X-Git-Url: http://jsfdemo.indexdata.com/?a=blobdiff_plain;f=src%2Fyaz-proxy.cpp;h=6170a1e28238907fab97554e70a33cbe64eaf6e1;hb=2c1361022c99ef0dccedad47cfe6e6bbd0a0a5ee;hp=1c655b5990e00dea2a1a1031734125745d2af31e;hpb=6f58e1b51d53b499a62bce1f4799f35c5ee9bba5;p=yazproxy-moved-to-github.git diff --git a/src/yaz-proxy.cpp b/src/yaz-proxy.cpp index 1c655b5..6170a1e 100644 --- a/src/yaz-proxy.cpp +++ b/src/yaz-proxy.cpp @@ -1,4 +1,4 @@ -/* $Id: yaz-proxy.cpp,v 1.17 2005-01-11 20:58:04 adam Exp $ +/* $Id: yaz-proxy.cpp,v 1.19 2005-02-07 13:29:38 adam Exp $ Copyright (c) 1998-2005, Index Data. This file is part of the yaz-proxy. @@ -19,6 +19,11 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#ifdef WIN32 +#define HAVE_SYS_STAT_H 1 +#define HAVE_SYS_TYPES_H 1 +#endif + #if HAVE_UNISTD_H #include #endif @@ -1889,32 +1894,41 @@ void Yaz_Proxy::srw_get_client(const char *db, const char **backend_db) int Yaz_Proxy::file_access(Z_HTTP_Request *hreq) { + struct stat sbuf; yaz_log(YLOG_LOG, "file_access"); if (strcmp(hreq->method, "GET")) return 0; - struct stat sbuf; if (hreq->path[0] != '/') { - yaz_log(YLOG_WARN, "Path != /"); + yaz_log(YLOG_WARN, "Bad path: %s", hreq->path); return 0; } const char *cp = hreq->path; while (*cp) { if (*cp == '/' && strchr("/.", cp[1])) + { + yaz_log(YLOG_WARN, "Bad path: %s", hreq->path); return 0; + } cp++; } const char *fname = hreq->path+1; if (stat(fname, &sbuf)) { - yaz_log(YLOG_WARN, "stat %s failed", fname); + yaz_log(YLOG_WARN|YLOG_ERRNO, "%s: stat failed", fname); return 0; } if ((sbuf.st_mode & S_IFMT) != S_IFREG) + { + yaz_log(YLOG_WARN, "%s: not a regular file", fname); return 0; + } if (sbuf.st_size > (off_t) 1000000) + { + yaz_log(YLOG_WARN, "%s: too large for transfer", fname); return 0; + } ODR o = odr_encode(); Yaz_ProxyConfig *cfg = check_reconfigure();