From 19c3c55e8120312c41fd008da799a7e47f53a5bb Mon Sep 17 00:00:00 2001
From: ulrich
Date: Sat, 26 Oct 2024 12:08:49 +0000
Subject: [PATCH] fixFileName hinzugefuegt
---
src/de/uhilger/neon/FileServer.java | 15 +++----
src/de/uhilger/neon/HttpHelper.java | 56 +++++++--------------------
2 files changed, 22 insertions(+), 49 deletions(-)
diff --git a/src/de/uhilger/neon/FileServer.java b/src/de/uhilger/neon/FileServer.java
index cfb8ce6..b768961 100644
--- a/src/de/uhilger/neon/FileServer.java
+++ b/src/de/uhilger/neon/FileServer.java
@@ -55,11 +55,9 @@
public static final String STR_EMPTY = "";
public void serveFile(HttpExchange exchange) throws IOException {
- String fName = new HttpHelper().getFileName(exchange);
- if (fName.startsWith(".")) {
- HttpResponder fs = new HttpResponder();
- fs.sendNotFound(exchange, fName);
- } else {
+ String fName = exchange.getRequestURI().getPath();
+ try {
+ fName = new HttpHelper().getFileName(exchange);
File fileToDeliver = new File((String) exchange
.getHttpContext().getAttributes()
.getOrDefault(ATTR_FILE_BASE, STR_EMPTY), fName);
@@ -68,7 +66,6 @@
new PartialFileServer().serveFileParts(exchange, fileToDeliver);
} else {
if (fName.length() < 1 || fName.endsWith(STR_SLASH)) {
- //HttpHelper helper = new HttpHelper();
File welcomeFile = tryWelcomeFiles(exchange, fName);
if(welcomeFile != null) {
fileToDeliver = welcomeFile;
@@ -76,9 +73,11 @@
}
new HttpResponder().serveFile(exchange, fileToDeliver);
}
- }
+ } catch(IllegalArgumentException ex) {
+ new HttpResponder().sendNotFound(exchange, fName);
+ }
}
-
+
public File tryWelcomeFiles(HttpExchange e, String fName) {
boolean notFound = true;
File file = null;
diff --git a/src/de/uhilger/neon/HttpHelper.java b/src/de/uhilger/neon/HttpHelper.java
index bedb90e..f76cfa2 100644
--- a/src/de/uhilger/neon/HttpHelper.java
+++ b/src/de/uhilger/neon/HttpHelper.java
@@ -55,11 +55,23 @@
* @param e das Objekt mit Methoden zur Untersuchung der Anfrage sowie zum
* Anfertigen und Senden der Antwort
* @return Name der gewünschten Datei
+ * @throws IllegalArgumentException wenn der Dateiname ungueltige Zeichen
+ * enthaelt, z.B. ../
*/
- public String getFileName(HttpExchange e) {
+ public String getFileName(HttpExchange e) throws IllegalArgumentException {
String ctxPath = e.getHttpContext().getPath();
String uriPath = e.getRequestURI().getPath();
- return uriPath.substring(ctxPath.length());
+ return fixFileName(uriPath.substring(ctxPath.length()));
+ }
+
+ public String fixFileName(String fileName) throws IllegalArgumentException {
+ if (fileName == null
+ || fileName.contains("..")
+ || fileName.contains("/")
+ || fileName.contains("\\")) {
+ throw new IllegalArgumentException("Invalid file name");
+ }
+ return fileName;
}
public String bodyLesen(HttpExchange exchange) throws IOException {
@@ -73,15 +85,6 @@
}
return sb.toString();
}
-
- /*public String getAttrStr(Map attributes, String key, String defaultValue) {
- Object value = attributes.get(key);
- if(value instanceof String) {
- return value.toString();
- } else {
- return defaultValue;
- }
- } */
public Map<String, String> getQueryMap(HttpExchange exchange) {
if(exchange.getRequestMethod().equalsIgnoreCase("GET")) {
@@ -115,40 +118,11 @@
}
}
- /*public String getRouteString(HttpExchange exchange) {
- return exchange.getRequestURI().getPath()
- .substring(exchange.getHttpContext().getPath().length());
- }*/
-
public String getRouteString(HttpExchange exchange) {
return getFileName(exchange);
}
public List<String> getRouteList(String routeString) {
return Arrays.asList(routeString.split("/"));
- }
-
- /*
- public File tryWelcomeFiles(HttpExchange e, String fName) {
- boolean notFound = true;
- File file = null;
- String fileBase = e.getHttpContext().getAttributes().get(FileHandler.ATTR_FILE_BASE).toString();
- Object welcomeFiles = e.getHttpContext().getAttributes().get(FileHandler.ATTR_WELCOME_FILES);
- if(welcomeFiles instanceof String) {
- String[] fileNames = welcomeFiles.toString().split(FileHandler.STR_COMMA);
- int i = -1;
- while(notFound && ++i < fileNames.length) {
- file = new File(fileBase, fName + fileNames[i]);
- if(file.exists()) {
- notFound = false;
- }
- }
- }
- if(notFound) {
- file = new File(fileBase, fName + FileHandler.WELCOME_FILE);
- }
- return file;
- }
- */
-
+ }
}
--
Gitblit v1.9.3