:14:31 1996
+++ apache_1.1.1+PUT/src/http_core.c	Sun Aug 18 18:52:36 1996
@@ -891,6 +891,107 @@
     int errstatus;
     FILE *f;
     
+/*	Modifications to support the PUT method.
+**	
+**	by Jan Vanhercke, java@java.be
+**
+**	Following modifications have been verified on UNIX (Linux) only so I've put then
+**	in the __EMX__ comments, so that they do not appear in OS/2 until tested
+*/
+
+#ifndef __EMX__
+    if (r->method_number == M_PUT) {
+	char *lenp = table_get(r->headers_in, "Content-length");
+	char buffer[HUGE_STRING_LEN];
+	table_entry *hdrs;
+	int remaining,i;
+
+	/*	According to the standard we may not accept 'Content-*' headers we do
+	**	not understand. To my knowledge the Netscape Navigator Gold, only uses
+	**	Content-length, and that's the only one I've implemented.
+	**	In the future I expect this to change, however, until then we're safe.
+	*/
+
+	hdrs = (table_entry *)r->headers_in->elts;
+	for (i = 0; i < r->headers_in->nelts; i++)
+            if (strncasecmp("Content-", hdrs[i].key, 8) == 0)
+		if(strcasecmp("Content-length", hdrs[i].key) == 0)
+		    lenp = hdrs[i].val;
+		else
+		    return NOT_IMPLEMENTED;
+
+	/*	We must receive a Content-length header. This is showstopper.
+	*/
+
+	if(!lenp) {
+	    log_reason("POST without Content-length:", r->filename, r);
+	    return BAD_REQUEST;
+	}
+
+	/* We will now try to create the file and copy the contents of the client
+	** into that file.
+	*/
+	
+	f = fopen(r->filename,"w");
+	if(!f) {
+            log_reason("file permissions deny server write access", r->filename, r);
+            return FORBIDDEN;
+	}
+
+	remaining = atoi(lenp);
+
+	while(remaining > 0)
+	{
+	    int len_read, len_to_read = remaining;
+
+	    if(len_to_read > HUGE_STRING_LEN) len_to_read = HUGE_STRING_LEN;
+
+	    len_read = read_client_block(r, buffer, len_to_read);
+	    if(len_read == 0)
+		break;
+
+	    if(fwrite(buffer, 1, len_read, f) == 0) {
+		log_reason("write to file file before posting completed", r->filename, r);
+		fclose(f);
+
+		/* We really don't know what hit us here, so let's say we're not
+		** allowed to write any more to this filesystem (could be because of quota,
+		** disk full conditions or many other unexpected events....
+		*/
+
+		return  FORBIDDEN;
+	    }
+	    remaining -= len_read;
+	}
+
+	/* Ok, we finished reading because of error or because we have received everything.
+	** get the rest of the input channel and clean up our mess.
+	*/
+
+	while(remaining > 0) {
+	    int len_read, len_to_read = remaining;
+
+	    if(len_to_read > HUGE_STRING_LEN) len_to_read = HUGE_STRING_LEN;
+
+	    len_read = read_client_block(r, buffer, len_to_read);
+	    if(len_read == 0)
+		break;
+	}
+
+	fflush(f);
+	fclose(f);
+
+	/* Well, everything went fine. If it is a new file we should reply with
+	** a CREATED message otherwise a simple OK will do.
+	*/
+
+	if(r->finfo.st_mode == 0)
+		return CREATED;
+	else
+		return NO_CONTENT;
+    }
+#endif
+
     if (r->method_number != M_GET) return DECLINED;
 
     if (r->finfo.st_mode == 0 || (r->path_info && *r->path_info)) {
diff -r -u apache_1.1.1/src/http_protocol.c apache_1.1.1+PUT/src/http_protocol.c
--- apache_1.1.1/src/http_protocol.c	Sun Jun 23 20:05:16 1996
+++ apache_1.1.1+PUT/src/http_protocol.c	Sun Aug 18 16:43:15 1996
@@ -590,7 +590,7 @@
     return OK;
 }
 
-#define RESPONSE_CODE_LIST " 200 302 304 400 401 403 404 500 503 501 502 "
+#define RESPONSE_CODE_LIST " 200 201 202 204 302 304 400 401 403 404 500 503 501 502 "
 
 /* New Apache routine to map error responses into array indicies 
  *  e.g.  400 -> 0,  500 -> 1,  502 -> 2 ...                     
@@ -599,6 +599,9 @@
 
 char *status_lines[] = {
    "200 OK",
+   "201 Created",
+   "202 Accepted",
+   "204 No Content",
    "302 Found",
    "304 Not Modified",
    "400 Bad Request",
@@ -613,6 +616,9 @@
 
 char *response_titles[] = {
    "200 OK",			/* Never actually sent, barring die(200,...) */
+   "201 Created",
+   "202 Accepted",
+   "204 No Content",
    "Document moved",		/* 302 Redirect */
    "304 Not Modified",		/* Never sent... 304 MUST be header only */
    "Bad Request",
diff -r -u apache_1.1.1/src/httpd.h apache_1.1.1+PUT/src/httpd.h
--- apache_1.1.1/src/httpd.h	Mon Jul  8 21:01:19 1996
+++ apache_1.1.1+PUT/src/httpd.h	Sun Aug 18 16:42:09 1996
@@ -249,6 +249,9 @@
 /* ------------------------------ error types ------------------------------ */
 
 #define DOCUMENT_FOLLOWS 200
+#define CREATED 201
+#define ACCEPTED 202
+#define NO_CONTENT 204
 #define REDIRECT 302
 #define USE_LOCAL_COPY 304
 #define BAD_REQUEST 400

--------------678D07C335E02B47512A74C--

----- End of forwarded message from Jan Vanhercke -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message