Roxen.git / server / modules / filesystems / filesystem.pike

version» Context lines:

Roxen.git/server/modules/filesystems/filesystem.pike:932:    /* Adjust not_query */    id->not_query = mountpoint + f;   #endif /* constant(System.normalize_path) */    };       // NOTE: Sets id->misc->stat.    size = _file_size( f, id );       FILESYSTEM_WERR(sprintf("_file_size(%O, %O) ==> %d\n", f, id, size));    +  if(!id->misc->internal_get) { +  if (!dotfiles && sizeof(filter(f/"/", has_prefix, "."))) { +  TRACE_LEAVE("Path contains .-file or .-directory."); +  return 0; +  } +  if (FILTER_INTERNAL_FILE (f, id)) { +  id->misc->error_code = 405; +  TRACE_LEAVE ("Is internal file"); +  return 0; +  } +  } +     /*    * FIXME: Should probably move path-info extraction here.    * /grubba 1998-08-26    */       switch(id->method)    {    case "GET":    case "HEAD":    case "POST":
Roxen.git/server/modules/filesystems/filesystem.pike:961:    case 2:    TRACE_LEAVE("Is directory");    return -1; /* Is dir */       default:    if( oldf[ -1 ] == '/' || /* Trying to access file with '/' appended */    !norm_f) { /* Or a file that is not normalizable. */    return 0;    }    -  if(!id->misc->internal_get) -  { -  if (!dotfiles -  && sizeof (tmp = (id->not_query/"/")[-1]) -  && tmp[0] == '.') -  { -  TRACE_LEAVE("Is .-file"); -  return 0; -  } -  if (FILTER_INTERNAL_FILE (f, id)) -  { -  TRACE_LEAVE ("Is internal file"); -  return 0; -  } -  } -  +     TRACE_ENTER("Opening file \"" + f + "\"", 0);       SETUID_TRACE("Open file", 1);       o = Stdio.File( );    if(!o->open(norm_f, "r" )) o = 0;    privs = 0;       if(!o || (no_symlinks && (contains_symlinks(path, f))))    {
Roxen.git/server/modules/filesystems/filesystem.pike:1048:    return 0;   #else /* !1 */    if(!query("put"))    {    id->misc->error_code = 405;    TRACE_LEAVE(sprintf("%s disallowed (since PUT is disallowed)",    id->method));    return 0;    }    -  if (FILTER_INTERNAL_FILE (f, id)) { -  id->misc->error_code = 405; -  TRACE_LEAVE(sprintf("%s disallowed (since the dir name matches internal file glob)", -  id->method)); -  return 0; -  } -  +     if (size != -1) {    TRACE_LEAVE(sprintf("%s failed. Directory name already exists. ",    id->method));    if (id->method == "MKCOL") {    return Roxen.http_status(405,    "Collection already exists.");    }    return 0;    }   
Roxen.git/server/modules/filesystems/filesystem.pike:1132:    break;       case "PUT":    if(!query("put"))    {    id->misc->error_code = 405;    TRACE_LEAVE("PUT disallowed");    return 0;    }    -  if (FILTER_INTERNAL_FILE (f, id)) { -  id->misc->error_code = 405; -  TRACE_LEAVE("PUT of internal file is disallowed"); -  return 0; -  } -  +     if (mapping(string:mixed) ret = write_access(f, 0, id)) {    TRACE_LEAVE("PUT: Locked");    return ret;    }       if (size == -2) {    // RFC 4918 9.7.2:    // A PUT request to an existing collection MAY be treated as an    // error (405 Method Not Allowed).    id->misc->error_code = 405;
Roxen.git/server/modules/filesystems/filesystem.pike:1256:    // Change permission of a file.    // FIXME: !!       if(!query("put"))    {    id->misc->error_code = 405;    TRACE_LEAVE("CHMOD disallowed (since PUT is disallowed)");    return 0;    }    -  if (FILTER_INTERNAL_FILE (f, id)) { -  id->misc->error_code = 405; -  TRACE_LEAVE("CHMOD of internal file is disallowed"); -  return 0; -  } -  +     if (mapping(string:mixed) ret = write_access(f, 0, id)) {    TRACE_LEAVE("CHMOD: Locked");    return ret;    }       SETUID_TRACE("CHMODing file", 0);       if (query("no_symlinks") && (contains_symlinks(path, f))) {    privs = 0;    errors++;
Roxen.git/server/modules/filesystems/filesystem.pike:1335:    !has_prefix(id->misc->move_from, mountpoint) ||    !(movefrom = id->conf->real_file(id->misc->move_from, id))) {    id->misc->error_code = 405;    errors++;    TRACE_LEAVE("MV: No source file");    return 0;    }       string relative_from = id->misc->move_from[sizeof(mountpoint)..];    -  if (FILTER_INTERNAL_FILE (movefrom, id) || -  FILTER_INTERNAL_FILE (f, id)) { +  if (!dotfiles && sizeof(filter(relative_from/"/", has_prefix, "."))) { +  TRACE_LEAVE("From-path contains .-file or .-directory."); +  return 0; +  } +  if (FILTER_INTERNAL_FILE(relative_from, id)) {    id->misc->error_code = 405; -  TRACE_LEAVE("MV to or from internal file is disallowed"); +  TRACE_LEAVE("MV from internal file is disallowed.");    return 0;    }       if (query("no_symlinks") &&    ((contains_symlinks(path, f)) ||    (contains_symlinks(path, id->misc->move_from)))) {    errors++;    TRACE_LEAVE("MV: Contains symlinks. Permission denied");    return Roxen.http_status(403, "Permission denied.");    }
Roxen.git/server/modules/filesystems/filesystem.pike:1423:    return(0);    }    new_uri = new_uri[sizeof(mountpoint)..];    string moveto = real_path(new_uri, id);       // Workaround for Linux, Tru64 and FreeBSD.    if (has_suffix(moveto, "/")) {    moveto = moveto[..sizeof(moveto)-2];    }    -  if (FILTER_INTERNAL_FILE (f, id) || -  FILTER_INTERNAL_FILE (new_uri, id)) { +  if (!dotfiles && sizeof(filter(new_uri/"/", has_prefix, "."))) { +  TRACE_LEAVE("Path contains .-file or .-directory."); +  return 0; +  } +  if (FILTER_INTERNAL_FILE (new_uri, id)) {    id->misc->error_code = 405; -  TRACE_LEAVE("MOVE to or from internal file is disallowed"); +  TRACE_LEAVE("MOVE to internal file is disallowed");    return 0;    }       if (query("no_symlinks") &&    ((contains_symlinks(path, norm_f)) ||    (contains_symlinks(path, moveto)))) {    privs = 0;    errors++;    TRACE_LEAVE("MOVE: Contains symlinks. Permission denied");    return Roxen.http_status(403, "Permission denied.");
Roxen.git/server/modules/filesystems/filesystem.pike:1555:    TRACE_LEAVE("DELETE: Not found");    return 0;    }    if(!query("delete"))    {    id->misc->error_code = 405;    TRACE_LEAVE("DELETE: Disabled");    return 0;    }    -  if (FILTER_INTERNAL_FILE (f, id)) { -  id->misc->error_code = 405; -  TRACE_LEAVE("DELETE of internal file is disallowed"); -  return 0; -  } -  +     if (query("no_symlinks") && (contains_symlinks(path, f))) {    errors++;    report_error(LOCALE(48,"Deletion of %s failed. Permission denied.\n"),f);    TRACE_LEAVE("DELETE: Contains symlinks");    return Roxen.http_status(403, "Permission denied.");    }       if ((size < 0) &&    (String.trim_whites(id->request_headers->depth||"infinity") !=    "infinity")) {