From f74148f1572a4585ea8787f55115d6fe31608a79 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Wed, 29 Jul 2015 13:39:58 +0200 Subject: [PATCH] Fix HTTP handlers refs #9768 --- lib/remote/configfileshandler.cpp | 6 +++--- lib/remote/configmoduleshandler.cpp | 4 ++-- lib/remote/configstageshandler.cpp | 10 +++++----- lib/remote/filterutility.cpp | 8 ++++++-- lib/remote/httputility.cpp | 13 +++++++++++++ lib/remote/httputility.hpp | 1 + 6 files changed, 30 insertions(+), 12 deletions(-) diff --git a/lib/remote/configfileshandler.cpp b/lib/remote/configfileshandler.cpp index 5d11cd090..fb59c4b3b 100644 --- a/lib/remote/configfileshandler.cpp +++ b/lib/remote/configfileshandler.cpp @@ -55,15 +55,15 @@ void ConfigFilesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& reques params->Set("path", boost::algorithm::join(tmpPath, "/")); } - String moduleName = params->Get("module"); - String stageName = params->Get("stage"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); + String stageName = HttpUtility::GetLastParameter(params, "stage"); if (!ConfigModuleUtility::ValidateName(moduleName) || !ConfigModuleUtility::ValidateName(stageName)) { response.SetStatus(403, "Forbidden"); return; } - String relativePath = params->Get("path"); + String relativePath = HttpUtility::GetLastParameter(params, "path"); if (ConfigModuleUtility::ContainsDotDot(relativePath)) { response.SetStatus(403, "Forbidden"); diff --git a/lib/remote/configmoduleshandler.cpp b/lib/remote/configmoduleshandler.cpp index 738f84f85..ef8b9491c 100644 --- a/lib/remote/configmoduleshandler.cpp +++ b/lib/remote/configmoduleshandler.cpp @@ -71,7 +71,7 @@ void ConfigModulesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& req if (request.RequestUrl->GetPath().size() >= 4) params->Set("module", request.RequestUrl->GetPath()[3]); - String moduleName = params->Get("module"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); if (!ConfigModuleUtility::ValidateName(moduleName)) { response.SetStatus(403, "Forbidden"); @@ -111,7 +111,7 @@ void ConfigModulesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest& r if (request.RequestUrl->GetPath().size() >= 4) params->Set("module", request.RequestUrl->GetPath()[3]); - String moduleName = params->Get("module"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); if (!ConfigModuleUtility::ValidateName(moduleName)) { response.SetStatus(403, "Forbidden"); diff --git a/lib/remote/configstageshandler.cpp b/lib/remote/configstageshandler.cpp index ca7d26039..3d42271dc 100644 --- a/lib/remote/configstageshandler.cpp +++ b/lib/remote/configstageshandler.cpp @@ -55,8 +55,8 @@ void ConfigStagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& reque if (request.RequestUrl->GetPath().size() >= 5) params->Set("stage", request.RequestUrl->GetPath()[4]); - String moduleName = params->Get("module"); - String stageName = params->Get("stage"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); + String stageName = HttpUtility::GetLastParameter(params, "stage"); if (!ConfigModuleUtility::ValidateName(moduleName) || !ConfigModuleUtility::ValidateName(stageName)) { response.SetStatus(403, "Forbidden"); @@ -91,7 +91,7 @@ void ConfigStagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& requ if (request.RequestUrl->GetPath().size() >= 4) params->Set("module", request.RequestUrl->GetPath()[3]); - String moduleName = params->Get("module"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); if (!ConfigModuleUtility::ValidateName(moduleName)) { response.SetStatus(403, "Forbidden"); @@ -144,8 +144,8 @@ void ConfigStagesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest& re if (request.RequestUrl->GetPath().size() >= 5) params->Set("stage", request.RequestUrl->GetPath()[4]); - String moduleName = params->Get("module"); - String stageName = params->Get("stage"); + String moduleName = HttpUtility::GetLastParameter(params, "module"); + String stageName = HttpUtility::GetLastParameter(params, "stage"); if (!ConfigModuleUtility::ValidateName(moduleName) || !ConfigModuleUtility::ValidateName(stageName)) { response.SetStatus(403, "Forbidden"); diff --git a/lib/remote/filterutility.cpp b/lib/remote/filterutility.cpp index 5da79384b..26d893cfb 100644 --- a/lib/remote/filterutility.cpp +++ b/lib/remote/filterutility.cpp @@ -18,10 +18,12 @@ ******************************************************************************/ #include "remote/filterutility.hpp" +#include "remote/httputility.hpp" #include "config/configcompiler.hpp" #include "config/expression.hpp" #include "base/json.hpp" #include "base/dynamictype.hpp" +#include "base/logger.hpp" #include #include @@ -99,8 +101,10 @@ std::vector FilterUtility::GetFilterTargets(const QueryDescr if (!query->Contains("type")) BOOST_THROW_EXCEPTION(std::invalid_argument("Type must be specified when using a filter.")); - String filter = query->Get("filter"); - String type = query->Get("type"); + String filter = HttpUtility::GetLastParameter(query, "filter"); + String type = HttpUtility::GetLastParameter(query, "type"); + + Log(LogInformation, "FilterUtility", filter); Type::Ptr utype = Type::GetByName(type); diff --git a/lib/remote/httputility.cpp b/lib/remote/httputility.cpp index a0f0d5f26..fd9b33fca 100644 --- a/lib/remote/httputility.cpp +++ b/lib/remote/httputility.cpp @@ -56,4 +56,17 @@ void HttpUtility::SendJsonBody(HttpResponse& response, const Value& val) response.WriteBody(body.CStr(), body.GetLength()); } +String HttpUtility::GetLastParameter(const Dictionary::Ptr& params, const String& key) +{ + Value varr = params->Get(key); + if (!varr.IsObjectType()) + return varr; + + Array::Ptr arr = varr; + + if (arr->GetLength() == 0) + return String(); + else + return arr->Get(arr->GetLength() - 1); +} diff --git a/lib/remote/httputility.hpp b/lib/remote/httputility.hpp index 48f27368a..7553642e5 100644 --- a/lib/remote/httputility.hpp +++ b/lib/remote/httputility.hpp @@ -38,6 +38,7 @@ class I2_REMOTE_API HttpUtility public: static Dictionary::Ptr FetchRequestParameters(HttpRequest& request); static void SendJsonBody(HttpResponse& response, const Value& val); + static String GetLastParameter(const Dictionary::Ptr& params, const String& key); }; }