1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<%pre>
#include <setup.h>
#include <filecache.h>
#include <tntfeatures.h>
using namespace vdrlive;
</%pre>
<%session scope="global">
bool logged_in(false);
</%session>
<%cpp>
std::string mime("image/png");
if (request.getArgsCount() > 0) {
#if TNT_MAPURL_NAMED_ARGS
mime = request.getArg("mime-type");
#else
mime = request.getArg(0);
#endif
// dsyslog("vdrlive::content found mime arg (%s)", mime.c_str());
}
reply.setContentType(mime);
// dsyslog("vdrlive::content::mimetype(%s)", mime.c_str());
std::string const path(request.getPathInfo());
// dsyslog("vdrlive::content: path = %s", path.c_str());
// security checking of path. In order to not allow exploits the
// path must be absolute and not contain any upward references (e.g '../')
if (path.empty()) {
return HTTP_BAD_REQUEST;
}
if ('/' != path[0]) {
return HTTP_BAD_REQUEST;
}
if (std::string::npos != path.find("../", 1)) {
return HTTP_BAD_REQUEST;
}
FileCache::ptr_type f = LiveFileCache().get(path);
if (f.get() == 0) {
// dsyslog("vdrlive::content: DECLINED");
return DECLINED;
}
std::string ctime = tnt::HttpMessage::htdate(f->ctime());
std::string browserTime = request.getHeader(tnt::httpheader::ifModifiedSince);
if (browserTime == ctime) {
// dsyslog("vdrlive::content: HTTP_NOT_MODIFIED");
return HTTP_NOT_MODIFIED;
}
// dsyslog("vdrlive::content: send %d bytes of data", f->size());
reply.setHeader(tnt::httpheader::lastModified, ctime);
reply.out().write(f->data(), f->size());
</%cpp>
|
