|
|
|
|
@ -117,54 +117,65 @@ SETDEFAULTS_FUNC(mod_alias_set_defaults) {
|
|
|
|
|
return HANDLER_GO_ON;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static handler_t
|
|
|
|
|
mod_alias_remap (request_st * const r, const array * const aliases)
|
|
|
|
|
{
|
|
|
|
|
/* do not include trailing slash on basedir */
|
|
|
|
|
uint32_t basedir_len = buffer_string_length(&r->physical.basedir);
|
|
|
|
|
if ('/' == r->physical.basedir.ptr[basedir_len-1]) --basedir_len;
|
|
|
|
|
|
|
|
|
|
const uint32_t path_len = buffer_string_length(&r->physical.path);
|
|
|
|
|
if (0 == path_len || path_len < basedir_len) return HANDLER_GO_ON;
|
|
|
|
|
|
|
|
|
|
const uint32_t uri_len = path_len - basedir_len;
|
|
|
|
|
const char * const uri_ptr = r->physical.path.ptr + basedir_len;
|
|
|
|
|
data_string * const ds = (data_string *)
|
|
|
|
|
(!r->conf.force_lowercase_filenames
|
|
|
|
|
? array_match_key_prefix_klen(aliases, uri_ptr, uri_len)
|
|
|
|
|
: array_match_key_prefix_nc_klen(aliases, uri_ptr, uri_len));
|
|
|
|
|
if (NULL == ds) return HANDLER_GO_ON;
|
|
|
|
|
|
|
|
|
|
/* matched */
|
|
|
|
|
|
|
|
|
|
const uint32_t alias_len = buffer_string_length(&ds->key);
|
|
|
|
|
const uint32_t vlen = buffer_string_length(&ds->value);
|
|
|
|
|
|
|
|
|
|
/* check for path traversal in url-path following alias if key
|
|
|
|
|
* does not end in slash, but replacement value ends in slash */
|
|
|
|
|
if (uri_ptr[alias_len] == '.') {
|
|
|
|
|
const char *s = uri_ptr + alias_len + 1;
|
|
|
|
|
if (*s == '.') ++s;
|
|
|
|
|
if (*s == '/' || *s == '\0') {
|
|
|
|
|
if (0 != alias_len && ds->key.ptr[alias_len-1] != '/'
|
|
|
|
|
&& 0 != vlen && ds->value.ptr[vlen-1] == '/') {
|
|
|
|
|
r->http_status = 403;
|
|
|
|
|
return HANDLER_FINISHED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*(not buffer_append_path_len();
|
|
|
|
|
* alias could be prefix instead of complete path segment,
|
|
|
|
|
* (though resulting r->physical.basedir would not be a dir))*/
|
|
|
|
|
if (vlen != basedir_len + alias_len) {
|
|
|
|
|
const uint32_t nlen = vlen + uri_len - alias_len;
|
|
|
|
|
if (path_len + buffer_string_space(&r->physical.path) < nlen)
|
|
|
|
|
buffer_string_prepare_append(&r->physical.path, nlen - path_len);
|
|
|
|
|
memmove(r->physical.path.ptr + vlen,
|
|
|
|
|
uri_ptr + alias_len, uri_len - alias_len);
|
|
|
|
|
buffer_string_set_length(&r->physical.path, nlen);
|
|
|
|
|
}
|
|
|
|
|
memcpy(r->physical.path.ptr, ds->value.ptr, vlen);
|
|
|
|
|
|
|
|
|
|
buffer_copy_string_len(&r->physical.basedir, ds->value.ptr, vlen);
|
|
|
|
|
|
|
|
|
|
return HANDLER_GO_ON;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PHYSICALPATH_FUNC(mod_alias_physical_handler) {
|
|
|
|
|
plugin_data *p = p_d;
|
|
|
|
|
char *uri_ptr;
|
|
|
|
|
size_t uri_len = buffer_string_length(&r->physical.path);
|
|
|
|
|
size_t basedir_len, alias_len;
|
|
|
|
|
data_string *ds;
|
|
|
|
|
|
|
|
|
|
if (0 == uri_len) return HANDLER_GO_ON;
|
|
|
|
|
|
|
|
|
|
mod_alias_patch_config(r, p);
|
|
|
|
|
if (NULL == p->conf.alias) return HANDLER_GO_ON;
|
|
|
|
|
|
|
|
|
|
/* do not include trailing slash on basedir */
|
|
|
|
|
basedir_len = buffer_string_length(&r->physical.basedir);
|
|
|
|
|
if ('/' == r->physical.basedir.ptr[basedir_len-1]) --basedir_len;
|
|
|
|
|
uri_len -= basedir_len;
|
|
|
|
|
uri_ptr = r->physical.path.ptr + basedir_len;
|
|
|
|
|
|
|
|
|
|
ds = (!r->conf.force_lowercase_filenames)
|
|
|
|
|
? (data_string *)array_match_key_prefix_klen(p->conf.alias, uri_ptr, uri_len)
|
|
|
|
|
: (data_string *)array_match_key_prefix_nc_klen(p->conf.alias, uri_ptr, uri_len);
|
|
|
|
|
if (NULL == ds) { return HANDLER_GO_ON; }
|
|
|
|
|
|
|
|
|
|
/* matched */
|
|
|
|
|
|
|
|
|
|
/* check for path traversal in url-path following alias if key
|
|
|
|
|
* does not end in slash, but replacement value ends in slash */
|
|
|
|
|
alias_len = buffer_string_length(&ds->key);
|
|
|
|
|
if (uri_ptr[alias_len] == '.') {
|
|
|
|
|
char *s = uri_ptr + alias_len + 1;
|
|
|
|
|
if (*s == '.') ++s;
|
|
|
|
|
if (*s == '/' || *s == '\0') {
|
|
|
|
|
size_t vlen = buffer_string_length(&ds->value);
|
|
|
|
|
if (0 != alias_len && ds->key.ptr[alias_len-1] != '/'
|
|
|
|
|
&& 0 != vlen && ds->value.ptr[vlen-1] == '/') {
|
|
|
|
|
r->http_status = 403;
|
|
|
|
|
return HANDLER_FINISHED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buffer * const tb = r->tmp_buf;
|
|
|
|
|
buffer_copy_buffer(&r->physical.basedir, &ds->value);
|
|
|
|
|
buffer_copy_buffer(tb, &ds->value);
|
|
|
|
|
buffer_append_string(tb, uri_ptr + alias_len);
|
|
|
|
|
buffer_copy_buffer(&r->physical.path, tb);
|
|
|
|
|
|
|
|
|
|
return HANDLER_GO_ON;
|
|
|
|
|
plugin_data * const p = p_d;
|
|
|
|
|
mod_alias_patch_config(r, p);
|
|
|
|
|
return p->conf.alias ? mod_alias_remap(r, p->conf.alias) : HANDLER_GO_ON;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
