/*
- * Copyright (C) 2010-2014 jeanfi@gmail.com
+ * Copyright (C) 2010-2016 jeanfi@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
#include <libintl.h>
#define _(str) gettext(str)
+#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
if (page) {
*rp_code = MHD_HTTP_OK;
- resp = MHD_create_response_from_data(strlen(page), page,
- MHD_YES, MHD_NO);
+ resp = MHD_create_response_from_buffer(strlen(page),
+ page,
+ MHD_RESPMEM_MUST_FREE);
MHD_add_response_header(resp, MHD_HTTP_HEADER_CONTENT_TYPE,
"application/json");
if (!st.st_size) {
fclose(file);
- return MHD_create_response_from_data
- (0, NULL, MHD_NO, MHD_NO);
+ return MHD_create_response_from_buffer
+ (0, NULL, 0);
}
return MHD_create_response_from_callback
return NULL;
}
+static int is_access_allowed(char *path)
+{
+ char *rpath;
+ int n, ret;
+
+ rpath = realpath(path, NULL);
+ if (rpath) {
+ n = strlen(server_data.www_dir);
+ if (!strncmp(server_data.www_dir, rpath, n)
+ || !strcmp(rpath,
+ "/usr/share/javascript/jquery/jquery.js")) {
+ ret = 1;
+ } else {
+ ret = 0;
+
+ log_err(_("Resource access refused %s real path is %s"),
+ path,
+ rpath);
+ }
+
+ free(rpath);
+ } else {
+ log_err(_("Cannot get real path of %s"), path);
+
+ ret = 0;
+ }
+
+ return ret;
+}
+
static struct MHD_Response *
create_response(const char *nurl, const char *method, unsigned int *rp_code)
{
} else {
fpath = get_path(nurl, server_data.www_dir);
- resp = create_response_file(nurl, method, rp_code, fpath);
+ if (is_access_allowed(fpath))
+ resp = create_response_file(nurl,
+ method,
+ rp_code,
+ fpath);
free(fpath);
}
page = strdup(PAGE_NOT_FOUND);
*rp_code = MHD_HTTP_NOT_FOUND;
- return MHD_create_response_from_data(strlen(page),
- page,
- MHD_YES,
- MHD_NO);
+ return MHD_create_response_from_buffer(strlen(page),
+ page,
+ MHD_RESPMEM_MUST_FREE);
}
static int cbk_http_request(void *cls,
if (&dummy != *ptr) {
/* The first time only the headers are valid, do not
- respond in the first round... */
+ * respond in the first round...
+ */
*ptr = &dummy;
return MHD_YES;
}
switch (optc) {
case 'w':
if (optarg)
- server_data.www_dir = strdup(optarg);
+ server_data.www_dir = realpath(optarg, NULL);
break;
case 'p':
if (optarg)
exit(EXIT_FAILURE);
}
- if (!server_data.www_dir)
- server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+ if (!server_data.www_dir) {
+ server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+ if (!server_data.www_dir) {
+ fprintf(stderr,
+ _("Webserver directory does not exist.\n"));
+ exit(EXIT_FAILURE);
+ }
+ }
if (!log_file)
log_file = strdup(DEFAULT_LOG_FILE);
server_data.cpu_usage = create_cpu_usage_sensor(600);
#endif
- if (!*server_data.sensors)
+ if (!server_data.sensors || !*server_data.sensors)
log_err(_("No sensors detected."));
d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION,
projects / psensor.git / blobdiff