[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-2-1' - wsd/ClientSession.cpp wsd/LOOLWSD.cpp wsd/Storage.cpp
Jan Holesovsky
kendy at collabora.com
Thu Aug 3 12:08:51 UTC 2017
wsd/ClientSession.cpp | 8 +++++++-
wsd/LOOLWSD.cpp | 9 ++++++---
wsd/Storage.cpp | 13 ++++++++-----
3 files changed, 21 insertions(+), 9 deletions(-)
New commits:
commit 126e696d1fa4d9ef3870140dbe480172fbdf6aae
Author: Jan Holesovsky <kendy at collabora.com>
Date: Wed Aug 2 23:18:28 2017 +0200
[revert API CHANGE] Actually the "format" is useful for the web forms...
Change-Id: I23b053240855888dc09b531f92e0a4fbbed69329
Reviewed-on: https://gerrit.libreoffice.org/40695
Reviewed-by: pranavk <pranavk at collabora.co.uk>
Tested-by: pranavk <pranavk at collabora.co.uk>
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 64e7ea94..61509277 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -636,7 +636,13 @@ bool ClientSession::handleKitToClientMessage(const char* buffer, const int lengt
std::string encodedFilePath;
Poco::URI::encode(resultURL.getPath(), "", encodedFilePath);
LOG_TRC("Sending file: " << encodedFilePath);
- HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType);
+
+ const std::string fileName = Poco::Path(resultURL.getPath()).getFileName();
+ Poco::Net::HTTPResponse response;
+ if (!fileName.empty())
+ response.set("Content-Disposition", "attachment; filename=\"" + fileName + "\"");
+
+ HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType, response);
}
// Conversion is done, cleanup this fake session.
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 00eb3248..92c99154 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1866,14 +1866,17 @@ private:
auto socket = _socket.lock();
StringTokenizer tokens(request.getURI(), "/?");
- if (tokens.count() >= 4 && tokens[2] == "convert-to")
+ if (tokens.count() > 2 && tokens[2] == "convert-to")
{
std::string fromPath;
ConvertToPartHandler handler(fromPath, /*convertTo =*/ true);
HTMLForm form(request, message, handler);
- // extract the target format from the URI
- const std::string format = tokens[3];
+ std::string format = (form.has("format") ? form.get("format") : "");
+
+ // prefer what is in the URI
+ if (tokens.count() > 3)
+ format = tokens[3];
bool sent = false;
if (!fromPath.empty())
diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp
index aac3b1d1..e57d0684 100644
--- a/wsd/Storage.cpp
+++ b/wsd/Storage.cpp
@@ -197,14 +197,17 @@ std::unique_ptr<StorageBase> StorageBase::create(const Poco::URI& uri, const std
}
else
{
+ // guard against attempts to escape
+ Poco::URI normalizedUri(uri);
+ normalizedUri.normalize();
+
std::vector<std::string> pathSegments;
- Poco::URI(uri).getPathSegments(pathSegments);
+ normalizedUri.getPathSegments(pathSegments);
- // guard against attempts to escape
- if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to" && pathSegments[2] != ".." && pathSegments[3] != "..")
+ if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to")
{
- LOG_INF("Public URI [" << uri.toString() << "] is actually a convert-to tempfile.");
- return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath));
+ LOG_INF("Public URI [" << normalizedUri.toString() << "] is actually a convert-to tempfile.");
+ return std::unique_ptr<StorageBase>(new LocalStorage(normalizedUri, jailRoot, jailPath));
}
}
More information about the Libreoffice-commits
mailing list