Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:1:   // This file is part of Roxen WebServer.   // Copyright © 1996 - 2004, Roxen IS.   //   // The Roxen WebServer main program.   //   // Per Hedbor, Henrik Grubbström, Pontus Hagland, David Hedbor and others.   // ABS and suicide systems contributed freely by Francesco Chemolli    - constant cvs_version="$Id: roxen.pike,v 1.983 2008/09/15 16:27:27 mast Exp $"; + constant cvs_version="$Id: roxen.pike,v 1.984 2008/09/15 16:34:13 mast Exp $";      //! @appears roxen   //!   //! The Roxen WebServer main program.      // The argument cache. Used by the image cache.   ArgCache argcache;      // Some headerfiles   #define IN_ROXEN
Roxen.git/server/base_server/roxen.pike:4760:   array(Image.Layer)|mapping load_layers(string f, RequestID id, mapping|void opt)   {    string data;    mapping res = ([]);    if(id->misc->_load_image_called < 5)    {    // We were recursing very badly with the demo module here...    id->misc->_load_image_called++;    if(!(data=id->conf->try_get_file(f, id, 0, 0, 0, res)))    { -  // This is a major security hole! It can load any (image) file -  // in the low-level file system using the server's user privileges. -  // -  // file=Stdio.File(); -  // if(!file->open(f,"r") || !(data=file->read())) - // #ifdef THREADS -  if (mixed err = catch -  { -  data = Protocols.HTTP.get_url_nice( f )[1]; + #ifdef THREADS +  if (sscanf( f, "http://%[^/]", string host ) || +  sscanf (f, "https://%[^/]", host)) { +  if( sscanf( host, "%*s:%*d" ) != 2) +  host += ":80"; +  mapping hd = ([ +  "User-Agent":version(), +  "Host":host, +  ]); +  if (mixed err = catch { +  data = Protocols.HTTP.get_url_data( f, 0, hd );    })    werror (describe_backtrace (err)); - // #endif +  } + #endif    if( !data )    return res;    }    }    id->misc->_load_image_called = 0;    if(!data) return res;    return decode_layers( data, opt );   }      Image.Image load_image(string f, RequestID id)