Relintai/pandemonium_engine
1
0
Fork 0
mirror of https://github.com/Relintai/pandemonium_engine.git synced 2025-04-14 23:58:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added new wwwroot_get_simplified_abs_path() helper to FileCache. Also improved the other path helper methods.

Browse Source
This commit is contained in:
Relintai 2024-03-10 08:21:24 +01:00
parent b96205f05f
commit 6addb02bbb
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
modules/web/file_cache.cpp
View File

@ -69,6 +69,13 @@ bool FileCache::wwwroot_has_file(const String &file_path) {
String fp = _wwwroot_abs + file_path; String fp = _wwwroot_abs + file_path;
fp = fp.simplify_path();
// Don't allow going outside wwwroot
if (!fp.begins_with(_wwwroot_abs)) {
return false;
}
if (!FileAccess::exists(fp)) { if (!FileAccess::exists(fp)) {
return false; return false;
} }
@ -92,7 +99,7 @@ bool FileCache::wwwroot_has_file(const String &file_path) {
String absp = f->get_path_absolute(); String absp = f->get_path_absolute();
memdelete(f); memdelete(f);
//likely a directory walking attempt. e.g. ../../../../../etc/passwd // likely a directory walking attempt. e.g. ../../../../../etc/passwd
if (!absp.begins_with(_wwwroot_abs)) { if (!absp.begins_with(_wwwroot_abs)) {
return false; return false;
} }
@ -107,6 +114,13 @@ String FileCache::wwwroot_get_file_abspath(const String &file_path) {
String fp = _wwwroot_abs + file_path; String fp = _wwwroot_abs + file_path;
fp = fp.simplify_path();
// Don't allow going outside wwwroot
if (!fp.begins_with(_wwwroot_abs)) {
return String();
}
if (!FileAccess::exists(fp)) { if (!FileAccess::exists(fp)) {
return String(); return String();
} }
@ -138,6 +152,19 @@ String FileCache::wwwroot_get_file_abspath(const String &file_path) {
return absp; return absp;
} }
String FileCache::wwwroot_get_simplified_abs_path(const String &file_path) {
String fp = _wwwroot_abs + file_path;
fp = fp.simplify_path();
// Don't allow going outside wwwroot
if (!fp.begins_with(_wwwroot_abs)) {
return String();
}
return fp;
}
bool FileCache::get_cached_body(const String &path, String *body) { bool FileCache::get_cached_body(const String &path, String *body) {
//TODO ERROR MACRO body == null //TODO ERROR MACRO body == null
@ -264,6 +291,8 @@ void FileCache::_bind_methods() {
ClassDB::bind_method(D_METHOD("wwwroot_has_file", "file_path"), &FileCache::wwwroot_has_file); ClassDB::bind_method(D_METHOD("wwwroot_has_file", "file_path"), &FileCache::wwwroot_has_file);
ClassDB::bind_method(D_METHOD("wwwroot_get_file_abspath", "file_path"), &FileCache::wwwroot_get_file_abspath); ClassDB::bind_method(D_METHOD("wwwroot_get_file_abspath", "file_path"), &FileCache::wwwroot_get_file_abspath);
ClassDB::bind_method(D_METHOD("wwwroot_get_simplified_abs_path", "file_path"), &FileCache::wwwroot_get_simplified_abs_path);
ClassDB::bind_method(D_METHOD("get_cached_body", "path"), &FileCache::get_cached_body_bind); ClassDB::bind_method(D_METHOD("get_cached_body", "path"), &FileCache::get_cached_body_bind);
ClassDB::bind_method(D_METHOD("has_cached_body", "path"), &FileCache::has_cached_body); ClassDB::bind_method(D_METHOD("has_cached_body", "path"), &FileCache::has_cached_body);
ClassDB::bind_method(D_METHOD("set_cached_body", "path", "body"), &FileCache::set_cached_body); ClassDB::bind_method(D_METHOD("set_cached_body", "path", "body"), &FileCache::set_cached_body);

2
modules/web/file_cache.h
View File

@ -57,6 +57,8 @@ public:
//e.g. http://127.0.0.1/a/b/d.jpg -> /a/b/d.jpg //e.g. http://127.0.0.1/a/b/d.jpg -> /a/b/d.jpg
bool wwwroot_has_file(const String &file_path); bool wwwroot_has_file(const String &file_path);
String wwwroot_get_file_abspath(const String &file_path); String wwwroot_get_file_abspath(const String &file_path);
String wwwroot_get_simplified_abs_path(const String &file_path);
bool get_cached_body(const String &path, String *body); bool get_cached_body(const String &path, String *body);
bool has_cached_body(const String &path); bool has_cached_body(const String &path);