aboutsummaryrefslogtreecommitdiff
path: root/mod/mod-submit.cxx
diff options
context:
space:
mode:
Diffstat (limited to 'mod/mod-submit.cxx')
-rw-r--r--mod/mod-submit.cxx53
1 files changed, 23 insertions, 30 deletions
diff --git a/mod/mod-submit.cxx b/mod/mod-submit.cxx
index 3130823..5ee358a 100644
--- a/mod/mod-submit.cxx
+++ b/mod/mod-submit.cxx
@@ -1,25 +1,25 @@
// file : mod/mod-submit.cxx -*- C++ -*-
-// copyright : Copyright (c) 2014-2019 Code Synthesis Ltd
// license : MIT; see accompanying LICENSE file
#include <mod/mod-submit.hxx>
#include <ostream>
-#include <libbutl/sha256.mxx>
-#include <libbutl/sendmail.mxx>
-#include <libbutl/fdstream.mxx>
-#include <libbutl/timestamp.mxx>
-#include <libbutl/filesystem.mxx>
-#include <libbutl/process-io.mxx> // operator<<(ostream, process_args)
-#include <libbutl/manifest-types.mxx>
-#include <libbutl/manifest-serializer.mxx>
+#include <libbutl/sha256.hxx>
+#include <libbutl/sendmail.hxx>
+#include <libbutl/fdstream.hxx>
+#include <libbutl/timestamp.hxx>
+#include <libbutl/filesystem.hxx>
+#include <libbutl/process-io.hxx> // operator<<(ostream, process_args)
+#include <libbutl/manifest-types.hxx>
+#include <libbutl/manifest-serializer.hxx>
-#include <web/xhtml.hxx>
-#include <web/module.hxx>
+#include <web/server/module.hxx>
+
+#include <web/xhtml/serialization.hxx>
#include <mod/page.hxx>
-#include <mod/options.hxx>
+#include <mod/module-options.hxx>
#include <mod/external-handler.hxx>
using namespace std;
@@ -163,7 +163,7 @@ handle (request& rq, response& rs)
if (!options_->submit_data_specified ())
return respond_manifest (404, "submission disabled");
- // Parse the request form data and verifying the submission size limit.
+ // Parse the request form data and verify the submission size limit.
//
// Note that if it is exceeded, then there are parameters and this is the
// submission rather than the form request, and so we respond with the
@@ -254,24 +254,17 @@ handle (request& rq, response& rs)
return respond_manifest (400, "invalid package archive checksum");
// Verify that unknown parameter values satisfy the requirements (contain
- // only ASCII printable characters plus '\r', '\n', and '\t').
+ // only UTF-8 encoded graphic characters plus '\t', '\r', and '\n').
//
// Actually, the expected ones must satisfy too, so check them as well.
//
- auto printable = [] (const string& s) -> bool
- {
- for (char c: s)
- {
- if (!((c >= 0x20 && c <= 0x7E) || c == '\n' || c == '\r' || c == '\t'))
- return false;
- }
- return true;
- };
-
+ string what;
for (const name_value& nv: rps)
{
- if (nv.value && !printable (*nv.value))
- return respond_manifest (400, "invalid parameter " + nv.name);
+ if (nv.value &&
+ !utf8 (*nv.value, what, codepoint_types::graphic, U"\n\r\t"))
+ return respond_manifest (400,
+ "invalid parameter " + nv.name + ": " + what);
}
// Note that from now on the result manifest we respond with will contain
@@ -299,8 +292,8 @@ handle (request& rq, response& rs)
// However, using the abbreviated checksum can be helpful for
// troubleshooting.
//
- td = dir_path (options_->submit_temp () /
- dir_path (path::traits_type::temp_name (ref)));
+ td = options_->submit_temp () /
+ dir_path (path::traits_type::temp_name (ref));
// It's highly unlikely but still possible that the temporary directory
// already exists. This can only happen due to the unclean web server
@@ -560,7 +553,7 @@ handle (request& rq, response& rs)
// Run the submission handler, if specified, reading the result manifest
// from its stdout and caching it as a name/value pair list for later use
- // (forwarding to the client, sending via email, etc.). Otherwise, create
+ // (forwarding to the client, sending via email, etc). Otherwise, create
// implied result manifest.
//
status_code sc;
@@ -690,7 +683,7 @@ handle (request& rq, response& rs)
sendmail sm (print_args,
2 /* stderr */,
options_->email (),
- "new package submission " + a.string () + " (" + ref + ")",
+ "new package submission " + a.string () + " (" + ref + ')',
{options_->submit_email ()});
// Write the submission request manifest.