bbs/magicka
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix tinys crashes.

Browse Source
This commit is contained in:
Andrew Pamment 2018-02-22 21:27:50 +10:00
parent 836d30a46c
commit a3476238d4
2 changed files with 118 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/www.c
View File

@ -897,24 +897,24 @@ int www_handler(void * cls, struct MHD_Connection * connection, const char * url
if (conf.file_directories[file_dir]->display_on_web) { if (conf.file_directories[file_dir]->display_on_web) {
// send file // send file
filename = www_files_get_from_area(file_dir, file_sub, filen); filename = www_files_get_from_area(file_dir, file_sub, filen);
mime = NULL;
// get mimetype
for (i=strlen(filename);i>0;--i) {
if (filename[i] == '.') {
mime = www_get_mime_type(&filename[i+1]);
break;
}
if (filename[i] == '/') {
mime = www_get_mime_type(NULL);
break;
}
}
if (mime = NULL) {
mime = www_get_mime_type(NULL);
}
free(filen); free(filen);
if (filename != NULL) { if (filename != NULL) {
mime = NULL;
// get mimetype
for (i=strlen(filename);i>0;--i) {
if (filename[i] == '.') {
mime = www_get_mime_type(&filename[i+1]);
break;
}
if (filename[i] == '/') {
mime = www_get_mime_type(NULL);
break;
}
}
if (mime = NULL) {
mime = www_get_mime_type(NULL);
}
if (stat(filename, &s) == 0 && S_ISREG(s.st_mode)) { if (stat(filename, &s) == 0 && S_ISREG(s.st_mode)) {
fno = open(filename, O_RDONLY); fno = open(filename, O_RDONLY);
if (fno != -1) { if (fno != -1) {

107
src/www_files.c
View File

@ -11,6 +11,57 @@ extern struct bbs_config conf;
extern struct user_record *gUser; extern struct user_record *gUser;
extern char * aha(char *input); extern char * aha(char *input);
static char *www_decode(char *clean_url) {
char *url = (char *)malloc(strlen(clean_url) + 1);
int i;
int j = 0;
unsigned char c;
if (clean_url == NULL) {
free(url);
return NULL;
}
for (i=0;i<strlen(clean_url);i++) {
if (clean_url[i] == '%') {
c = clean_url[i+1] * 16 + clean_url[i+2];
url[j++] = (char)c;
url[j] = '\0';
i+=2;
} else {
url[j++] = clean_url[i];
url[j] = '\0';
}
}
return url;
}
static char *www_encode(char *url) {
char *clean_url = (char *)malloc(strlen(url) * 3 + 1);
int i;
int j;
if (url == NULL) {
free(clean_url);
return NULL;
}
j = 0;
memset(clean_url, 0, strlen(url) * 3);
for (i=0;i<strlen(url);i++) {
if (isalnum(url[i]) || url[i] == '~' || url[i] == '.' || url[i] == '_') {
sprintf(&clean_url[j], "%c", url[i]);
j++;
} else {
sprintf(&clean_url[j], "%%%02X", url[i]);
j+=3;
}
}
return clean_url;
}
void www_expire_old_links() { void www_expire_old_links() {
char buffer[PATH_MAX]; char buffer[PATH_MAX];
sqlite3 *db; sqlite3 *db;
@ -243,6 +294,7 @@ char *www_files_display_listing(int dir, int sub) {
sqlite3_stmt *res; sqlite3_stmt *res;
int rc; int rc;
int i; int i;
char *clean_url;
page = (char *)malloc(4096); page = (char *)malloc(4096);
max_len = 4096; max_len = 4096;
@ -281,7 +333,9 @@ char *www_files_display_listing(int dir, int sub) {
while (sqlite3_step(res) == SQLITE_ROW) { while (sqlite3_step(res) == SQLITE_ROW) {
filename = strdup(sqlite3_column_text(res, 1)); filename = strdup(sqlite3_column_text(res, 1));
snprintf(buffer, 4096, "<tr><td class=\"filename\"><a href=\"%sfiles/areas/%d/%d/%s\">%s</a></td>", conf.www_url, dir, sub, basename(filename), basename(filename)); clean_url = www_encode(basename(filename));
snprintf(buffer, 4096, "<tr><td class=\"filename\"><a href=\"%sfiles/areas/%d/%d/%s\">%s</a></td>", conf.www_url, dir, sub, basename(clean_url), basename(filename));
free(clean_url);
free(filename); free(filename);
if (len + strlen(buffer) > max_len - 1) { if (len + strlen(buffer) > max_len - 1) {
max_len += 4096; max_len += 4096;
@ -410,17 +464,60 @@ char *www_files_areas() {
return page; return page;
} }
char *www_files_get_from_area(int dir, int sub, char *file) { char *www_files_get_from_area(int dir, int sub, char *clean_file) {
char *sql = "SELECT filename FROM files WHERE approved=1 AND filename LIKE ?"; char *sql = "SELECT filename FROM files WHERE approved=1 AND filename LIKE ? ESCAPE \"^\"";
char *filenamelike; char *filenamelike;
sqlite3 *db; sqlite3 *db;
sqlite3_stmt *res; sqlite3_stmt *res;
int rc; int rc;
char buffer[PATH_MAX]; char buffer[PATH_MAX];
char *ret = NULL; char *ret = NULL;
int i;
int extra = 0;
int j;
char *file;
filenamelike = (char *)malloc(strlen(file) + 3); file = www_decode(clean_file);
sprintf(filenamelike, "%%/%s", file);
for (i=0;i<strlen(file);i++) {
if (file[i] == '^' || file[i] == '%' || file[i] == '_') {
extra++;
}
}
filenamelike = (char *)malloc(strlen(file) + 3 + extra);
i = 0;
filenamelike[i++] = '%';
filenamelike[i] = '\0';
for (j = 0; j < strlen(file); j++) {
switch(file[j]) {
case '^':
filenamelike[i++] = '^';
filenamelike[i++] = '^';
filenamelike[i] = '\0';
break;
case '_':
filenamelike[i++] = '^';
filenamelike[i++] = '_';
filenamelike[i] = '\0';
break;
case '%':
filenamelike[i++] = '^';
filenamelike[i++] = '%';
filenamelike[i] = '\0';
break;
default:
filenamelike[i++] = file[j];
filenamelike[i] = '\0';
break;
}
}
// sprintf(filenamelike, "%%/%s", file);
free(file);
snprintf(buffer, PATH_MAX, "%s/%s.sq3", conf.bbs_path, conf.file_directories[dir]->file_subs[sub]->database); snprintf(buffer, PATH_MAX, "%s/%s.sq3", conf.bbs_path, conf.file_directories[dir]->file_subs[sub]->database);