Branch: Tag:

2002-06-17

2002-06-17 09:36:34 by Anders Johansson <anders@roxen.com>

Implemented some error handling in try_get_file() and load_layers() in order to solve [bug 2410 (#2410)].

Rev: server/base_server/configuration.pike:1.520
Rev: server/base_server/prototypes.pike:1.51
Rev: server/base_server/roxen.pike:1.797
Rev: server/etc/modules/LazyImage.pmod/module.pmod:1.7
Rev: server/modules/graphics/cimg.pike:1.50
Rev: server/modules/graphics/gbutton.pike:1.95

6:   // Per Hedbor, Henrik Grubbström, Pontus Hagland, David Hedbor and others.   // ABS and suicide systems contributed freely by Francesco Chemolli    - constant cvs_version="$Id: roxen.pike,v 1.796 2002/06/13 11:34:13 jonasw Exp $"; + constant cvs_version="$Id: roxen.pike,v 1.797 2002/06/17 09:36:31 anders Exp $";      // The argument cache. Used by the image cache.   ArgCache argcache;
2221:    return what;    }    -  static void draw( string name, RequestID id ) +  static void|mapping draw( string name, RequestID id )    {   #ifdef ARG_CACHE_DEBUG    werror("draw %O\n", name );
2708:    }    else if( mappingp(reply) )    { +  // This could be an error from get_file() +  if(reply->error) +  return reply;    meta = reply->meta;    data = reply->data;    if( !meta || !data )
2951:    {    mixed err;    if (nodraw || (err = catch { -  draw( na, id ); +  if (mapping res = draw( na, id )) +  return res;    })) {    // File not found.    if(arrayp(err) && sizeof(err) && stringp(err[0]) &&
4001:    return low_decode_image( data );   }    - array(Image.Layer) load_layers(string f, RequestID id, mapping|void opt) + array(Image.Layer)|mapping load_layers(string f, RequestID id, mapping|void opt)   {    string data;    Stdio.File file; -  +  mapping res = ([]);    if(id->misc->_load_image_called < 5)    {    // We were recursing very badly with the demo module here...    id->misc->_load_image_called++; -  if(!(data=id->conf->try_get_file(f, id))) +  if(!(data=id->conf->try_get_file(f, id, 0, 0, 0, res)))    {    // This is a major security hole! It can load any (image) file    // in the low-level file system using the server's user privileges.
4023:    };   // #endif    if( !data ) -  return 0; +  return res;    }    }    id->misc->_load_image_called = 0; -  if(!data) return 0; +  if(!data) return res;    return decode_layers( data, opt );   }