[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
Jan Holesovsky
kendy at collabora.com
Wed Apr 13 11:45:20 UTC 2016
loolwsd/FileServer.hpp | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit 7e67b388328a9a502e56c4395561564e6972ba8b
Author: Jan Holesovsky <kendy at collabora.com>
Date: Wed Apr 13 13:39:33 2016 +0200
Add some paranoia...
diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp
index 06be9ec..250301b 100644
--- a/loolwsd/FileServer.hpp
+++ b/loolwsd/FileServer.hpp
@@ -111,15 +111,20 @@ public:
void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response)
{
- Poco::URI requestUri((LOOLWSD::SSLEnabled? "https": "http"), request.getHost(), request.getURI());
HTMLForm form(request, request.stream());
std::string preprocess;
- const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + requestUri.getHost() + ":" + std::to_string(requestUri.getPort());
+ const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + request.getHost();
+
+ Poco::URI requestUri(request.getURI());
+ requestUri.normalize(); // avoid .'s and ..'s
const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath());
+
const auto wopi = form.has("WOPISrc") ?
form.get("WOPISrc") + "?access_token=" + form.get("access_token","") : "";
+ Log::debug("Preprocessing file: " + path.toString());
+
FileInputStream file(path.toString());
StreamCopier::copyToString(file, preprocess);
file.close();
@@ -145,6 +150,8 @@ public:
try
{
Poco::URI requestUri(request.getURI());
+ requestUri.normalize(); // avoid .'s and ..'s
+
std::vector<std::string> requestSegments;
requestUri.getPathSegments(requestSegments);
if (requestSegments.size() < 1)
More information about the Libreoffice-commits
mailing list