27
/// Not used, Run is overriden instead
28
void tStaticFileSend::Action(const MYSTD::string & src)
28
void tStaticFileSend::ModContents(mstring & contents, cmstring &cmd)
30
StrSubst(contents, "$SERVERIP", GetHostname());
31
StrSubst(contents, "$SERVERPORT", acfg::port.c_str());
32
StrSubst(contents, "$REPAGE", SZPATHSEPUNIX + acfg::reportpage);
36
StrSubst(contents, "$FOOTER", footer);
38
if (contents.find("@") != stmiss)
41
// ok, needs a set of advanced variables
42
gethostname(buf, _countof(buf));
43
StrSubst(contents, "@H", buf);
44
if (acfg::exfailabort)
45
StrSubst(contents, "@A", "checked");
46
if (contents.find("@T") != stmiss)
48
StrSubst(contents, "@T", cmd.find("doCount") != stmiss
49
? aclog::GetStatReport()
32
56
void tStaticFileSend::Run(const string &cmd)
34
58
LOGSTART2("tStaticFileSend::Run", cmd);
38
62
if(!fr.OpenFile(acfg::confdir+SZPATHSEP+m_sFileName))
43
67
contents.assign(fr.GetBuffer(), fr.GetSize());
44
StrSubst(contents, "$SERVERIP", GetHostname());
45
StrSubst(contents, "$SERVERPORT", acfg::port.c_str());
46
StrSubst(contents, "$REPAGE", SZPATHSEPUNIX + acfg::reportpage);
50
StrSubst(contents, "$FOOTER", footer);
52
if(contents.find("@") != stmiss)
54
// ok, needs a set of advanced variables
55
gethostname(buf.wptr(), buf.freecapa());
56
StrSubst(contents, "@H",buf.rptr());
58
StrSubst(contents, "@A", "checked");
59
if(contents.find("@T") != stmiss)
61
StrSubst(contents, "@T",
62
cmd.find("doCount")!=stmiss ? aclog::GetStatReport() : szReportButton);
68
ModContents(contents, cmd);
67
71
buf << "HTTP/1.1 " << (m_sHttpCode ? m_sHttpCode : "200")
68
72
<< " OK\r\nConnection: close\r\nContent-Type: "
69
73
<< (m_sMimeType?m_sMimeType:"text/html")
71
75
SendRawData(buf.rptr(), buf.size(), MSG_MORE);
72
76
SendRawData(contents.data(), contents.length(), 0);
80
void tDeleter::ModContents(mstring & contents, cmstring &cmd)
82
#define BADCHARS "<>\"'|\t"
83
tStrPos qpos=cmd.find("?");
85
if(cmd.find_first_of(BADCHARS)!=stmiss // what the f..., XSS attempt?
92
bool bConfirmMode(stmiss==cmd.find("doDeleteYes"));
95
Tokenize(cmd.substr(qpos+1), "&", toks);
96
for(tStrVecIterConst it=toks.begin(); it!=toks.end(); it++)
99
if(startsWithSz(*it, "kf")
100
&& strtoul(it->c_str()+2, &sep, 10)>0
101
&& sep && '=' == *sep)
103
files.push_back(UrlDecode(sep+1));
107
// do stricter path checks and prepare the query page data
110
for(tStrVecIterConst it=files.begin(); it!=files.end(); it++)
112
if(it->find_first_of(BADCHARS)!=stmiss // what the f..., XSS attempt?
113
|| stmiss != it->find("..") )
120
sHidParms << "<input type=\"hidden\" name=\"kf" << ++lfd << "\" value=\""
125
sHidParms<<"Deleting " << *it<<"<br>\n";
126
::unlink((acfg::cacheDirSlash+*it).c_str());
127
::unlink((acfg::cacheDirSlash+*it+".head").c_str());
131
StrSubst(contents, "$COUNT", ltos(files.size()));
132
StrSubst(contents, "$STUFF", sHidParms);
136
StrSubst(contents, "$VISACTION", "visible");
137
StrSubst(contents, "$VISQUESTION", "hidden");
141
StrSubst(contents, "$VISACTION", "hidden");
142
StrSubst(contents, "$VISQUESTION", "visible");