Compare commits
7 Commits
v0.2.1-rc1
...
master
Author | SHA1 | Date |
---|---|---|
Xavier Del Campo Romero | 32af8ddd3d | |
Xavier Del Campo Romero | b4572c6217 | |
Xavier Del Campo Romero | fb8896bccd | |
Xavier Del Campo Romero | dd29f9096a | |
Xavier Del Campo Romero | 8bcf0bf855 | |
Xavier Del Campo Romero | afc5cf0dfc | |
Xavier Del Campo Romero | b7f232366c |
|
@ -59,13 +59,13 @@ to `slcl`. If required, encryption should be done before uploading e.g.: using
|
|||
#### Mandatory packages
|
||||
|
||||
```sh
|
||||
sudo apt install build-essential libcjson-dev libssl-dev
|
||||
sudo apt install build-essential libcjson-dev libssl-dev m4 jq
|
||||
```
|
||||
|
||||
#### Optional packages
|
||||
|
||||
```sh
|
||||
sudo apt install cmake xxd jq
|
||||
sudo apt install cmake
|
||||
```
|
||||
|
||||
## How to use
|
||||
|
@ -90,9 +90,8 @@ $ make
|
|||
#### CMake
|
||||
|
||||
```sh
|
||||
$ mkdir build/
|
||||
$ cmake ..
|
||||
$ cmake --build .
|
||||
$ cmake -B build
|
||||
$ cmake --build build/
|
||||
```
|
||||
|
||||
### Setting up
|
||||
|
|
39
main.c
39
main.c
|
@ -395,16 +395,22 @@ static bool path_isrel(const char *const path)
|
|||
{
|
||||
if (!strcmp(path, "..")
|
||||
|| !strcmp(path, ".")
|
||||
|| !strcmp(path, "./")
|
||||
|| !strcmp(path, "../")
|
||||
|| !strncmp(path, "./", strlen("./"))
|
||||
|| !strncmp(path, "../", strlen("../"))
|
||||
|| strstr(path, "/./")
|
||||
|| strstr(path, "/../"))
|
||||
return true;
|
||||
|
||||
static const char suffix[] = "/..";
|
||||
const size_t n = strlen(path), sn = strlen(suffix);
|
||||
static const char *const suffixes[] = {"/.", "/.."};
|
||||
|
||||
if (n >= sn && !strcmp(path + n - sn, suffix))
|
||||
return true;
|
||||
for (size_t i = 0; i < sizeof suffixes / sizeof *suffixes; i++)
|
||||
{
|
||||
const char *const suffix = suffixes[i];
|
||||
const size_t n = strlen(path), sn = strlen(suffix);
|
||||
|
||||
if (n >= sn && !strcmp(path + n - sn, suffix))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -429,7 +435,8 @@ static int getpublic(const struct http_payload *const p,
|
|||
{
|
||||
int ret = -1;
|
||||
struct auth *const a = user;
|
||||
const char *const adir = auth_dir(a);
|
||||
const char *const adir = auth_dir(a),
|
||||
*const file = p->resource + strlen("/public/");
|
||||
struct dynstr d;
|
||||
|
||||
dynstr_init(&d);
|
||||
|
@ -439,6 +446,13 @@ static int getpublic(const struct http_payload *const p,
|
|||
fprintf(stderr, "%s: auth_dir failed\n", __func__);
|
||||
goto end;
|
||||
}
|
||||
else if (!*file || filename_invalid(file))
|
||||
{
|
||||
fprintf(stderr, "%s: invalid filename %s\n",
|
||||
__func__, p->resource);
|
||||
ret = page_forbidden(r);
|
||||
goto end;
|
||||
}
|
||||
else if (path_invalid(p->resource))
|
||||
{
|
||||
fprintf(stderr, "%s: illegal relative path %s\n",
|
||||
|
@ -897,7 +911,16 @@ static int check_length(const unsigned long long len,
|
|||
bool has_quota;
|
||||
unsigned long long quota;
|
||||
|
||||
if (auth_quota(a, username, &has_quota, "a))
|
||||
if (auth_cookie(a, c))
|
||||
{
|
||||
fprintf(stderr, "%s: auth_cookie failed\n", __func__);
|
||||
|
||||
if (page_forbidden(r))
|
||||
return -1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
else if (auth_quota(a, username, &has_quota, "a))
|
||||
{
|
||||
fprintf(stderr, "%s: auth_quota failed\n", __func__);
|
||||
return -1;
|
||||
|
|
18
page.c
18
page.c
|
@ -1305,7 +1305,15 @@ static int serve_file(struct http_response *const r,
|
|||
dynstr_init(&b);
|
||||
dynstr_init(&d);
|
||||
|
||||
if (dynstr_append(&b, "%s", res))
|
||||
if (preview)
|
||||
{
|
||||
if (dynstr_append(&d, "inline"))
|
||||
{
|
||||
fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
else if (dynstr_append(&b, "%s", res))
|
||||
{
|
||||
fprintf(stderr, "%s: dynstr_append res failed\n", __func__);
|
||||
goto end;
|
||||
|
@ -1315,14 +1323,6 @@ static int serve_file(struct http_response *const r,
|
|||
fprintf(stderr, "%s: basename(3) failed\n", __func__);
|
||||
goto end;
|
||||
}
|
||||
else if (preview)
|
||||
{
|
||||
if (dynstr_append(&d, "inline"))
|
||||
{
|
||||
fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
else if (dynstr_append(&d, "attachment; filename=\"%s\"", bn))
|
||||
{
|
||||
fprintf(stderr, "%s: dynstr_append attachment failed\n", __func__);
|
||||
|
|
Loading…
Reference in New Issue