[Libreoffice-commits] online.git: 2 commits - wsd/ClientSession.cpp wsd/LOOLWSD.cpp wsd/reference.txt wsd/Storage.cpp

Jan Holesovsky kendy at collabora.com
Mon Aug 7 09:40:22 UTC 2017 

 wsd/ClientSession.cpp |    5 +++++
 wsd/LOOLWSD.cpp       |   34 +++++++++++++++++++++++++++-------
 wsd/Storage.cpp       |   15 +++++++++++++++
 wsd/reference.txt     |   24 +++++++++++++++++++++---
 4 files changed, 68 insertions(+), 10 deletions(-)

New commits:
commit a59598050d378f599c989bee34e79b2bf8cb1c8f
Author: Jan Holesovsky <kendy at collabora.com>
Date:   Wed Aug 2 18:55:43 2017 +0200

    convert-to: Set the mimetype in the responses.
    
    Change-Id: Ib8dcad5f81499aec0ba147a3a4ef0b7a30995bcc

diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 5cdcaaf3..d4793e96 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -638,7 +638,12 @@ bool ClientSession::handleKitToClientMessage(const char* buffer, const int lengt
                 std::string encodedFilePath;
                 Poco::URI::encode(resultURL.getPath(), "", encodedFilePath);
                 LOG_TRC("Sending file: " << encodedFilePath);
+
+                const std::string fileName = Poco::Path(resultURL.getPath()).getFileName();
                 Poco::Net::HTTPResponse response;
+                if (!fileName.empty())
+                    response.set("Content-Disposition", "attachment; filename=\"" + fileName + "\"");
+
                 HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType, response);
             }
 
commit beffd4967acf760dccdaf7e1a0e6ebbea9932b6a
Author: Jan Holesovsky <kendy at collabora.com>
Date:   Wed Aug 2 18:55:43 2017 +0200

    convert-to: New features in the convert-to functionality.
    
    * Add possibility to omit the 'format' parameter
    * Allow it even when the 'file' storage is disabled
    
    Change-Id: Ib8dcad5f81499aec0ba147a3a4ef0b7a30995bcc

diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 2852fb7a..d38918fd 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -449,9 +449,14 @@ std::shared_ptr<ChildProcess> getNewChild_Blocks()
 class ConvertToPartHandler : public PartHandler
 {
     std::string& _filename;
+
+    /// Is it really a convert-to, ie. use an especially formed path?
+    bool _convertTo;
+
 public:
-    ConvertToPartHandler(std::string& filename)
+    ConvertToPartHandler(std::string& filename, bool convertTo = false)
         : _filename(filename)
+        , _convertTo(convertTo)
     {
     }
 
@@ -469,7 +474,8 @@ public:
         if (!params.has("filename"))
             return;
 
-        Path tempPath = Path::forDirectory(Poco::TemporaryFile::tempName() + "/");
+        Path tempPath = _convertTo? Path::forDirectory(Poco::TemporaryFile::tempName("/tmp/convert-to") + "/") :
+                                    Path::forDirectory(Poco::TemporaryFile::tempName() + "/");
         File(tempPath).createDirectories();
         // Prevent user inputting anything funny here.
         // A "filename" should always be a filename, not a path
@@ -1737,9 +1743,18 @@ private:
         }
         catch (const std::exception& exc)
         {
-            // TODO: Send back failure.
+            // Bad request.
+            std::ostringstream oss;
+            oss << "HTTP/1.1 400\r\n"
+                << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
+                << "User-Agent: LOOLWSD WOPI Agent\r\n"
+                << "Content-Length: 0\r\n"
+                << "\r\n";
+            socket->send(oss.str());
+            socket->shutdown();
+
             // NOTE: Check _wsState to choose between HTTP response or WebSocket (app-level) error.
-            LOG_ERR("#" << socket->getFD() << " Exception while processing incoming request: [" <<
+            LOG_INF("#" << socket->getFD() << " Exception while processing incoming request: [" <<
                     LOOLProtocol::getAbbreviatedMessage(in) << "]: " << exc.what());
         }
 
@@ -1866,12 +1881,17 @@ private:
         auto socket = _socket.lock();
 
         StringTokenizer tokens(request.getURI(), "/?");
-        if (tokens.count() >= 3 && tokens[2] == "convert-to")
+        if (tokens.count() > 2 && tokens[2] == "convert-to")
         {
             std::string fromPath;
-            ConvertToPartHandler handler(fromPath);
+            ConvertToPartHandler handler(fromPath, /*convertTo =*/ true);
             HTMLForm form(request, message, handler);
-            const std::string format = (form.has("format") ? form.get("format") : "");
+
+            std::string format = (form.has("format") ? form.get("format") : "");
+
+            // prefer what is in the URI
+            if (tokens.count() > 3)
+                format = tokens[3];
 
             bool sent = false;
             if (!fromPath.empty())
diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp
index b64b6431..47c81748 100644
--- a/wsd/Storage.cpp
+++ b/wsd/Storage.cpp
@@ -195,6 +195,21 @@ std::unique_ptr<StorageBase> StorageBase::create(const Poco::URI& uri, const std
         {
             return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath));
         }
+        else
+        {
+            // guard against attempts to escape
+            Poco::URI normalizedUri(uri);
+            normalizedUri.normalize();
+
+            std::vector<std::string> pathSegments;
+            normalizedUri.getPathSegments(pathSegments);
+
+            if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to")
+            {
+                LOG_INF("Public URI [" << normalizedUri.toString() << "] is actually a convert-to tempfile.");
+                return std::unique_ptr<StorageBase>(new LocalStorage(normalizedUri, jailRoot, jailPath));
+            }
+        }
 
         LOG_ERR("Local Storage is disabled by default. Enable in the config file or on the command-line to enable.");
     }
diff --git a/wsd/reference.txt b/wsd/reference.txt
index 5c706621..0f70035b 100644
--- a/wsd/reference.txt
+++ b/wsd/reference.txt
@@ -2,9 +2,27 @@ LibreOffice Online API
 =======================
 
 Document conversion:
-    - API: HTTP POST to /lool/convert-to
-        - parameters: format=<format> (see e.g. "png", "pdf" or "txt"), and the file itself in the payload
-    - example: curl -F "data=@test.txt" -F "format=pdf" https://localhost:9980/lool/convert-to
+    - API: HTTP POST to /lool/convert-to/<format>
+        - the format is e.g. "png", "pdf" or "txt"
+        - the file itself in the payload
+    - example
+        - curl -F "data=@test.txt" https://localhost:9980/lool/convert-to/docx > out.docx
+	- or in html:
+          <form action="https://localhost:9980/lool/convert-to/docx" enctype="multipart/form-data" method="post">
+              File: <input type="file" name="data"><br/>
+              <input type="submit" value="Convert to DOCX">
+          </form>
+
+    - alternatively you can omit the <format>, and instead
+      provide it as another parameter
+    - example
+        - curl -F "data=@test.odt" -F "format=pdf" https://localhost:9980/lool/convert-to > out.pdf
+        - or in html:
+          <form action="https://localhost:9980/lool/convert-to" enctype="multipart/form-data" method="post">
+              File: <input type="file" name="data"><br/>
+              Format: <input type="text" name="format"><br/>
+              <input type="submit" value="Convert">
+          </form>
 
 WOPI Extensions
 ===============

More information about the Libreoffice-commits mailing list